Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

aDVll

Quote from: Ozone on September 10, 2017, 06:54:52 PM
Quote from: fixer on September 10, 2017, 02:33:11 PM
It's possible to change environment variables, it's described here https://forum.rehips.com/index.php?topic=2032.msg16131#msg16131 I think locale settings are also stored in ReHIPS user registry hive and can be changed the similar way. The only problem is to find their registry location. Google says it's Control Panel\International and Control Panel\International\Geo, but I didn't check them.

I can't try it now, but I will test it when I get more time.

Quote from: fixer on September 10, 2017, 02:33:11 PM
Are you sure this was the only change and it solved the issue? This is supposed to be a wildcard, and wildcards were tested. That'd be weird if wildcards are the issue.

I don't know why but ReHIPS detect Office 2007 normally.
btw this path for 2007 "C:\Program Files (x86)\Microsoft Office\Office12" and for 2016 (365) "C:\Program Files (x86)\Microsoft Office\root\Office16"
It should be changed to root\Office1?\EXCEL.EXE and it will work. Basically you have to add root\ in front of all path for office 365. This is what i am doing and i think fixer fixed the rules for the new release to reflect that.

fixer


Ozone

Quote from: fixer on September 11, 2017, 02:01:38 PM
Yup, this root Office path should already be fixed.

great, can't wait for next version :)

btw could you add in Isolated Programs tab column with information in which IE are currently running isolated programs located and option to terminate all programs in selected IE.

fixer

Quote from: Ozone on September 11, 2017, 07:54:48 PM
btw could you add in Isolated Programs tab column with information in which IE are currently running isolated programs located and option to terminate all programs in selected IE.
Thank you for your suggestion, we'll add this to our TODO list.

perisanboy

#664
Add an option to let the user disable Rehips for what ever time he wants like 15 min, 1 hour, 4 hours OR until restart.
Also when you will design a self-protection for rehips?
You said  I will consider it :) I'm waiting for self-protection  :)
Another suggestion: can Rehips has this option to alert the user when he wants to install smth?and ask him do you want to disable Rehips til your install finish?so I don't have to disable it manually when I want to install smth safe :)

fixer

Changing Working Mode for some time (like Disable for 15 mins) is already in our TODO list.

We've got self-protection in our TOCONSIDER list, so this one'll take some time as we have a bunch of items in our TODO list with higher priority.

We'll try to modify our process alert and implement another button like "it's a trusted installer", so it won't ask about children of the installer process. Still thinking how to do it best, but we've got this in our TODO list.

perisanboy

Thnks for the answer it's good you already covered everything In your to do list :)

Tarnak

On occasion I have  seen a CMD box flash briefly, and I managed to see it - UsoClient.exe

Anyhow, I just got an alert for this UsoClient.exe a short time ago, which I allowed as per an extract of ReHIPS log, as follows:

18/09/2017 13:38:36 PM: Program C:\Windows\System32\UsoClient.exe with PID 1208 executing program C:\Windows\System32\conhost.exe with PID 3744 - allowed with children inspection (alert)
18/09/2017 13:38:36 PM: Program C:\Windows\System32\conhost.exe with PID 3744 execution - allowed (rule)
18/09/2017 13:38:36 PM: Program C:\Windows\System32\services.exe with PID 1052 executing program C:\Windows\System32\svchost.exe with PID 12416 - allowed (rule)
18/09/2017 13:38:36 PM: Program C:\Windows\System32\UsoClient.exe with PID 1208 terminated
18/09/2017 13:38:37 PM: Program C:\Windows\System32\conhost.exe with PID 3744 terminated
18/09/2017 13:38:37 PM: Program C:\Windows\System32\services.exe with PID 1052 executing program C:\Windows\System32\svchost.exe with PID 10600 - allowed (rule)
18/09/2017 13:38:40 PM: Program C:\Windows\System32\svchost.exe with PID 1260 executing program C:\Windows\System32\dllhost.exe with PID 10888 - allowed with children inspection (rule)
18/09/2017 13:38:40 PM: Program C:\Windows\System32\dllhost.exe with PID 10888 execution - allowed (rule)
18/09/2017 13:38:45 PM: Program C:\Windows\System32\dllhost.exe with PID 10888 terminated
18/09/2017 13:38:51 PM: Program C:\Windows\System32\svchost.exe with PID 1260 executing program C:\Windows\System32\dllhost.exe with PID 1512 - allowed with children inspection (rule)
18/09/2017 13:38:51 PM: Program C:\Windows\System32\dllhost.exe with PID 1512 execution - allowed (rule)
18/09/2017 13:38:56 PM: Program C:\Windows\System32\dllhost.exe with PID 1512 terminated
18/09/2017 13:38:56 PM: Program C:\Windows\System32\svchost.exe with PID 12416 executing program C:\Windows\System32\wermgr.exe with PID 6852 - allowed with children inspection (rule)
18/09/2017 13:38:56 PM: Program C:\Windows\System32\wermgr.exe with PID 6852 execution - allowed (rule)
18/09/2017 13:38:57 PM: Program C:\Windows\System32\wermgr.exe with PID 6852 terminated
18/09/2017 13:39:37 PM: Program C:\Windows\System32\svchost.exe with PID 10600 terminated
18/09/2017 13:39:45 PM: Program C:\Windows\System32\svchost.exe with PID 1064 terminated

I hope that I did the right thing in allowing it, because there was another popup, and it looks like I have created a rule.  I don't understand why this is/was necessary, or may be I should have disallowed.   

fixer

Don't worry, UsoClient.exe is a system process and it was added in ReHIPS 2.3.0 initial database with Allow setting.

Ozone

After editing rules in setting and clicking on OK, highlighted item will remain highlighted but item above will be selected.
This is can cause problem, because I can accidentally edit something else I want to.

crasher

Quote from: Ozone on September 22, 2017, 09:31:40 PM
After editing rules in setting and clicking on OK, highlighted item will remain highlighted but item above will be selected.
This is can cause problem, because I can accidentally edit something else I want to.
Thank you for report. Will be fixed in upcoming releases.

perisanboy

We have a rule In smart mode :
Rehips can understand a Gui is modern or no and will auto allow thing if they have nice GUI.
let's say I run smth bad but it has a nice GUI like a modern GUI.
Will Rehips check my dig list to allow or block that file if the GUI was modern? or if the gui is beauty it will ignore the dig signed list?:-|

aDVll

Quote from: perisanboy on September 28, 2017, 09:49:40 PM
We have a rule In smart mode :
Rehips can understand a Gui is modern or no and will auto allow thing if they have nice GUI.
let's say I run smth bad but it has a nice GUI like a modern GUI.
Will Rehips check my dig list to allow or block that file if the GUI was modern? or if the gui is beauty it will ignore the dig signed list?:-|
What are you talking about? Rehips doesn't allow anything because it has a nice gui. No program in history of software ever allowed something because it had a nothing gui.
Rehips allows by default only programs that are in the allow list or programs that are signed by trusted vendors.

perisanboy

Quote from: aDVll on September 28, 2017, 09:54:43 PM
Quote from: perisanboy on September 28, 2017, 09:49:40 PM
We have a rule In smart mode :
Rehips can understand a Gui is modern or no and will auto allow thing if they have nice GUI.
let's say I run smth bad but it has a nice GUI like a modern GUI.
Will Rehips check my dig list to allow or block that file if the GUI was modern? or if the gui is beauty it will ignore the dig signed list?:-|
What are you talking about? Rehips doesn't allow anything because it has a nice gui. No program in history of software ever allowed something because it had a nothing gui.
Rehips allows by default only programs that are in the allow list or programs that are signed by trusted vendors.
HAHAHA, xdddd
i just saw smth like this in rehips gui i though it will allow smth if it has nice gui:D

aDVll

Quote from: perisanboy on September 28, 2017, 10:01:56 PM
Quote from: aDVll on September 28, 2017, 09:54:43 PM
Quote from: perisanboy on September 28, 2017, 09:49:40 PM
We have a rule In smart mode :
Rehips can understand a Gui is modern or no and will auto allow thing if they have nice GUI.
let's say I run smth bad but it has a nice GUI like a modern GUI.
Will Rehips check my dig list to allow or block that file if the GUI was modern? or if the gui is beauty it will ignore the dig signed list?:-|
What are you talking about? Rehips doesn't allow anything because it has a nice gui. No program in history of software ever allowed something because it had a nothing gui.
Rehips allows by default only programs that are in the allow list or programs that are signed by trusted vendors.
HAHAHA, xdddd
i just saw smth like this in rehips gui i though it will allow smth if it has nice gui:D
I think it means appcontainer applications but for sure it doesn't auto allow if you have a nice gui.