Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

HJLBX

HIPS = blocks execution of files on both real user and ReHIPSUser profiles (1st layer of protection)

Individual program Isolated Environments protect against (2nd layer of protection; deny-only & inheritance):

Exploit application poisoning (via containment)
Access to real user profile(s)
Access to another ReHIPSUser profile
Access to other partitions\drives
Unwanted inter-program communications
Compromised ReHIPSUser profile is deletable

HJLBX

ReHIPS isolated environment seems - to me - to be similar in a lot of ways to modern UI apps run in their own AppContainers.

I know ReHIPS does not use AppContainer, but the general concepts seem the same.

fixer

Quote from: HJLBX on May 04, 2016, 03:23:32 AM
ReHIPS isolated environment seems - to me - to be similar in a lot of ways to modern UI apps run in their own AppContainers.
I know ReHIPS does not use AppContainer, but the general concepts seem the same.
Yes, something like it. The system is also protected from AppContainers and they're protected from each other. But they're more secured by the cost of usability as they have to explicitly declare all the locations they need access to, so AppContainer software has to be coded to support this, you can't easily put any random program in AppContainer. As AppContainers are already secured, ReHIPS detects it and doesn't allow to isolate them.

fixer

Quote from: aDVll on April 14, 2016, 04:09:33 PM
Also i saw you have rules for adobe reader but not for Adobe Acrobat which i use(so PDF folder was not created). Might want to add those if you have the time.
Adobe Acrobat was added to the initial rules pack.

HJLBX

Are there any OS tweaks that you can think of that would mess with ReHIPS ?

The only thing I can think of is tampering with folder\file system permissions - and in that case it could mess up Windows itself and thereby ReHIPS.

In other words, any dependencies with services, permissions, etc shipped with Windows that shouldn't be messed with ?

fixer

ReHIPS depends on some services like BFE for network access filtering. But it does so in a nice and documented way. Besides several standard services depend on it. Tampering with folder/file/registry system permissions shouldn't affect ReHIPS as it honors lack of access rights when changing permissions. It may mess the security up, but I wouldn't consider it a ReHIPS issue. Some other things that may mess with ReHIPS... hard to say. Service relies on some privileges, revoking them may make some things harder causing some errors, but it'll also affect all services including standard ones. Maybe some software that restricts new users creation. But I don't know why would I need such a software. So at the moment I can't think of some tweaks that would seriously mess with ReHIPS and wouldn't affect any other standard application/service as it was coded with minimal assumptions about environment avoiding any hardcodes.

HJLBX

Quote from: fixer on May 12, 2016, 01:05:13 AM
ReHIPS depends on some services like BFE for network access filtering. But it does so in a nice and documented way. Besides several standard services depend on it. Tampering with folder/file/registry system permissions shouldn't affect ReHIPS as it honors lack of access rights when changing permissions. It may mess the security up, but I wouldn't consider it a ReHIPS issue. Some other things that may mess with ReHIPS... hard to say. Service relies on some privileges, revoking them may make some things harder causing some errors, but it'll also affect all services including standard ones. Maybe some software that restricts new users creation. But I don't know why would I need such a software. So at the moment I can't think of some tweaks that would seriously mess with ReHIPS and wouldn't affect any other standard application/service as it was coded with minimal assumptions about environment avoiding any hardcodes.

I generally disable all unneeded services - quite a lot like Retail Demo Mode, etc, uninstall most Windows Apps, disable all unneeded networking functionality - PnP, IPv6, IGMP, SMB 1.0, unnecessary firewall rules, etc - all that sort of rubbish.

All essential core Windows stuff I leave "As Is."

It should be OK... thanks fixer.

XhenEd

I apologize if this has been asked or answered before. If I open Chrome, then open tabs, an information would come up saying that the number of allowed protected programs for the demo has reached.

Indeed, in the Isolated Programs, chrome.exe filled all the spots.

aDVll

Quote from: XhenEd on May 22, 2016, 04:05:29 PM
I apologize if this has been asked or answered before. If I open Chrome, then open tabs, an information would come up saying that the number of allowed protected programs for the demo has reached.

Indeed, in the Isolated Programs, chrome.exe filled all the spots.
The free program has a limit of 10 programs if i am not mistaken. Chrome launches a new process per tab/extension so it might be that. So for now until the program is out to buy you might want to either use Firefox or have no extensions and less tabs to be below the limit.


XhenEd

While in isolated mode, laptop's own mouse cannot make any shortcuts like two-finger scroll, two-finger click, etc.
How do I configure that?
Again, I apologize if this has been asked or answered before. :)

aDVll

Quote from: XhenEd on May 22, 2016, 06:10:29 PM
While in isolated mode, laptop's own mouse cannot make any shortcuts like two-finger scroll, two-finger click, etc.
How do I configure that?
Again, I apologize if this has been asked or answered before. :)
You should take the program out of isolation mode and use learning mode for a while after install so all your programs get proper permissions but anw do you get a blocked msg or something when you do the two finger scroll? Go check logs when it happens.
To access them go in gui and click on advanced mode and you will see a blue tab above called log.

XhenEd

There are no blocking messages or popups when I do those gestures. There are also no errors in the logs. I can see only allowed events.

aDVll

Quote from: XhenEd on May 22, 2016, 06:26:19 PM
There are no blocking messages or popups when I do those gestures. There are also no errors in the logs. I can see only allowed events.
Did you try learning mode? If yes and with no result devs will need more info on how to reproduce the issue.
For example what program is responsible for  two-finger scroll, two-finger click and with what settings did you allow it. I know that on dell laptops it's DellTpad and on Asus it's Asus smart gesture and if you allow it you can do them. I just tested.

XhenEd

I already tried Learning mode, but the gestures still wouldn't work.
Okay, I will provide details.

Edit:
I have Alps Pointing Device.
Specific laptop model is HP Pavilion 14-v241tx.

Also, to be more transparent, I run many security programs. :D
These are: ZAM Premium, HMP.A, AppGuard, ESS 9, and CryptoPrevent. You can also count Rollback RX 10 Professional. :D
Of course, I did the standard exclusion of ReHIPS.