Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

HJLBX

Hello guys...

I have a technical question regarding a 3rd-party security soft protection inside the ReHIPS isolated environment.

For example, a user combines anti-virus XYZ with ReHIPS.  They download a known malware (that will be detected by anti-virus XYZ) to ReHIPS isolated environment, but anti-virus XYZ does not detect the malware.  Alternatively, a security soft is installed to real user with a feature that is not functional within the ReHIPS isolate environment.

Obviously, on the face of it, this is because the anti-virus product running has no access to an active ReHIPUser.  ReHIPS user is a separate profile under Windows - just like the SUA\LUA and protected Admin accounts are separate - with one set of installed software not able to cross over to the other user profile.  LOL... ReHIPS doing its job very well indeed -- but typical user doesn't see it this way.  They think ReHIPS has broken their other security softs.

Is there a better way for us beta testers to explain this matter when it comes up on other forums ?

I'd like to be able to tell new and prospective users precisely why it happens and why it is of no real concern.  I know the second part, but I need a bit more understanding to explain the first part.

I am asking this because I am highly confident that I am missing something - and that the answer is not necessarily clear-cut.

More importantly, I don't want to explain things incorrectly.  I do my best to steer questions to this forum, but some users just won't put forth the effort.  Then the mis\dis-information about ReHIPS starts and correct answers are few and far in-between.  ReHIPS is a good product and - where I can - I feel compelled to defend it by providing accurate infos.

aDVll

Quote from: HJLBX on July 24, 2016, 06:30:37 PM
Hello guys...

I have a technical question regarding a 3rd-party security soft protection inside the ReHIPS isolated environment.

For example, a user combines anti-virus XYZ.  They download a malware to ReHIPS isolated environment and anti-virus XYZ does not detect the malware.

Obviously, on the face of it, this is because the anti-virus product has no access to ReHIPUser.  LOL... ReHIPS doing its job very well indeed -- but typical user doesn't see it this way.  They think ReHIPS has broken their other security softs.

Is there a better way for us beta testers to explain this matter when it comes up on other forums ?

I'd like to be able to tell new and prospective users precisely why it happens and why it is of no real concern.  I know the second part, but I need a bit more understanding to explain the first part.
Maybe an ignorant reply by me and i must admit i don't know the area well but wouldn't the antivirus run with system permission and will be able to access everything? I don't have an antivirus running atm but pretty sure they use a service or a driver running at system level integrity to avoid any permission issues.

fixer

Default permissions to the vast majority of objects (including file system objects, like ReHIPS user profile folder) include Allow all access entry to Administrators and System. Usually AV software intercepts file access using drivers (drivers should have no problems accessing any file), then they may delegate file checking to AV service (which is usually executed with local system privileges, thus will also access ReHIPS user profile folder without problems). So I don't see any problems here.

fixer

Quote from: XhenEd on June 13, 2016, 06:09:10 PM
There was sound, but the volume couldn't be changed. I tinkered with the settings, but it wouldn't work.
I looked into this issue. It's similar to gestures issue, they rely on main desktop. So it's not ReHIPS fault and nothing can be done on our side.


harsha_mic

Hello All,

I just installed downloaded and process explorer.
I was intrigued to see that it is not able to see integrity levels of isloated programs ran by ReHIPS. See the screenshot, what i mean.

Is this expected? If so, can i make access to process explorer, to fetch integrity levels and others?

aDVll

Run process explorer as an admin. It's because it doesn't have access rights without it.

harsha_mic

aah. Thanks.
However, i am seeing explorer.exe hangs after AU update. 2 times in the past 10 mins.

1st time - Downloaded a movie through torrent (in ReHIPS env) --> Navigated to dwd folder (rehipsuser folder) and double clicked the .mp4 file --> Hang explorer.exe.
2nd time - Navigated to Downloads Folder (real user) --> Open PRocess Explorer folder --> Hang explorer.exe

Not sure if it has anything to do with ReHIPS. Just reporting..FYI

harsha_mic

Also, i think in rehips --> setting --> Programs tab --> we should have a search option, to quickly look up to a desired program.

Currently, one has to go through line by line ..

aDVll

Quote from: harsha_mic on August 10, 2016, 10:46:53 PM
Also, i think in rehips --> setting --> Programs tab --> we should have a search option, to quickly look up to a desired program.

Currently, one has to go through line by line ..
Click any program in program tab and start typing. It has search but no search box yet. They will probably add one on stable release.

harsha_mic

Quote from: aDVll on August 10, 2016, 10:50:36 PM
Click any program in program tab and start typing. It has search but no search box yet. They will probably add one on stable release.

Perfect! Thanks!!

aDVll

Quote from: harsha_mic on August 10, 2016, 10:44:37 PM
aah. Thanks.
However, i am seeing explorer.exe hangs after AU update. 2 times in the past 10 mins.

1st time - Downloaded a movie through torrent (in ReHIPS env) --> Navigated to dwd folder (rehipsuser folder) and double clicked the .mp4 file --> Hang explorer.exe.
2nd time - Navigated to Downloads Folder (real user) --> Open PRocess Explorer folder --> Hang explorer.exe

Not sure if it has anything to do with ReHIPS. Just reporting..FYI
I don't see this issue on my windows 10 AU with rehips. Maybe you upgraded and upgrade went wrong? A clean install would help you identify if it was that.

HJLBX

Windows Explorer hang is a known issue on W10; it is Windows and not ReHIPS.

The Windows Explorer hang seems to be system specific and somewhat intermittent.

HJLBX

Aren't tray icons technically shortcut (*.lnk) files in Windows ?

However, they seem a bit odd because the command lines in the shortcuts - especially the ones that point to Control Pane (ImmersiveControlPanel) - seem like "non-standard" command lines.

I am going to use Control Panel applet "Mouse" which is executed by rundll32.exe:

"C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\shell32.dll,Control_RunDLL C:\WINDOWS\System32\main.cpl

It's weird since shell32.dll doesn't know to create\load mouse.dll - it ain't in the command line...

For example, if I double-click on the touchpad\pointer device tray icon it creates a Recent mouse.lnk, the command line is:




fixer

Actually command lines in shortcuts are a bit more complicated than just ordinary program paths with arguments. Some Control Panel items can be called through hardcoded GUIDs, more on these GUIDs can be found here https://msdn.microsoft.com/en-us/library/ee330741(v=vs.85).aspx , so for example (don't remember exactly, it's just a sample) something like
::{26EE0668-A00A-44D7-9371-BEB064C98683}\8\::{17CD9488-1228-4B2F-88CE-4298E93E0966}\pageDefaultProgram
is equivalent to
control.exe /name Microsoft.DefaultPrograms /page pageDefaultProgram
for ShellExecuteEx API.