Blocked apps should be easier to see and manage

Started by bootguardian, February 02, 2018, 09:32:51 PM

Previous topic - Next topic

bootguardian

I'm a new user of ReHIPS, and I like it quite a bit so far, but I see at least one major pain point in terms of UX so far: managing blocked apps.

I think it takes too many clicks to get to blocked apps/files. They should be somewhere on the main screen with a link to the page that manages them, or something. Comodo Firewall does something like this, where it shows you how many apps it blocked and then gives you a link to the page managing them. However, even Comodo's interface could be improved. For instance, ReHIPS takes half the screen to show the disabling of camera and microphone. Is that really necessary? Maybe show a list of blocked apps or something there.

I think this is a problem because some people may not even notice when an app was blocked or which one was blocked, and so on, especially if the app was in lock-down mode. So there needs to be a very easy at-a-glance interface to check them out.

One other problem I've just had right now, is that I had ReHIPS in Learning mode, and then I tried to encrypt using Bitlocker. But ReHIPS blocked it - is that intended? Like it's a feature against ransomware? If it is, then fair enough, but would think it still shouldn't happen in the learning mode.

However, I have a second problem, too - although the blocking appears in the log, it doesn't appear in the blocked apps section. In other words, I can't unblock it right now, and Bitlocker encryption also disappeared from the right-click context menu. So how do I fix that now?

fixer

Thank you for your feedback.

I guess the problem you experienced is not quite with blocked apps. There are several layers of checks that take place when some process is started. They're described in detail in this blogpost https://forum.rehips.com/index.php?topic=9609.0

Very few programs are blocked by themselves. Most of these blocking come from parenting. That's why it isn't shown in Blocked programs. When we add a new program to initial rules, we try to find out if it creates child processes. If yes, we allow it. Otherwise we block it, just in case. The problem is even with thorough testing we can't tell for sure that the program never spawns any children. So sometimes we make mistake and block something that should be allowed, it happens. Could you please show the log with the blocked process? We'll fix our rules. And you can manually allow it in your rules to fix it on your side.

BTW, Lock-Down Mode is a tricky one. It isn't recommended to use on first runs or for unexperienced users. It was mostly designed for corporate environments to create a closed environment with a whitelist of programs blocking all other.

I'm not sure bringing list of Blocked programs to the main window will help as it's not about blocked programs, but most likely it's about blocked parenting, which is a bug in initial rules and will be fixed. But adding a list of blocked events from log may be useful, we'll think about it, thanks for the hint.

bootguardian

I understand. I was able to fix it because I found one of the processes that was blocked - a Bitlocker wizard exe. I don't remember the name, and now I think I don't have those logs anymore. I also had to reboot first before I could see a Manage Bitlocker option in the right-click menu.

fixer

Could you please remember or find in logs the process that was blocked from parenting? Was it BitLockerWizardElev.exe ? So we could fix it in initial rules.
There is a system ReHIPS log, it can be opened via Log tab or in Event Log. It logs all the events there, so this blocked event should also be there.
Thank you for your time and help.