Thank you for reply.
Yes, administrator privileges are required to control ReHIPS. But from 1.2.0 it should explicitly say so, so this should be already fixed.
I don't think it is fixed as I still want to use LUA for nealy all activity.
I have to manually run ReHIPS as admin to use it in LUA and it's really inconvenient.
Please consider to make UAC prompt than warning.
Tried to reproduce this behavior on Adobe Reader 11.0.0. It was installed, Enable Protected Mode at startup was checked, Protected View was set to All files, Enable Enhanced Security was checked. Then RulesPack was executed. Adobe Reader then launched just fine. So I guess it was fixed in 1.2.0.
I couldn't verify this as I got a more serious problem.
After installing & extracting rules, I tried to launch some programs which ReHIPS monitors.
But I just get error message that 'Failed to start restricted...' or something like that.
It seems ReHIPS couldn't make any ReHIPS-User as there's no ReHIPS-User folder in C:\Users\ and Windows' event log said network connection or access right is missing.
It is likely to be some conflicts with other security program on my machine or OS configuration I made, for in default Windows image ReHIPS worked fine (sorry but I forgot to test Adobe Reader).
My setting is:
Windows7SP1 Home Premium 64 bit (Japanese Lang)
Intel Core i3 Mem 8GB
All unnecessary services & functions are disabled.
Software Restriction Policy is applied to restrict all execution outside Program Folder or Windows folder, except for Admin & some custom location (some subfolders in Program Files or Windows are restricted while some other locations are allowed).
Included file types are: A3X,ADE,ADP,BAS,BAT,CHM,CMD,COM,CPL,CRT,EML,EXE,HLP,HTA,INF,INS,ISP,ISU,JSE,MDB,MDE,MSC,MSI,
MSP,MST,OCX,PAF,PCD,PIF,PS1,REG,RGS,SCR,SCT,SHB,SHS,U3P,VB,VBE,VBS,WS,WSC,WSF,APPLICATION,GADGET
Norton Internet Security v21.5.0.19
Malwarebytes Anti-Malware Pro 2.0.2.1012
Zemana AntiLogger 1.9.3.525
KeyScrambler Personal 3.4.0.4
SecureAPlus v2.3.2 full version
EMET 5.0
Malwarebytes Anti-Exploit 1.04.1.1012
K9 Web Protection 4.4.276
Peerblock 1.2
Secunia PSI v3.0
Sorry for having such complicated machine which definitely makes hunting culprit harder,
But I'll try to investigate some more in next testing.
Yes, I understand, this feature would really be nice and helpful. But the problem is Windows grants and denies access without calling any of our code, because no hooks are used. There are several possible solutions like setting audit for some objects or using Process Monitor to determine objects of denied access. But these solutions are not very convenient.
It's good that you have some possible solutions for this even though it is inconvenient.
As restricted processes are executed on behalf of a separate ReHIPS user they don't have any access to other users' (including real user's) folders including 'Startup Location' or 'Private Folders' like Desktop. And they don't have write access to 'Vital System Files' in Windows or Program Files folders. And truth to tell I don't think this access should be granted manually. Actually practice shows that denying access to files/folders is used quite rare as most locations are already secured by default if you follow Operation features and Recommendations from documentation placing executable files in write-protected directories (in particular, Program Files) and data in user's home directory (on the desktop, in «My documents» directory, etc.). Allowing access is used sometimes to specific folders (e.g. Folder with docs for Word, these folders are created by RulesPack). So I don't see much use of adding 'Startup Location' or 'Vital System Files' to the templates, but we'll think about it.
And answering your question, some locations are allowed or blocked by default according to default Windows access control lists. Manual allowing or blocking allows or denies access only to the specified location without affecting other locations.
Okay I understood.
But it raises another problem/suggestion which I somehow missed in previous post.
Some programs, like Firefox or Chrome, save settings in user folder (%AppData%). But since ReHIPS uses another user, when I launch Firefox all personal settings and addons are lost.
Most Firefox users heavily configure their own one, so it means I can't protect Firefox with ReHIPS unless I uncheck USE_SEPARATE_DESKTOP which is, according to your documentation, quite risky.
Internet Explorer was okay, probably because its settings are stored in HKCU (though actually HKLM also affects)
Also when I try to launch a program within user folder such as desktop, I can't launch it with restricted.
In this case, ReHIPS works as if it is anti-executable (this is already explained if malwaretips forum).
But I don't need anti-exe.
As to setting issue, maybe one possible solution is to import specific setting files into ReHIPS user folder, maybe through custom setting option (and include it in default rule set).
Or specify certain program to always use certain ReHIPS User so that I can make persistent configuration for that ReHIPS user.
But I don't know whether a contents of a ReHIPS user which is no more used will be purged. (From my limited testing, it seems to be 'No'.)