How to allow Powershell specific actions?

Started by Stephen, August 02, 2019, 08:34:19 AM

Previous topic - Next topic

Stephen

I use CopyQ as my clipboard manager. It has a feature that allows the playing of a sound for every copy that I make to the clipboard. ReHIPS steps in every time with the dialog shown in the attachment. My question is if I "Allow" it will it allow everything that uses Powershell or only the particular cmd concerning CopyQ? I don't want to risk answering the prompt in a way that may not permit me to change it later!

So, in summary my question is how to allow the powershell to play the sound when using CopyQ, but also not to do anything else unless I allow it explicitly.

fixer

Take a look at Settings Duration radio-button. By default it's set to Only Once. This way your action will be applied only once. If you set it to Permanent, all Sub-Programs for powershell.exe will be Blocked or Allowed according to your choice.

If you want to allow some command lines only, there is an underlined "add to trusted" link, it'll add current command line to trusted and will be allowing it without alerts. If some part of this command line changes, you can use wildcards. Take a look at Trusted Command Lines tab in Settings, there are some predefined ones with wildcards.

Stephen

Quote from: fixer on August 02, 2019, 08:45:41 AM
If you want to allow some command lines only, there is an underlined "add to trusted" link, it'll add current command line to trusted and will be allowing it without alerts. If some part of this command line changes, you can use wildcards. Take a look at Trusted Command Lines tab in Settings, there are some predefined ones with wildcards.

Thank you fixer for the information. I saw the link and guessed what it may be for, but I didn't want to risk trying it without being sure about it.

Umbra

And if a rule is made in System, does it affect other users?  if no, i wish an "all users" option being implemented when creating a rule  ;)

fixer

SYSTEM is a special built-in privileged user, for example Services are often started from it. So the answer is no, other users aren't affected.

Currently trusted command lines and trusted users settings are system-wide, they have effect for all users. And program rules are user-wide, they can be different for different users. The best way to manage many users is to change default.rdb in RulesManager, this way these rules will be installed by default for any new user (and you can also install them for existing ones). So currently we don't have "All users" user, but maybe we'll add it, thanks for the suggestion.

Umbra

#5
Quote from: fixer on August 04, 2019, 09:36:26 AM
SYSTEM is a special built-in privileged user, for example Services are often started from it. So the answer is no, other users aren't affected.
ok thanks for the confirmation.

QuoteThe best way to manage many users is to change default.rdb in RulesManager, this way these rules will be installed by default for any new user (and you can also install them for existing ones). So currently we don't have "All users" user, but maybe we'll add it, thanks for the suggestion.
i always forgot about the RulesManager lol  but it is laborious to do  for hundreds of LOLbins...

nick

Quote from: fixer on August 02, 2019, 08:45:41 AM
Take a look at Settings Duration radio-button. By default it's set to Only Once. This way your action will be applied only once. If you set it to Permanent, all Sub-Programs for powershell.exe will be Blocked or Allowed according to your choice.

If you want to allow some command lines only, there is an underlined "add to trusted" link, it'll add current command line to trusted and will be allowing it without alerts. If some part of this command line changes, you can use wildcards. Take a look at Trusted Command Lines tab in Settings, there are some predefined ones with wildcards.

I have started testing ReHIPS today, I don't know what am I doing wrong but this is not happening:
I am at the expert mode, I have added the command line as trusted, the next time I try to rerun (it's a bat file that has the cmd.exe with that specific command line) again I have the alert window for sub programs (showing at the same time that the command line is trusted...). Why does the alert window open if it is a trusted command? If I try to give allow permanently then it stops asking but for all cases even for "untrusted" command lines

Also I tried to use wildcards in the trusted command lines list but it's not working? if for example I change the above (which verified was recognized as trusted in the warning window before) removing the part of the filename (after "\") until the file extension (".") and replace it first with * then also tried {*} but in both cases it was not recognized as trusted.....

fixer

Hello, nick. Welcome to our forum and thank you for your interest in our product.
Could you please explain more? What exactly command line you try? Post screenshot of the alert window?

nick

#8
Hello fixer thanks, I'll do my best not to ask too many questions but it will be a challenge, documentation is not that detailed.

As I see it is something totally simple: I just try to run a bat file from windows explorer. I don't seem to manage how to use the wildcard correctly(??) but if I click the exact command to become trusted, the next time it represents it as trusted but if it is trusted wasn't supposed to not have a warning window?
(on the image I upload the username is the same on both windows I just removed it because I use it as a password sometimes online)

fixer

#9
You're right, trusted command lines aren't supposed to have an alert window. Looks like it's some kind of quotation mark parsing issue, will take a look. Thank you for your report.
P.S. And don't worry about questions, that what we're here for, to answer them :)

fixer