Various questions about Rehips

[Cuslichavy]

Hello, I've been using Rehips for a few days and I'd like to learn more about its features and limitations. I've a few questions.

1. Does Rehips compromise Chrome's or any other web browser's own sandboxing? I know Sandboxie does.
2. I run my browser non isolated. Can I open links from an isolated program to my non isolated browser?
3. Every time a program updates I have to give permissions again. I'm running Rehips in expert mode. This is even worse with Chrome because every update uses a different folder. How can I make a rule to let software auto update without Rehips notifying me each time? At least for Chrome. Rules is where I struggle the most right now. I also deleted the default rules for Chrome and Firefox in the default rules database but I made a backup first.
4. Folders in C:\ReHIPS. How do I make other folders beside Default and Browser. I made a new folder and gave rwx permissions to a environment, but didn't work, the program in that folder won't even run isolated. Do I have to change permissions of the actual folder (from Windows Explorer) authorizing a Rehips user to make it work or is there a better way to do this?

Thank you in advance.

[Cuslichavy]

I'm sorry for asking too many questions, but I have a few more.

5. I want Rehips to ignore a folder and allow the execution of every program in that file path. I tried using wildcards (like C:\GoodPrograms\*) but it didn't work, Rehips still alerted me and asked me how to treat that program. Am I doing something wrong or this is not supported?

6. In Visual Studio Code when you do a search it runs another program to perform that search, or at least I learned that from Rehips when it alerted me. I did a search, the program gave two results and Rehips kind of suspended that sub program. Once I allowed it, it gave the rest of the results. Rehips was late and couldn't prevent the execution of that program, at least partially. The same happened even after I permanently blocked that program. Is this a bug?

I'm using Windows 10 1903.

[fixer]

Hello, Cuslichavy.
Thank you for your interest in our product and welcome to our forum. And don't worry about questions, we're here to answer them

1. ReHIPS doesn't disable any other program security features and doesn't try to bypass or circumvent any of them, so no it shouldn't compromise any other program security including sandboxing.

2. Do you mean you can do it technically? Or should you do it? Technically no, if a program is isolated, it can't start other programs without isolation. Should you do it? It depends. If it's something trustworthy, why not. But I prefer to treat isolated programs as potentially compromised, so nothing goes from isolation out.

3. Can you give an example of different folders after update that causes a headache? Something like different version numbers in folder name? You can use wildcards to cover folders like this.

4. C:\ReHIPS subfolders are to exhange data with isolated programs. Like you want to edit a .doc-file, you put it there and edit it with isolated Word. Here is a blogpost about it https://forum.rehips.com/index.php?topic=9487.0 So putting a program in that folder isn't supposed to start it isolated. To create other folders simply create a new folder and give isolated environment permissions to it.

5. Wildcards are covered in this blogpost https://forum.rehips.com/index.php?topic=9647.0 Most likely there are multiple level of folders and you wildcarded only one level. Either wildcard all of them or wait for the next release where ** wildcard should be supported.

6. ReHIPS suspends a starting program at a very early state where it hasn't begun executing, so most likely ReHIPS did its thing OK and these few search results you observed were taken from elsewhere, maybe from cache, maybe some internal search is also started in parallel or something like this.

[Cuslichavy]

Thank you for all the answers! Now I see what I was doing wrong.

2. My idea was to somehow redirect the http protocol handler to the actual user outside the isolated environment, but I understand if that's not possible. My other thought though is, would Chrome even run in the free Rehips version since there's the limit of 10 programs running at once? I can see in Task Manager right now there are 17 instances of Chrome running, and I have only five tabs open.

3. This is one of the exes Chrome uses to update itself "C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\setup.exe". It changes for every version. I replaced the version number with a wildcard in Rehips rules now, so it probably won't alert anymore.

4. I was using C:\ReHIPS subfolders to place programs that don't have an installer. I wish I could created an empty isolated environment and place those programs directly there, but I haven't seen that option available. What I did was I extracted a program from a zip file in C:\ReHIPS\Default, but then I thought I wanted to keep it even more isolated so I created another folder C:\ReHIPS\NewApp and moved the program there, changed the permission in Rehips to give access to C:\ReHIPS\NewApp and removed Default, changed the path of the exe in Rehips permission too then ran the program. But it wouldn't start. In Default folder it would work fine but not outside that folder. I'm sure the file paths were correct because I double checked.

5. I see. What if I create multiple rules like C:\GoodPrograms\*, C:\GoodPrograms\*\*, C:\GoodPrograms\*\*\* etc? Would that work?

6. That seems to be the case. I tried it with other files and the search didn't always trigger the other exe.

7. I'm having some performance issues, I'm not sure if that's related to Rehips, but I want to uninstall and reinstall it to test. Would I lose the rules and settings or can I export them?

[fixer]

2. If I remember correctly, each plugin uses a separate process. Empty Chrome without tabs should have like ~5 processes or something. So yeah, it's kinda possible to have it running on demo with a few tabs.

3. That's what I thought. Wildcards should solve the problem.

4. Actually it doesn't matter if a program has an installer or not. You can just start installer-free programs and ReHIPS will ask what to do with them (since it doesn't know them for the first start). And you can either create a new isolated environment or add them to an existing one. But in this case it's useful to keep in mind rule 7 from this blogpost https://forum.rehips.com/index.php?topic=11587

5. Yeah, that's possible, to create several rules like these according to the depth level you want ro cover.

7. You can uninstall ReHIPS, but keep all your Settings. When you try to uninstall it, it'll ask something like "Do you want to delete settings?" Say "No" and Settings along with ReHIPSUsers will be retained. BTW, there are some performance tests in this blogpost https://forum.rehips.com/index.php?topic=11868.0

[Cuslichavy]

Again, thank you for your time!