Re-HIPS and W8, 8.1 and 10 AppContainer

Started by HJLBX, February 18, 2016, 09:25:11 PM

Previous topic - Next topic

HJLBX

Does Re-HIPS utilize W8\8.1\10 AppContainer or Windows Integrity Mechanism - or both ?

fixer

Windows Integrity Mechanism is utilized but on user's action if it's chosen in isolated environment window. By default all isolated applications are run with default medium integrity level.
AppContainer feature is too restricted and it's quite non-trivial to run in AppContainer any random application that is not aware of it. So ReHIPS doesn't utilize it for isolation. But it is aware of it and doesn't isolate applications that are already AppContainer-restricted.

HJLBX

#2
Quote from: fixer on February 19, 2016, 11:46:15 AM
Windows Integrity Mechanism is utilized but on user's action if it's chosen in isolated environment window. By default all isolated applications are run with default medium integrity level.
AppContainer feature is too restricted and it's quite non-trivial to run in AppContainer any random application that is not aware of it. So ReHIPS doesn't utilize it for isolation. But it is aware of it and doesn't isolate applications that are already AppContainer-restricted.

Thanks for quick response fixer !

How does user select Windows Integrity Mechanism in isolated environment window - within the individual application settings - for example Chrome's settings ?

fixer

Integrity level is an attribute of isolated environment. So this option can be found in each isolated environment, on Privileges tab. It's called Integrity level and has a drop-down list with medium, low and untrusted options. And here is an excerpt from an old manual with description of possible values:

QuoteIntegrity levels higher than SECURITY_MANDATORY_MEDIUM_RID are assigned to local services, administrators and privileged users (for instance, backup operators). There is no point in setting them for restricted applications. If an application really needs it, it should be a trusted application and it should be allowed to run in unrestricted mode.

SECURITY_MANDATORY_MEDIUM_RID – standard integrity level for majority of applications, recommended to use by default.

SECURITY_MANDATORY_LOW_RID – low integrity level, some applications may operate incorrectly as they will not be able to access files and folders in user's settings. Some registry keys will also be inaccessible. But if an application does not need it, it'll work fine and it'll have higher security level.

SECURITY_MANDATORY_UNTRUSTED_RID – untrusted integrity level. Assigned by default on anonymous access, access to most objects is denied. Most likely applications will fail to work correctly, not recommended to use.

HJLBX