Author Topic: Re-HIPS and W8, 8.1 and 10 AppContainer  (Read 1547 times)

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 496
Re-HIPS and W8, 8.1 and 10 AppContainer
« on: February 18, 2016, 09:25:11 pm »
Does Re-HIPS utilize W8\8.1\10 AppContainer or Windows Integrity Mechanism - or both ?
« Last Edit: February 18, 2016, 09:33:32 pm by HJLBX »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1478
Re: Re-HIPS and W8, 8.1 and 10 AppContainer
« Reply #1 on: February 19, 2016, 11:46:15 am »
Windows Integrity Mechanism is utilized but on user's action if it's chosen in isolated environment window. By default all isolated applications are run with default medium integrity level.
AppContainer feature is too restricted and it's quite non-trivial to run in AppContainer any random application that is not aware of it. So ReHIPS doesn't utilize it for isolation. But it is aware of it and doesn't isolate applications that are already AppContainer-restricted.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 496
Re: Re-HIPS and W8, 8.1 and 10 AppContainer
« Reply #2 on: February 19, 2016, 06:19:08 pm »
Windows Integrity Mechanism is utilized but on user's action if it's chosen in isolated environment window. By default all isolated applications are run with default medium integrity level.
AppContainer feature is too restricted and it's quite non-trivial to run in AppContainer any random application that is not aware of it. So ReHIPS doesn't utilize it for isolation. But it is aware of it and doesn't isolate applications that are already AppContainer-restricted.

Thanks for quick response fixer !

How does user select Windows Integrity Mechanism in isolated environment window - within the individual application settings - for example Chrome's settings ?
« Last Edit: February 19, 2016, 06:22:00 pm by HJLBX »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1478
Re: Re-HIPS and W8, 8.1 and 10 AppContainer
« Reply #3 on: February 19, 2016, 08:34:24 pm »
Integrity level is an attribute of isolated environment. So this option can be found in each isolated environment, on Privileges tab. It's called Integrity level and has a drop-down list with medium, low and untrusted options. And here is an excerpt from an old manual with description of possible values:

Quote
Integrity levels higher than SECURITY_MANDATORY_MEDIUM_RID are assigned to local services, administrators and privileged users (for instance, backup operators). There is no point in setting them for restricted applications. If an application really needs it, it should be a trusted application and it should be allowed to run in unrestricted mode.

SECURITY_MANDATORY_MEDIUM_RID – standard integrity level for majority of applications, recommended to use by default.

SECURITY_MANDATORY_LOW_RID – low integrity level, some applications may operate incorrectly as they will not be able to access files and folders in user’s settings. Some registry keys will also be inaccessible. But if an application does not need it, it’ll work fine and it’ll have higher security level.

SECURITY_MANDATORY_UNTRUSTED_RID – untrusted integrity level. Assigned by default on anonymous access, access to most objects is denied. Most likely applications will fail to work correctly, not recommended to use.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 496
Re: Re-HIPS and W8, 8.1 and 10 AppContainer
« Reply #4 on: February 22, 2016, 02:23:17 am »
Thanks fixer.

icalcs.exe - I understand.