Any Reported Conflicts with Other Security Softs ?

Started by HJLBX, April 02, 2016, 10:56:10 PM

Previous topic - Next topic

fixer


aDVll

#31
Can anyone confirm that running an application isolated makes it not run guarded on Appguard? I checked from gui taskbar icon-guarded execution and when application is isolated it doesn't show and when it's not it shows.
Had to put all rehips files as power application for them to work btw if it matters and added exception for rehips user folders.

Umbra

Quote from: aDVll on May 02, 2016, 10:08:28 AM
Can anyone confirm that running an application isolated makes it not run guarded on Appguard?

i confirm; tested with Virtual Box & Chrome

Umbra

#33
im not sure , but i think sandboxie isolation take over Chrome from ReHIPS, even if Chrome is logged as isolated in ReHIPS.

not an issue , just an observation. i dont know if in this case , ReHIPS is still isolating Chrome.

edit:  if Chrome is forced by sandboxie; Sandboxie is taking over the isolation, leaving just one process to ReHIPS.


aDVll

Hmm this makes things interesting. So i assume this mean you lose all appguard protection for guarded apps right?
About sandboxie rehips will not show alerts(normal mode) because sandboxie launches everything as child process if i remember correctly. Don't have it installed atm so can't confirm but i am pretty sure.

Umbra

#35
Quote from: aDVll on May 02, 2016, 11:41:12 AM
Hmm this makes things interesting. So i assume this mean you lose all appguard protection for guarded apps right?

it is what i believe.

QuoteAbout sandboxie rehips will not show alerts(normal mode) because sandboxie launches everything as child process if i remember correctly.

when i first launched sandboxi-ed softs , i sat ReHIPS on training to avoid potential conflicts; i guess this may be the result of sandboxie hookings ( not sure about that)
Anyway it is not a real issue , since we shouldn't isolate an already sandboxed browser which has itself a sandbox  :P

HJLBX

#36
Quote from: aDVll on May 02, 2016, 11:41:12 AM
Hmm this makes things interesting. So i assume this mean you lose all appguard protection for guarded apps right?
About sandboxie rehips will not show alerts(normal mode) because sandboxie launches everything as child process if i remember correctly. Don't have it installed atm so can't confirm but i am pretty sure.

Guarded App = application is run with same file system and registry access rights\restrictions as if executed in Windows LUA w\UAC enabled; all child processes inherit limited access rights of parent

Isolated App = same with further restriction to ReHIPSUser - instead of almost entire file system; all child processes inherit limited access rights of parent - even if run outside the isolated environment

Isolated and Guarded Apps are essentially equivalent.

Umbra

Quote from: HJLBX on May 02, 2016, 11:55:49 AM
Guarded App = application is run with same file system and registry access rights\restrictions as if executed in Windows LUA w\UAC enabled; all child processes inherit limited access rights of parent
Isolated and Guarded Apps are essentially equivalent.

So guarded apps on SUA + UAC max is pointless i guess ?

HJLBX

Quote from: umbrapolaris on May 02, 2016, 12:01:50 PM
Quote from: HJLBX on May 02, 2016, 11:55:49 AM
Guarded App = application is run with same file system and registry access rights\restrictions as if executed in Windows LUA w\UAC enabled; all child processes inherit limited access rights of parent
Isolated and Guarded Apps are essentially equivalent.

So guarded apps on SUA + UAC max is pointless i guess ?

From what I understand - pretty much yes.

However, fixer might have further insight since he knows the Windows accounts so well...

aDVll

Quote from: umbrapolaris on May 02, 2016, 11:49:03 AM
Quote from: aDVll on May 02, 2016, 11:41:12 AM
Hmm this makes things interesting. So i assume this mean you lose all appguard protection for guarded apps right?

it is what i believe.

I think this can be fixed by appguard because it simply not detecting the app launched because it's done by another user or something. Maybe you can report to appguard beta forum for them to check. I would post on wilderssecurity topic but a dev there said it's not the place to report if i remember correctly. 

HJLBX

Quote from: aDVll on May 02, 2016, 12:37:02 PM
Quote from: umbrapolaris on May 02, 2016, 11:49:03 AM
Quote from: aDVll on May 02, 2016, 11:41:12 AM
Hmm this makes things interesting. So i assume this mean you lose all appguard protection for guarded apps right?

it is what i believe.

I think this can be fixed by appguard because it simply not detecting the app launched because it's done by another user or something. Maybe you can report to appguard beta forum for them to check. I would post on wilderssecurity topic but a dev there said it's not the place to report if i remember correctly.

AppGuard does not support multiple active user profiles.

I know BRN.  They won't do it.

fixer

Quote from: HJLBX on May 02, 2016, 12:23:59 PM
However, fixer might have further insight since he knows the Windows accounts so well...
I haven't looked into Appguard yet, so I'm not aware of principles it operates on. But it seems you're right.

fixer


Umbra