Author Topic: Ask Questions Here - ReHIPS Features & Unexpected Behaviors  (Read 171355 times)

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« on: April 11, 2016, 01:56:50 am »
I have created this thread so that I and other beta testers can ask questions about unexpected ReHIPS behaviors.

The goal of this thread is simple:

* * * * *

Ask a question about an unexpected behavior or feature.

ReHIPS staff can explain details about feature(s).

ReHIPS staff can explain that behavior(s) is\are unexpected to user - but intended by design - or appears to be an issue\bug.

After answer to question(s), user can post an issue\bug report - if any is needed.

* * * * *

Beta testers and users can learn product better.

This process will reduce needless reports and burden on ReCrypt staff.

This thread will be a centralized thread for beta testers and other users to find answers to common questions about ReHIPS.

It could serve as the basis for ReCrypt staff to identify the most commonly asked questions on ReHIPS installation, features, use and issues\problems.

* * * * *

If this thread does not work out, then it can be closed or deleted by ReCrypt staff at their discretion.
« Last Edit: April 11, 2016, 02:00:38 am by HJLBX »

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #1 on: April 11, 2016, 02:06:25 am »
I read the Admin manual; I understand how DeployHelper works for the most part.  I have questions about implementation and few minor questions.

DeployHelper:

* * * * *

Requires ReHIPS_Setup.exe correct ?

* * * * *

Why not permanently integrate DeployHelper into ReHIPS (Training Mode works better for me in configuring programs to run in IE) so it works after ReHIPS_Setup.exe deleted ?

* * * * *

What is difference between\advantage to using Deploy Helper created shortcut and program created shortcut ?

* * * * *

Does active Protection Mode (Expert, Normal, Light,...) affect DeployHelpter behavior ?


Expert Mode = alerts, even while using DeployHelpter.  I understand this.  I am asking if any problems have been connected to a particular Protection Mode setting.

* * * * *

Any reported issues with DeployHelper ?

* * * * *

Most installers don't identify themselves as requiring Admin rights to install.  So most users will probably always adopt run as Admin; perhaps limited rights option is not necessary ?
« Last Edit: April 11, 2016, 02:19:24 am by HJLBX »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #2 on: April 11, 2016, 04:24:02 pm »
ReHIPS isolated environments are based on Windows built-in isolation of different users from each other and from the system (if they don't have admin privileges). So then a program is isolated it is executed from a specially created ReHIPS user with limited access rights. Being run this way it won't be able to access real user's profile folder and registry hive. This may be a problem as the user expects the program even being isolated will have the same settings as it had before isolation. One of several possible ways to solve this is to use DeployHelper.
DeployHelper installs the program right into the new ReHIPS user. So all the settings will go from the start into isolated environment, no need to copy them from the real user environment. But it needs program setup file to do this. On the low level it just creates ReHIPS user and runs setup from that user. As the program being installed that way creates desktop and start menu shortcuts in the ReHIPS user environment, the real user won't see them, so DeployHelper recreates them for the real user on real user's desktop and start menu.
As DeployHelper is a separate application it's not affected by ReHIPS protection mode. Sometimes setup files may run other files which may lead to ReHIPS alert, it's OK though inconvenient for the user, so we've got it in our TODO list to fix this.
No issues were reported with DeployHelper yet.
Some installers don't explicitly state in the manifest that they need admin rights (DeployHelper detects the ones that do and honour this running it with admin rights). But being run later they ask for elevation. For this case DeployHelper with admin was made. Of course DeployHelper with admin can be used for every installer, but it's not recommended. For one thing DeployHelper will give ReHIPS user admin privileges. Of course it's just temporary while installer is working. But why doing it if we can be just fine without it. Besides admin requiring installers tend to install software to Program Files folder. Sometimes it's something desirable, but personally I prefer isolated software to reside in isolated environment so it'll be completely gone when I remove the isolated environment and I won't have to uninstall it later from Program Files folder.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #3 on: April 12, 2016, 03:17:35 am »
What will be intended behavior for partitions and external drives ?

* * * * *

HIPS monitors all partitions and drives - that is easy enough.

* * * * *

Some users will want to execute programs residing on different partitions and  from Flash drives as isolated programs.

I tried flash drive - will not load into isolated environment.

I think this is intended design, but I am not sure.

Same problem as executing file isolated from PA user profile - correct ?

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #4 on: April 12, 2016, 10:38:51 am »
By default external drives and network files in the terms of process execution interception are no different from regular processes. But when you isolate them, there is a catch. By default isolated programs have access neither to real user's profile folder, nor to removable or network media. This is by design as some removable media like flash drives may be formatted in old filesystems like FAT that doesn't support access rights and even being formatted in NTFS it usually allows everyone full access (thus isolated programs can mess with the contents of a flash drive).
To explicitly run a program isolated from the real user profile folder you should set Copy User Data flag (the latest ReHIPS version sets this flag automatically in non-Expert mode).
To run a program isolated from network or flash drive you should set additional Media access rights in the isolated environment window.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #5 on: April 13, 2016, 02:09:25 am »
By default external drives and network files in the terms of process execution interception are no different from regular processes. But when you isolate them, there is a catch. By default isolated programs have access neither to real user's profile folder, nor to removable or network media. This is by design as some removable media like flash drives may be formatted in old filesystems like FAT that doesn't support access rights and even being formatted in NTFS it usually allows everyone full access (thus isolated programs can mess with the contents of a flash drive).
To explicitly run a program isolated from the real user profile folder you should set Copy User Data flag (the latest ReHIPS version sets this flag automatically in non-Expert mode).
To run a program isolated from network or flash drive you should set additional Media access rights in the isolated environment window.

I followed the above outlined steps, just for the sake of testing.

Example, portable CCleaner (just for testing isolated launch - and not actual use)

However, I always get the attached ReHIPS error message.
« Last Edit: April 13, 2016, 02:12:49 am by HJLBX »

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #6 on: April 13, 2016, 02:43:44 am »
I have a question about "Copy User Data."

* * * * *

With Cyberfox, I can only get it to launch (with Webroot browser extensions) in the isolated environment by following the steps below:

Either right-click Cyberfox shortcut and select "Run Isolated in ReHIPS" - or - create "Allow in Isolated Environment" rule.

Enable "Copy User Data."  (If I enable "Copy User Data" later, I assume no data is ever copied since it never fixes the issues.)

When the message "Cyberfox is not your default browser," I must untick "Perform this check every time at startup" and then select "Not Now" button.

* * * * *

I have attached an image of the contents of ReHIPSUser1 directory; it only contains AppData and regtrans.

I have also attached an image of the contents of ReHIPSUser1.DESKTOP* created by DeployHelper.

* * * * *

Following the above steps does not cause the problems experienced when using DeployHelper.
« Last Edit: April 13, 2016, 02:52:11 am by HJLBX »

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #7 on: April 13, 2016, 02:58:25 am »
Does "Copy User Data" completely load Documents, Downloads, Music, etc including all folder contents ?

* * * * *

I am trying to use Isolated Environment to write reports for this forum.

However, I am having to switch back-and-forth to gain access to real user folders.

I created Read\Write access for C:\Users\HJLBX\Pictures, but I cannot access any of the objects.

I have experimented with folder and file inheritance settings; still no access.

Attached image.

* * * * *

Maybe I am not understanding how "Copy User Data" and real user folder\file access works in ReHIPS.

« Last Edit: April 13, 2016, 03:13:49 am by HJLBX »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #8 on: April 13, 2016, 12:18:22 pm »
Example, portable CCleaner (just for testing isolated launch - and not actual use)
However, I always get the attached ReHIPS error message.
That's strange. Could you us give more information: Isolated environment Media access rights options, type of external media used and type of filesystem on that media (FAT, NTFS, etc)?

If I enable "Copy User Data" later, I assume no data is ever copied since it never fixes the issues.
The most possible reason for this was explained here
it runs without settings at first (as there are no settings in the empty isolated environment and Copy data flag is not set), creates default settings (without any extension) and uses them later (even if Copy data flag is set, it isn't needed anymore as settings are present in the isolated environment and won't be copied on demand anymore).
In other words, Cyberfox doesn't see any settings at first and creates default settings. Copy User Data copies only files that are absent is the isolated environment, but present in the real user environment. And as there are settings present in the isolated environment (default newly created) nothing is copied later when Copy User Data flag is set.

The first screenshot Capture46.PNG, it doesn't look like active isolated environment. It looks like this was isolated environment, but it's deleted, hence most of the files were deleted, but some are in use by Windows and will be deleted after reboot.

Does "Copy User Data" completely load Documents, Downloads, Music, etc including all folder contents ?
Like I said
With this flag set registry keys and file/folders are copied from the real user to the isolated environment on demand (the application tries to reach them, they're not in the isolated environment, but found in the real user environment).
In other words, a program tries to access some file. It's absent in the isolated environment, but is present in the real user environment. Then it's copied. Usually programs try to access only their settings from Local or Remote AppData. Other files and folders you can see in ReHIPS user profile are just system objects, Windows created them for internal needs.

There is no use to set any access to the real user profile folder files or folders in the isolated environment options. Any access to the real user profile folder is redirected to the ReHIPS user folder. So if the file being accessed exists in the ReHIPS user folder, it'll be opened. If the file being accessed is absent in the ReHIPS user folder, but Copy User Data flag is set, it'll be copied to the ReHIPS user folder and then opened. In other cases access will result in error. So no direct access to the real user profile folder by the isolated program is performed, thus there is no use to set any access to the real user profile folder files or folders.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #9 on: April 13, 2016, 12:35:50 pm »
I keep trying to explain the issue on my system, but it is difficult using this method to communicate an issue sometimes...

Capture46 is active isolated environment created when setting up Cyberfox for first time.  It stays that way and never changes.

Using DeployHelper to set up Cyberfox does not work; extensions will never be loaded using DeployHelper - even after system reboot.

The only way I can get extensions to load and Cyberfox to work in the Isolated Environment is by following the steps I outlined in the thread.

* * * * *

I have tried to access files only present in real user profile via browser, text editor, archiver, etc. 

When I open Documents folder for example, it is always empty - even with "Copy User Data" enabled - during access; I can never gain access to files I need while in Isolated Environment.

« Last Edit: April 13, 2016, 12:48:41 pm by HJLBX »

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #10 on: April 13, 2016, 12:47:28 pm »
Example, portable CCleaner (just for testing isolated launch - and not actual use)
However, I always get the attached ReHIPS error message.
That's strange. Could you us give more information: Isolated environment Media access rights options, type of external media used and type of filesystem on that media (FAT, NTFS, etc)?

I will check it.  Give me some time...

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #11 on: April 13, 2016, 01:30:20 pm »
Using DeployHelper to set up Cyberfox does not work; extensions will never be loaded using DeployHelper - even after system reboot.
I have tried to access files only present in real user profile via browser, text editor, archiver, etc. 
DeployHelper installs software from scratch into isolated environment. So maybe extensions should also be installed there, it depends on the way they work. Could you give a list of extensions? I'll look into this issue.
When I open Documents folder for example, it is always empty - even with "Copy User Data" enabled - during access; I can never gain access to files I need while in Isolated Environment.
Do you mean you browse into the profile folder and don't see the files from real user profile folder? This is because redirection is in action, you'll see contents of ReHIPS user folder. But if you try to access files from the real user profile folder, they'll be copied. For example you have isolated notepad and you have file C:\Users\HJLBX\AppData\Local\file.txt that is absent in C:\Users\ReHIPSUser1\AppData\Local\file.txt. If you browse from notepad to either C:\Users\HJLBX or C:\Users\ReHIPSUser1, you'll see contents of C:\Users\ReHIPSUser1 because of redirection. But if you try to open file C:\Users\HJLBX\AppData\Local\file.txt or C:\Users\ReHIPSUser1\AppData\Local\file.txt for example by typing file name in the open file dialog filename field, it'll be copied and opened.

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #12 on: April 14, 2016, 12:23:20 pm »
DeployHelper installs software from scratch into isolated environment. So maybe extensions should also be installed there, it depends on the way they work. Could you give a list of extensions? I'll look into this issue.

I uninstalled all other security softs, removed all remnants - even cleaned registry and prefetch.  So now I am running only ReHIPS.

Cyberfox 45.0.3
LastPass 3.3.1 (for Firefox)

Once again same issue.

If I use DeployHelper, then LastPass extension will never get loaded.

If I create the Isolated Environment manually, and tick "Copy User Data," then it gets loaded.

* * * * *

I'm just trying to pin this down so as to save other users frustrations because of unexpected behaviors.
« Last Edit: April 14, 2016, 12:45:56 pm by HJLBX »

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #13 on: April 14, 2016, 12:25:59 pm »
What is proper technique for setting up rules for Child Programs in Isolated Environment ?

For example, Cyberfox.exe > plugin-container.exe; Cyberfox.exe > helper.exe.

Is it best to also allow both plugin-container.exe and helper.exe to run inside Isolated Environment - or it doesn't matter - as long as they can execute ?

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #14 on: April 14, 2016, 12:36:32 pm »
So, if I understand correctly, there is no way to gain access to pictures I have stored in the real user profile from inside the Isolated Environment ?

They have to be manually moved ahead of time to ReHIPSUser or to C:\ReHIPS to be available ?

LOL... this is causing me some angst. 

I just want to learn what I need to do to make it work - if it is possible.

If it is possible, can someone give an example of the steps I need to follow ?