1. Download movie
2. Open movie with WMP
3. Have WMP open and play a movie in a separate ReHIPSUser (not same ReHIPSUser as browser)
Playing movie in same IE as browser is reasonably safe I suppose.
I've just tried to do it on a default stock Windows 7.
1. Open Internet Explorer, it opens in isolated environment. Download a movie for example in C:\ReHIPS\Browser.
2. By default WMP is allowed in RulesPack, set it to isolated.
3. As the movie resides in Browser ReHIPS subfolder, allow newly isolated WMP access to it by either allowing read access to C:\ReHIPS\Browser with files and subfolders inheritance in Permissions tab, or setting Open file access option to WMP isolated environment to Read.
4. Try to open it from real user explorer. WMP is set to be isolated, access to movie file is granted. It works.
After deleting USER & SYSTEM groups, I noticed that non-existant\obsolete file paths are no longer highlighted to indicate file is not on system at that file path.
ReHIPS is designed as a thin client architecture with GUI being a thin client and Service doing all the work. Program tree is cached in GUI to relieve communications channel from excessive load requesting it every time. So GUI doesn't know if these files exist at the moment or not, it operates basing on information from Service. Thus if program tree is completely updated, GUI will know about changes in file presence and will mark them with pink/red. So it's some kind of feature. But we'll see what we can do, maybe update it after timeout, maybe add a manual update button.
Maybe someone can point out what I am doing wrong in trying to execute CCleaner isolated from flash drive (D:\).
What is the type of filesystem on that media (FAT, NTFS, etc)? You may also need Unsecured FS Media access right set.