Author Topic: Ask Questions Here - ReHIPS Features & Unexpected Behaviors  (Read 172994 times)

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #540 on: May 24, 2017, 08:21:45 pm »
Ozone, don't worry, we've got this issue in our TODO list to fix it. But it'll be in the next release, not 2.2.0.

I don't mind, I was just testing something

but I have some issues with latest ReHIPS

I had reinstalled ReHIPS (deleted settings and all ReHIPS folders except C:\ReHIPS) but now all files in C:\ReHIPS\Office can't be opened by isolated programs, in security tab of files is unknown ID (previous rehips ID)

fortunately moving files around will remove/reset this unknown ID and allow me open these files

also C:\ReHIPS folder has not changed icon

another issue is that HIPSService64.exe and HIPSAgent64.exe in latest ReHIPS always use 1-2% even thought I do nothing


 

« Last Edit: May 24, 2017, 08:23:48 pm by Ozone »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #541 on: May 24, 2017, 08:33:51 pm »
Umbra, we'll add something like active/inactive rule, we've got it in our TODO list.

Ozone, thanks for your report, we'll check these issues.
Regarding 1-2% CPU load, that's possible, even if you don't do anything visible, sometimes processes start and die somewhere out there, sometimes they read and write files, load should be minimal, but Service needs to check if it's not isolated processes. I'll take a look at possible bottlenecks to lighten the load.

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #542 on: May 24, 2017, 08:42:22 pm »
I have rehips log opened and nothing appears, but it's new reinstall so I will wait some time and see if this issue disappear

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 568
  • Beta tester
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #543 on: May 25, 2017, 08:00:40 am »
Umbra, we'll add something like active/inactive rule, we've got it in our TODO list.
Good ! it will be useful because , while reinstalling rules , i could launch Chrome non-isolated...which was surprising until i realized rules were reinstalled.

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #544 on: May 25, 2017, 08:51:35 pm »
after some testing it seems that  HIPSAgent64.exe cpu usage is related to IE – isolation border and renamed window

in previous version I didn't have this problem

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #545 on: June 06, 2017, 09:08:29 pm »
just cosmetic, but could you add in windows with "File Hashes" that you're using  sha512, something like this "File Hashes (SHA512)"

could you add timestamp for when was file added in rehips (rules) and option to open file location from rehips setting window

also it is possible to edit initial rulespack

btw
will you solve the problem with google safe browsing, it's really annoying


fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #546 on: June 06, 2017, 10:11:14 pm »
OK, we'll add SHA512 marker.

Open file location button is already planned. Timestamp... hmmm, what's the use-case for this feature?

Initial rulespack is already completely editable, I'll announce RulesManager separately in a couple of days I think. It's really powerful, but not so nice and pretty and not so stable, that's why we haven't included it in a default build.

Google safe browsing - you mean that red window popping-up and scaring users that this site serves malware?
Ogh, it's a funny story actually. Well, "funny" also depends on your point of view. Anyway at first they didn't like ReHIPS setup. Have no idea why actually, it's served through https, certificate is OK, it's signed with a valid signature, no protectors, packers, whatsoever, no AV detections, compiler and installer are also standard and wide-spread. I decided it's not good and tried to fix it via google webmaster tools. Now the whole forum and site are banned as their crawler found links to the setup. I'm afraid to fix it further, maybe they'll ban the whole server :)
In other words we're working on it, but google is google. I never had any hard feelings towards it. But when you face this and don't have many options what to do and there is no adequate support, it's hard to remain unbiased.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 438
  • Win10 x64 latest stable
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #547 on: June 06, 2017, 10:15:32 pm »
after some testing it seems that  HIPSAgent64.exe cpu usage is related to IE – isolation border and renamed window

in previous version I didn't have this problem
I am on the 2.2.0 public release, and for the first couple minutes after startup, I see CPU usage of about 30% for  HIPSAgent64.exe. This causes a very significant delay in the launching of isolated apps, until the CPU finally goes down.
It doesn't seem to matter whether or not I enable isolation border and renamed window.

Windows 10 x64 CU
Windows Defender
NVT ERP

« Last Edit: June 06, 2017, 10:32:36 pm by shmu26 »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #548 on: June 07, 2017, 01:09:50 am »
I can't reproduce this issue with CPU-eating-on-startup Agent, but I'll try to solve it in PM.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #549 on: June 07, 2017, 02:17:39 pm »
Looks like Google came to senses and Google Safe Browsing issue is solved.

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1119
  • Windows 10 latest 64 bit
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #550 on: June 07, 2017, 02:24:52 pm »
after some testing it seems that  HIPSAgent64.exe cpu usage is related to IE – isolation border and renamed window

in previous version I didn't have this problem
I am on the 2.2.0 public release, and for the first couple minutes after startup, I see CPU usage of about 30% for  HIPSAgent64.exe. This causes a very significant delay in the launching of isolated apps, until the CPU finally goes down.
It doesn't seem to matter whether or not I enable isolation border and renamed window.

Windows 10 x64 CU
Windows Defender
NVT ERP
You sure it matters if you launch something isolated? Try not launching anything and see if cpu load drops. If it actually drops how long did it take and when you launch what does it happen? Also if you don't mind, to compare with my test, what cpu model do you have.
I personally see a high cpu load for the first few seconds the system boots(10-20s).

Also something else to consider do you use lockdown mode and if yes in what setting?
« Last Edit: June 07, 2017, 03:05:30 pm by aDVll »

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #551 on: June 09, 2017, 03:29:02 pm »
OK, we'll add SHA512 marker.

Open file location button is already planned. Timestamp... hmmm, what's the use-case for this feature?

Initial rulespack is already completely editable, I'll announce RulesManager separately in a couple of days I think. It's really powerful, but not so nice and pretty and not so stable, that's why we haven't included it in a default build.

Google safe browsing - you mean that red window popping-up and scaring users that this site serves malware?
Ogh, it's a funny story actually. Well, "funny" also depends on your point of view. Anyway at first they didn't like ReHIPS setup. Have no idea why actually, it's served through https, certificate is OK, it's signed with a valid signature, no protectors, packers, whatsoever, no AV detections, compiler and installer are also standard and wide-spread. I decided it's not good and tried to fix it via google webmaster tools. Now the whole forum and site are banned as their crawler found links to the setup. I'm afraid to fix it further, maybe they'll ban the whole server :)
In other words we're working on it, but google is google. I never had any hard feelings towards it. But when you face this and don't have many options what to do and there is no adequate support, it's hard to remain unbiased.

I should be more specific, I mean timestamps for file hashes (when hash was added), so it will be possible to figure out when file was modified because if "Ignore File Modification" is checked there is no warning. (unless you check "Program file modified – allowed")

CPU usage now is better, HIPSService64.exe is using around 0,2 %, so it's okay and only on windows 7 HIPSAgent64.exe is using 1 % (on windows 10 no problem at all).

« Last Edit: June 15, 2017, 03:34:47 pm by Ozone »

crasher

  • ReHIPS team
  • Jr. Member
  • *****
  • Posts: 97
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #552 on: June 09, 2017, 10:03:32 pm »
I should be more specific, I mean timestamps for file hashes (when hash was added), so it will be possible to figure out when file was modified because if "Ignore File Modification" is checked there is no warning.

Thanks for your suggestion. We'll think about it. May be we will add additional info about files like version, etc.

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #553 on: June 15, 2017, 03:39:00 pm »
I was trying https://www.airlockdigital.com/application-whitelisting-auditor/ and after "hundreds" popups ReHIPS GUI crashed

additional info
I have only allowed program to launch, later (other) permissions were blocked
after crash I have run GUI again (ApplicationWhitelistAuditor.exe was still running) and after "hundreds" popups ReHIPS GUI again crashed
I was in shadow mode so no log



« Last Edit: June 15, 2017, 06:13:35 pm by Ozone »

crasher

  • ReHIPS team
  • Jr. Member
  • *****
  • Posts: 97
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #554 on: June 15, 2017, 06:25:51 pm »
I was trying https://www.airlockdigital.com/application-whitelisting-auditor/ and after "hundreds" popups ReHIPS GUI crashed

additional info
I have only allowed program to launch, later (other) permissions were blocked
after crash I have run GUI again (ApplicationWhitelistAuditor.exe was still running) and after "hundreds" popups ReHIPS GUI again crashed
I was in shadow mode so no log

Thank you for your bugreport. We'll try to reproduce this problem and fix it.