Author Topic: Ask Questions Here - ReHIPS Features & Unexpected Behaviors  (Read 172985 times)

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #615 on: August 05, 2017, 09:23:29 pm »
learning mode block the everything that  has alert rule!im wrong?
« Last Edit: August 05, 2017, 09:46:15 pm by perisanboy »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #616 on: August 05, 2017, 11:26:24 pm »
Open ReHIPS log then and try to find out why it was blocked.
I tested the following, set cmd.exe:
Can Execute Programs: Alert;
Can Be Executed: Allow;
Can Execute Sub-Programs: Alert.
Then enabled Learning Mode and played with cmd.exe a bit. So it became:
Can Execute Programs: Inspect Children; - it was changed to allow execution of other programs
Can Be Executed: Allow; - it remained the same
Can Execute Sub-Programs: Alert. - it remained the same, but some lines were added to the Trusted Command Lines list
And none were blocked. So the fastest way is to take a look at ReHIPS log, it writes there reason for the action. For example
Sub-Program C:\Windows\System32\cmd.exe with PID 3072 and command line cmd /c ""C:\123.bat" " - allowed (mode)
means was allowed because of the Working Mode.

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #617 on: August 06, 2017, 12:37:17 am »
I tried it again no issue you know I guess win 7 sucks!the rules changed like your rules.
should remove this bs.
thnx for reply

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #618 on: August 06, 2017, 09:47:14 am »
suggestion: can you resize the pop-up menu size?its too big should be smaller:D

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #619 on: August 06, 2017, 02:29:47 pm »
Which pop-up menu do you mean?

Funnelhead

  • Jr. Member
  • **
  • Posts: 15
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #620 on: August 06, 2017, 09:27:36 pm »
ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1119
  • Windows 10 latest 64 bit
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #621 on: August 06, 2017, 09:34:55 pm »
ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?
Post the logs of when it happens and an image of the error page.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #622 on: August 06, 2017, 10:28:53 pm »
The best idea is to either take a look at logs and find out what was blocked, we'll add it to the default rules as allowed. Or to compare logs from both successful and unsuccessful passes to find the difference.

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #623 on: August 07, 2017, 01:04:47 am »
i mean the log pop up menu

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #624 on: August 07, 2017, 01:06:58 am »
ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?
Hey try to train rehips in learning mode for  1week then set it in expert or standard mode.

Trooper

  • Jr. Member
  • **
  • Posts: 2
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #625 on: August 13, 2017, 08:26:26 pm »
Hi guys,

First time poster here.  I purchased this product about a month or so ago and ran it at default settings.  I am sure there is a learning curve for the product just like any other security suite.  My main issue was that I noticed a significant downgrade in my PC performance.  So much so, that I had to roll back to my image that was taken before installation.  Would like to give it a go once again now that I have a little more time to mess around.  Any tips for this ReHIPS newbie?

PC is an i5 Intel with 16GB of RAM.  Windows 10 x64 Enterprise with Creators Update.  Thanks!

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #626 on: August 13, 2017, 10:24:57 pm »
Hello, Trooper. And welcome to our forum.
Could you please explain a bit more on the issue? Does it always lag or maybe for example just the first 5 minutes after boot? How does it lag exactly and do all programs seem to lag? What is CPU, RAM, HDD, etc usage? Maybe something eats too much CPU, consumes too much memory or spins HDD or something like this?

Trooper

  • Jr. Member
  • **
  • Posts: 2
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #627 on: August 21, 2017, 02:04:34 am »
Hi fixer,

Sorry for the delay in getting back to you.  Thanks for the welcome. I plan to reinstall again to get a better handle on things.  The performance issues I had was just programs even things like Windows Explorer were slow to load.  I have changed my setup since then, and am running W10 x64 Enterprise with CU. I also have Emsisoft Antimalware and Appguard running.  Will it be ok to run ReHIPS with these two things in place?

Thanks!

HJLBX

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 495
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #628 on: August 21, 2017, 09:46:19 am »
Hi fixer,

Sorry for the delay in getting back to you.  Thanks for the welcome. I plan to reinstall again to get a better handle on things.  The performance issues I had was just programs even things like Windows Explorer were slow to load.  I have changed my setup since then, and am running W10 x64 Enterprise with CU. I also have Emsisoft Antimalware and Appguard running.  Will it be ok to run ReHIPS with these two things in place?

Thanks!

There are no known conflicts between AppGuard and ReHIPS.

AppGuard + ReHIPS + EAM => adjust the settings so you do not end up with double alerts from both the HIPS and the behavior blocker.  That configuration is over the top paranoid.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #629 on: August 21, 2017, 11:34:39 am »
OK, if you have any problems don't hesitate to contact me directly via PM. I'm always here to help.