Ask Questions Here - ReHIPS Features & Unexpected Behaviors

[shmu26]

Standard User account quirks:
1 If I install ReHIPS, and later I change one of the admin users to standard, sooner or later I start to get service link errors that are unsolvable even by uninstall/reinstall. I have to uninstall/reinstall+delete rules.

2 A few days ago, I installed LibreOffice in a standard user account, and it did not get isolation rules. Today I installed it in an admin account, and it got isolation rules.

[fixer]

1. Service link error may mean that you need Administrator rights to connect to the Service, so you have to start GUI as Administrator or add this user to trusted users list in ReHIPS settings. This error was fixed to more obvious text in the upcoming 2.3.0 build.

2. It didn't get isolation rules or it didn't get any rules at all?

[shmu26]

2 It got rules but not isolation rules

[fixer]

You mean you have 2 users: Admin and non-Admin. Rules were installed for both users, but for the first user LibreOffice rules were isolating and for the second user just allowed it to execute without isolation?

[shmu26]

I installed Libreoffice from the standard user. I forgot to check what happened to the admin user.

[fixer]

Thanks for your report. Added this issue to our TODO list, we'll take a look at it.

[shmu26]

add this user to trusted users list in ReHIPS settings.

I tried that. I also tried, on a different occasion, turning the standard user back into an admin user. But the error messages kept coming.

[perisanboy]

Hey,
Sometimes when I allow a file to run(permanent rule)and then exit the application the next time I want to run that tool again Rehips ask me and wants me to allow or block it.

Example: happened 2 times for Securemybit
Has any one this issue?

[aDVll]

Hey,
Sometimes when I allow a file to run(permanent rule)and then exit the application the next time I want to run that tool again Rehips ask me and wants me to allow or block it.

Example: happened 2 times for Securemybit
Has any one this issue?

Either the application spawns a new process each time with a different hash or you didn't allow with the permanent option but instead used the allow once option.

[perisanboy]

Hey,
Sometimes when I allow a file to run(permanent rule)and then exit the application the next time I want to run that tool again Rehips ask me and wants me to allow or block it.

Example: happened 2 times for Securemybit
Has any one this issue?

Either the application spawns a new process each time with a different hash or you didn't allow with the permanent option but instead used the allow once option.

thnx for the answer but I'm sure it was the permanent rule.
IDK about hash...maybe that's why.

[perisanboy]

I just found Rehips has only one weakness and that's hook attacks?honestly, idk what is it
But can you pls tell us how to secure our mahcine from these attacks?some one told me to don't set hooks but how?

[HJLBX]

I just found Rehips has only one weakness and that's hook attacks?honestly, idk what is it
But can you pls tell us how to secure our mahcine from these attacks?some one told me to don't set hooks but how?

https://msdn.microsoft.com/en-us/library/windows/desktop/ms632589(v=vs.85).aspx

• Windows itself uses hooks
  3rd-party programs use hooks
  Hooking can be done in both the kernel and user mode
  ReHIPS uses no hooks except probably for some specific GUI\limited monitoring stuff (ask fixer)
  The hooks settings you find in ReHIPS are to enable\disable Windows hooks

1.  Operating System vulnerabilities (serious ones are very rare - the incidence is perhaps once every 10 years or more)
2.  Windows Hooks (advanced attack with probably the same incidence as No. 1)

If you can avoid it, don't set more hooks via ReHIPS GUI Settings\Configuration than what is already enabled by default; if you do not need default enabled hook(s), then disable them.

[aDVll]

I just found Rehips has only one weakness and that's hook attacks?honestly, idk what is it
But can you pls tell us how to secure our mahcine from these attacks?some one told me to don't set hooks but how?

They probably meant having hook control on and the isolated program running on the real desktop. If you use the default setting with hook control and different desktop then nothing to worry about.

[perisanboy]

I just found Rehips has only one weakness and that's hook attacks?honestly, idk what is it
But can you pls tell us how to secure our mahcine from these attacks?some one told me to don't set hooks but how?

https://msdn.microsoft.com/en-us/library/windows/desktop/ms632589(v=vs.85).aspx

• Windows itself uses hooks
  3rd-party programs use hooks
  Hooking can be done in both the kernel and user mode
  ReHIPS uses no hooks except probably for some specific GUI\limited monitoring stuff (ask fixer)
  The hooks settings you find in ReHIPS are to enable\disable Windows hooks

1.  Operating System vulnerabilities (serious ones are very rare - the incidence is perhaps once every 10 years or more)
2.  Windows Hooks (advanced attack with probably the same incidence as No. 1)

If you can avoid it, don't set more hooks via ReHIPS GUI Settings\Configuration than what is already enabled by default; if you do not need default enabled hook(s), then disable them.

Hello,
thanks for the answer.
I know it's rare because another guy told me the same but I just wanted to know if there is a fix or patch for it
Sorry, but where is that enabled Hook?do you mean lock down mode?

[perisanboy]

If you use the default setting with hook control and different desktop then nothing to worry about.

I see thanks for the info.