Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

perisanboy

Hello, a suggestion:
Pls, consider adding the purge button in the allowed or blocked programs ;D
it's pain when you want to search for red programs :P lazy ppl like me...   :P

fixer

You mean purge button for red programs that don't exist anymore?
Thanks for suggestion, we already have it in our TODO list.

perisanboy

#572
Quote from: fixer on July 25, 2017, 01:08:24 AM
You mean purge button for red programs that don't exist anymore?
Thanks for suggestion, we already have it in our TODO list.
Ye exactly:)
Good to hear you guys are already thinking about it.

perisanboy

Hello there :P
Does Rehips generate the pop up for the child process?
If I want to monitor the child process should I choose to Inspect children?or even if I allow a program for the next child process Rehips generate a pop up(expert mode)?


fixer

There are 4 possible options for Can Execute Programs setting. Verbatim from the help file:
QuoteAlert - "Allow program to execute other programs?" window will be displayed when this program tries to execute other program;
Block - this program will be denied to execute other programs;
Inspect children - if a child program is not in ReHIPS database, "Allow program?" window will be shown, ReHIPS database settings for child program will be applied otherwise;
Allow - allows current program to execute other programs without notification, child programs will be executed with parent access rights and privileges.
So you need Inspect children option.

Settings Duration radio button sets duration for the alert choice.
QuotePermanent
Save settings into ReHIPS database and use them always.
Only in this session
Settings will be actual for the current session only (up to restart of the PC).
And Only Once option will be effective only once, no changes to the database will be made.


perisanboy

#576
i want to ask my questions about Rehips here not in malware tips anymore :P :P
i want answers from fixer 8)
Let's say I want to install a new software from a trusted source.
But imagine(just possibility) that program or installer changed by some one or contain bad drivers(possibly) some hacker there hacked the website or idk:D.
So the question is how Rehips will handle the bad drivers?because I notice it won't generate an alarm for creating drives into the:system32/drivers

aDVll

Quote from: perisanboy on July 28, 2017, 11:45:59 PM
im want to ask my questions about rehips here not in malware tips anymore :P :P
i want answers from fixer 8)
Let's say I want to install a new software from a trusted source.
But imagine(just possibility) that program or installer changed by some one or contain bad drives(possible) some hacker there hacked the website or idk:D.
So the question is how Rehips will handle the bad drives?because I notice it won't generate an alarm for creating drives into the:system32/drives
LOL! You asked the questions though on malware tips or someone/something is reading your mind because you posted there first.

perisanboy

#578
Also pls pls pls consider to make this sandbox better it can't run a lot of software also the settings are too complicated.
Well, when I read the help file I found how to work with it.but not everyone can read the help file! ppl are lazy.

imagine if a girl in somewhere wants to work with Rhips and she is noob user she will remove it as fast as possible :P::)
you guys should consider these things make it easy to use like others! I like the Rehips sandbox bec it's smarter than others and more settings and restriction for the isolated environment but the usability is on another side.
make it work for everyone(drag and drop! ) not only for  special users!8) ;D

perisanboy

#579
QuoteLOL! You asked the questions though on malware tips though or someone/something is reading your mind because you posted there first.
ye you are right but after that I thought it's better to ask my question here ;D from the developer they know better. they are not in MT

perisanboy

Quote from: perisanboy on July 28, 2017, 11:45:59 PM
i want to ask my questions about Rehips here not in malware tips anymore :P :P
i want answers from fixer 8)
Let's say I want to install a new software from a trusted source.
But imagine(just possibility) that program or installer changed by some one or contain bad drivers(possibly) some hacker there hacked the website or idk:D.
So the question is how Rehips will handle the bad drivers?because I notice it won't generate an alarm for creating drives into the:system32/drivers
can you guys do this? monitor the important folders into the c: windows and if smth wanted to make a change on it Rehips will generate an alarm.is it a hard thing??idk it's hard or easy :/
it's just suggestions for better security.
I mean some important folder like drivers, system 32,... or others you knows better which one is more important

fixer

We can't do everything at once, one step at a time. Security is pretty much taken care of, so now we mostly deal with usability. And we've got a lot of ideas and thanks to our users great suggestions. So don't worry, we'll make it easier to use, just one step at a time.

Isolated programs can't install drivers, they don't have enough permissions for this. Drivers require digital signature to be loaded by Windows, so hacking the site, infecting and resigning drivers is possible, but unlikely - too much trouble. Besides quite a few software have and really need drivers. Usually simple exe files are compromised, they have similar access rights when executed from admin (which most users do) and don't have to be signed. But if you really have to deal with a driver, my advice-think twice, do you really need it? Sometimes even legitimate drivers are full of bugs and increase attack surface.

Folders monitoring is not hard, but drivers can be loaded from any folder, so in this context this monitoring will be quite useless.

perisanboy

#582
Quote from: fixer on July 29, 2017, 12:47:47 AM
We can't do everything at once, one step at a time. Security is pretty much taken care of, so now we mostly deal with usability. And we've got a lot of ideas and thanks to our users great suggestions. So don't worry, we'll make it easier to use, just one step at a time.

Isolated programs can't install drivers, they don't have enough permissions for this. Drivers require digital signature to be loaded by Windows, so hacking the site, infecting and resigning drivers is possible, but unlikely - too much trouble. Besides quite a few software have and really need drivers. Usually simple exe files are compromised, they have similar access rights when executed from admin (which most users do) and don't have to be signed. But if you really have to deal with a driver, my advice-think twice, do you really need it? Sometimes even legitimate drivers are full of bugs and increase attack surface.

Folders monitoring is not hard, but drivers can be loaded from any folder, so in this context this monitoring will be quite useless.
Hello Fixer thnx for the answer :)I know you did well and every pc is secure with Rehips also usability is much important for now I know that. hope it will be more easy to use in the near future::)
I know isolated programs don't have permission to install drivers I was talking about installing a program from a secure source that you won't isolate the installer, by the way, you mean even trusted drivers from trusted programs make pc Into the trouble so it's better to don't install much software thnx for the info
even if they are signed and most of the time every driver's need to be signed or win don't let them I see.
ok so folder monitoring I useless also im sorry if I ask too much:/ here and also in MT 8) :P

fixer

Yeah, the idea is generally the less software you have installed, the more secure you are.
Don't worry, that's what support is for :)

perisanboy

Quote from: fixer on July 29, 2017, 01:13:56 AM
Yeah, the idea is generally the less software you have installed, the more secure you are.
Don't worry, that's what support is for :)
thnx to being so kind fixer ;D