Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

perisanboy

#615
learning mode block the everything that  has alert rule!im wrong?

fixer

Open ReHIPS log then and try to find out why it was blocked.
I tested the following, set cmd.exe:
Can Execute Programs: Alert;
Can Be Executed: Allow;
Can Execute Sub-Programs: Alert.
Then enabled Learning Mode and played with cmd.exe a bit. So it became:
Can Execute Programs: Inspect Children; - it was changed to allow execution of other programs
Can Be Executed: Allow; - it remained the same
Can Execute Sub-Programs: Alert. - it remained the same, but some lines were added to the Trusted Command Lines list
And none were blocked. So the fastest way is to take a look at ReHIPS log, it writes there reason for the action. For example
Sub-Program C:\Windows\System32\cmd.exe with PID 3072 and command line cmd /c ""C:\123.bat" " - allowed (mode)
means was allowed because of the Working Mode.

perisanboy

I tried it again no issue you know I guess win 7 sucks!the rules changed like your rules.
should remove this bs.
thnx for reply

perisanboy

suggestion: can you resize the pop-up menu size?its too big should be smaller:D

fixer


Funnelhead

ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?

aDVll

Quote from: Funnelhead on August 06, 2017, 09:27:36 PM
ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?
Post the logs of when it happens and an image of the error page.

fixer

The best idea is to either take a look at logs and find out what was blocked, we'll add it to the default rules as allowed. Or to compare logs from both successful and unsuccessful passes to find the difference.


perisanboy

Quote from: Funnelhead on August 06, 2017, 09:27:36 PM
ReHIPS appears to be blocking the file or service that checks/validates the product ID in Windows 7. In the last 2-3 days I've been getting the 'Genuine Windows' pop-up and a link to validate online.

While running ReHIPS in standard mode, Windows activation shows as "Status Not Available" and Product ID is blank (control panel > system). Once I change ReHIPS to permissive and reload the system page, it correctly shows as active.

Any thoughts?
Hey try to train rehips in learning mode for  1week then set it in expert or standard mode.

Trooper

Hi guys,

First time poster here.  I purchased this product about a month or so ago and ran it at default settings.  I am sure there is a learning curve for the product just like any other security suite.  My main issue was that I noticed a significant downgrade in my PC performance.  So much so, that I had to roll back to my image that was taken before installation.  Would like to give it a go once again now that I have a little more time to mess around.  Any tips for this ReHIPS newbie?

PC is an i5 Intel with 16GB of RAM.  Windows 10 x64 Enterprise with Creators Update.  Thanks!

fixer

Hello, Trooper. And welcome to our forum.
Could you please explain a bit more on the issue? Does it always lag or maybe for example just the first 5 minutes after boot? How does it lag exactly and do all programs seem to lag? What is CPU, RAM, HDD, etc usage? Maybe something eats too much CPU, consumes too much memory or spins HDD or something like this?

Trooper

Hi fixer,

Sorry for the delay in getting back to you.  Thanks for the welcome. I plan to reinstall again to get a better handle on things.  The performance issues I had was just programs even things like Windows Explorer were slow to load.  I have changed my setup since then, and am running W10 x64 Enterprise with CU. I also have Emsisoft Antimalware and Appguard running.  Will it be ok to run ReHIPS with these two things in place?

Thanks!

HJLBX

Quote from: Trooper on August 21, 2017, 02:04:34 AM
Hi fixer,

Sorry for the delay in getting back to you.  Thanks for the welcome. I plan to reinstall again to get a better handle on things.  The performance issues I had was just programs even things like Windows Explorer were slow to load.  I have changed my setup since then, and am running W10 x64 Enterprise with CU. I also have Emsisoft Antimalware and Appguard running.  Will it be ok to run ReHIPS with these two things in place?

Thanks!

There are no known conflicts between AppGuard and ReHIPS.

AppGuard + ReHIPS + EAM => adjust the settings so you do not end up with double alerts from both the HIPS and the behavior blocker.  That configuration is over the top paranoid.

fixer

OK, if you have any problems don't hesitate to contact me directly via PM. I'm always here to help.