Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

Mr.X

Quote from: Tarnak on October 01, 2017, 10:35:46 AM
I must be getting slow in my old age  ..."smth" > a new way to spell the word 'something'.  :-\
Getting there too!! lol
Everything's evolving, even language, for bad or good. But it's evolving.

Therapist

Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.

aDVll

Quote from: Therapist on October 27, 2017, 04:18:47 PM
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.

Therapist

Quote from: aDVll on October 27, 2017, 04:25:09 PM
Quote from: Therapist on October 27, 2017, 04:18:47 PM
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.
By going to the blocked tab and select the programs "can be executed" option to allow. Is that how you do it?

aDVll

Quote from: Therapist on October 27, 2017, 04:45:47 PM
Quote from: aDVll on October 27, 2017, 04:25:09 PM
Quote from: Therapist on October 27, 2017, 04:18:47 PM
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.
By going to the blocked tab and select the programs "can be executed" option to allow. Is that how you do it?
Isolated tab but all the rest are correct.


perisanboy

https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy
Can Rehips protect the system against such bypass? I'm not talking about the SANDBOXING ability! I'm talking about the program control and hips in Rehips!

fixer

There is a powershell built-in execution policy. Like allow only scripts signed by a trusted publisher. You can think of it as of some kind of SRP (software restriction policies) extension. And it can be bypassed. That's why we don't rely on SRP and ReHIPS uses its own monitoring.
ReHIPS operates on a higher level than this built-in execution policy. So these bypasses don't affect it.

perisanboy

So it can be bypassed but Rehipss stand here to block it.the protection is there!thanks for the answer.

Ozone

Hi, could you add "Missing/Not found" tab in settings, each time MS store update apps, it will create files with different paths.
It will be easier to search which rules are unnecessary, because I also have rules for some portable apps,
and sometimes I don't have them on HDD, but I want to retain their rules.

thx

fixer

In upcoming ReHIPS 2.3.0 we implemented wildcard support for program paths. It allowed us to make one wildcard for each MS store app. And this rule remains valid and active even when this app is updated and path changes to reflect app version change. So this red old MS store apps issue should be already solved.

fixer

Quote from: Ozone on September 09, 2017, 05:29:26 PM
I am using RAMdisk and I've allowed program to access some folder on it, but each time I reboot that permission is "lost". It is in rules but it doesn't work, I have to recreate it again (delete old and create new).
Added option that reassigns permissions on each reboot. So will be fixed in 2.4.0.

shmu26

Windows error message when opening a Word doc.
This happens in the following situation:
1 I disable RH and launch Word, and leave it running.
2 I re-enable RH
3 I open a Word doc in real user space by double-click

Funny thing is, the doc opens okay, I can edit it and save changes, and Word seems to be running isolated (I see the border). So I don't know if anything is actually broken.

I am running windows 10 x64 RS3 with Windows Defender at max protection settings

shmu26

Another issue this evening:
When Chrome is isolated, I can't log on to a certain web page:
https://appguardllc.slack.com
And I see a blank page when I browse to https://slack.com/get-started
I tried deleting the slack cookies in chrome, but that did not fix it.
I can log on successfully when chrome is not isolated.

EDIT: I deleted chrome cache, and problem solved. Apparently, the issue is not related to ReHIPS

fixer

After some debugging looks like this Windows Defender and isolated Word conflict stems from over-maximized security settings. A setting named something like "Block Office applications from creating executable content" is the culprit. And the blocked action is a shortcut creation to the document being edited in Recent folder. The shortcut being an LNK-file triggers this Windows Defender rule. So it has nothing to do with ReHIPS. Besides it's just a shortcut, so everything works OK.