Author Topic: Ask Questions Here - ReHIPS Features & Unexpected Behaviors  (Read 85415 times)

Mr.X

  • Jr. Member
  • **
  • Posts: 77
  • Windows 10 Enterprise 2016 LTSB x64
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #690 on: October 03, 2017, 07:44:58 pm »
I must be getting slow in my old age  ..."smth" > a new way to spell the word 'something'.  :-\
Getting there too!! lol
Everything's evolving, even language, for bad or good. But it's evolving.

Therapist

  • Jr. Member
  • **
  • Posts: 5
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #691 on: October 27, 2017, 04:18:47 pm »
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1115
  • Windows 10 latest 64 bit
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #692 on: October 27, 2017, 04:25:09 pm »
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.

Therapist

  • Jr. Member
  • **
  • Posts: 5
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #693 on: October 27, 2017, 04:45:47 pm »
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.
By going to the blocked tab and select the programs "can be executed" option to allow. Is that how you do it?

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1115
  • Windows 10 latest 64 bit
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #694 on: October 27, 2017, 04:47:02 pm »
Hello, a newbie here. How to prevent ReHIPS automatically creating isolated environment for browsers? I have 3 browsers and I would like if one browser remain Un-isolated.
Easier way is just change the rules to allow and be done. The more advanced way is to edit the rulepack with rule manager.
By going to the blocked tab and select the programs "can be executed" option to allow. Is that how you do it?
Isolated tab but all the rest are correct.

Therapist

  • Jr. Member
  • **
  • Posts: 5
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #695 on: October 27, 2017, 04:51:34 pm »
Isolated tab but all the rest are correct.
Thanks!

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #696 on: November 05, 2017, 03:04:39 pm »
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy
Can Rehips protect the system against such bypass? I'm not talking about the SANDBOXING ability! I'm talking about the program control and hips in Rehips!

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1369
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #697 on: November 05, 2017, 03:38:23 pm »
There is a powershell built-in execution policy. Like allow only scripts signed by a trusted publisher. You can think of it as of some kind of SRP (software restriction policies) extension. And it can be bypassed. That's why we don't rely on SRP and ReHIPS uses its own monitoring.
ReHIPS operates on a higher level than this built-in execution policy. So these bypasses don't affect it.

perisanboy

  • Jr. Member
  • **
  • Posts: 72
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #698 on: November 05, 2017, 04:14:26 pm »
So it can be bypassed but Rehipss stand here to block it.the protection is there!thanks for the answer.

Ozone

  • Jr. Member
  • **
  • Posts: 80
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #699 on: December 27, 2017, 03:50:49 pm »
Hi, could you add "Missing/Not found" tab in settings, each time MS store update apps, it will create files with different paths.
It will be easier to search which rules are unnecessary, because I also have rules for some portable apps,
and sometimes I don't have them on HDD, but I want to retain their rules.

thx

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1369
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #700 on: December 27, 2017, 06:31:29 pm »
In upcoming ReHIPS 2.3.0 we implemented wildcard support for program paths. It allowed us to make one wildcard for each MS store app. And this rule remains valid and active even when this app is updated and path changes to reflect app version change. So this red old MS store apps issue should be already solved.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1369
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #701 on: February 22, 2018, 08:48:21 pm »
I am using RAMdisk and I've allowed program to access some folder on it, but each time I reboot that permission is "lost". It is in rules but it doesn't work, I have to recreate it again (delete old and create new).
Added option that reassigns permissions on each reboot. So will be fixed in 2.4.0.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 424
  • Win10 x64 latest stable
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #702 on: March 10, 2018, 09:02:23 pm »
Windows error message when opening a Word doc.
This happens in the following situation:
1 I disable RH and launch Word, and leave it running.
2 I re-enable RH
3 I open a Word doc in real user space by double-click

Funny thing is, the doc opens okay, I can edit it and save changes, and Word seems to be running isolated (I see the border). So I don't know if anything is actually broken.

I am running windows 10 x64 RS3 with Windows Defender at max protection settings
« Last Edit: March 10, 2018, 09:04:40 pm by shmu26 »

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 424
  • Win10 x64 latest stable
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #703 on: March 11, 2018, 12:07:01 am »
Another issue this evening:
When Chrome is isolated, I can't log on to a certain web page:
https://appguardllc.slack.com
And I see a blank page when I browse to https://slack.com/get-started
I tried deleting the slack cookies in chrome, but that did not fix it.
I can log on successfully when chrome is not isolated.

EDIT: I deleted chrome cache, and problem solved. Apparently, the issue is not related to ReHIPS
« Last Edit: March 11, 2018, 12:25:32 am by shmu26 »

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1369
Re: Ask Questions Here - ReHIPS Features & Unexpected Behaviors
« Reply #704 on: March 12, 2018, 11:00:30 pm »
After some debugging looks like this Windows Defender and isolated Word conflict stems from over-maximized security settings. A setting named something like "Block Office applications from creating executable content" is the culprit. And the blocked action is a shortcut creation to the document being edited in Recent folder. The shortcut being an LNK-file triggers this Windows Defender rule. So it has nothing to do with ReHIPS. Besides it's just a shortcut, so everything works OK.