Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

HJLBX

I was trying to accomplish:

1.  Download movie
2.  Open movie with WMP
3.  Have WMP open and play a movie in a separate ReHIPSUser (not same ReHIPSUser as browser)

Playing movie in same IE as browser is reasonably safe I suppose.

HJLBX

After deleting USER & SYSTEM groups, I noticed that non-existant\obsolete file paths are no longer highlighted to indicate file is not on system at that file path.

See attached images.  I typed Red in images, but I meant Pink\Red.

Am I missing something ?

HJLBX

Maybe someone can point out what I am doing wrong in trying to execute CCleaner isolated from flash drive (D:\).

See attached flash video.

Select demo.html.

aDVll

Quote from: HJLBX on April 17, 2016, 12:58:05 PM
Maybe someone can point out what I am doing wrong in trying to execute CCleaner isolated from flash drive (D:\).

See attached flash video.

Select demo.html.
Pretty weird. I tried it and it works for me. See anything different? Even changed protection to expert mode.
Ignore the missing username.



fixer

Quote from: HJLBX on April 17, 2016, 03:20:20 AM
1.  Download movie
2.  Open movie with WMP
3.  Have WMP open and play a movie in a separate ReHIPSUser (not same ReHIPSUser as browser)

Playing movie in same IE as browser is reasonably safe I suppose.
I've just tried to do it on a default stock Windows 7.
1. Open Internet Explorer, it opens in isolated environment. Download a movie for example in C:\ReHIPS\Browser.
2. By default WMP is allowed in RulesPack, set it to isolated.
3. As the movie resides in Browser ReHIPS subfolder, allow newly isolated WMP access to it by either allowing read access to C:\ReHIPS\Browser with files and subfolders inheritance in Permissions tab, or setting Open file access option to WMP isolated environment to Read.
4. Try to open it from real user explorer. WMP is set to be isolated, access to movie file is granted. It works.

Quote from: HJLBX on April 17, 2016, 12:39:25 PM
After deleting USER & SYSTEM groups, I noticed that non-existant\obsolete file paths are no longer highlighted to indicate file is not on system at that file path.
ReHIPS is designed as a thin client architecture with GUI being a thin client and Service doing all the work. Program tree is cached in GUI to relieve communications channel from excessive load requesting it every time. So GUI doesn't know if these files exist at the moment or not, it operates basing on information from Service. Thus if program tree is completely updated, GUI will know about changes in file presence and will mark them with pink/red. So it's some kind of feature. But we'll see what we can do, maybe update it after timeout, maybe add a manual update button.

Quote from: HJLBX on April 17, 2016, 12:58:05 PM
Maybe someone can point out what I am doing wrong in trying to execute CCleaner isolated from flash drive (D:\).
What is the type of filesystem on that media (FAT, NTFS, etc)? You may also need Unsecured FS Media access right set.

HJLBX


fixer

FAT32 file system doesn't support permissions, so any program (including isolated) can access any file/folder with any access. To mitigate this issue Unsecured FS checkbox was added, you need to set it to allow access to unsecured filesystems.

HJLBX

Quote from: fixer on April 17, 2016, 01:45:58 PM
FAT32 file system doesn't support permissions, so any program (including isolated) can access any file/folder with any access. To mitigate this issue Unsecured FS checkbox was added, you need to set it to allow access to unsecured filesystems.

Unsecured FS fixes it.

HJLBX

As far as WMP, I'm talking about using the browser cache instead of saving the movie file to C:\ReHIPS\Browser.

It's OK.  I just allow WMP to run inside the same IE as the browser.  Should be reasonably safe.

If I could get WMP to auto-launch inside a separate IE, but use the browser cached movie data - I would do it, but I don't think it is possible.

fixer

Ah, you mean watching a movie from browser cache and not from already downloaded file.
There are two possible solutions: to allow browser start processes without inspection (so it'll start WMP in browser's current isolated environment) or to add WMP to the same isolated environment. Both of them actually result in WMP running in the same isolated environment on the same isolated desktop as the browser. They won't be protected from each other, but I agree with you, it's reasonably safe.
There may be another solution, use separate isolated environments, set browser's Can be parent option to Allow with children inspection and allow WMP access to the browser's isolated environment (to the cache folder) from Permissions tab. I haven't tried it (maybe it'll need access to something more than just cache folder and files, maybe they communicate through some COM and it won't work at all because of isolation) and personally I'm not in favor of allowing one isolated environment access to another one, but you can try it if you want.

HJLBX

Quote from: fixer on April 17, 2016, 01:22:06 PM
Quote from: HJLBX on April 17, 2016, 12:39:25 PM
After deleting USER & SYSTEM groups, I noticed that non-existant\obsolete file paths are no longer highlighted to indicate file is not on system at that file path.
ReHIPS is designed as a thin client architecture with GUI being a thin client and Service doing all the work. Program tree is cached in GUI to relieve communications channel from excessive load requesting it every time. So GUI doesn't know if these files exist at the moment or not, it operates basing on information from Service. Thus if program tree is completely updated, GUI will know about changes in file presence and will mark them with pink/red. So it's some kind of feature. But we'll see what we can do, maybe update it after timeout, maybe add a manual update button.

This behavior was unexpected.  It still doesn't seem quite right because I rebooted system several times - so GUI should have been updated and non-existant files should have been marked.

Prior to removing USER & SYSTEM groups, GUI would update after closing\re-opening.  Since removing these groups, it did not.

Only after installing another program on system, did ReHIPS GUI mark all appropriate files red\pink.

* * * * *

I will have to test it again by deleting USER & SYSTEM - start over again.

fixer

The sure way to force GUI update the list is to restart the GUI, you don't have to reboot. If after restart it still doesn't show absent program files with pink/red, it's strange, code is quite straightforward.

HJLBX

I uninstall USER & SYSTEM rules groups.

After a period of time - sometimes a few hours while other times a day or so - it appears ReHIPS re-installs all the rules from the RulesPack.

I have consciously stayed away from the GUI so as not to inadvertently hit the "Install Rules" button.

I have tried this several times with the same result.

Is this expected behavior ?

Is it a feature of ReHIPS ?

aDVll

Quote from: HJLBX on April 19, 2016, 10:21:10 AM
I uninstall USER & SYSTEM rules groups.

After a period of time - sometimes a few hours while other times a day or so - it appears ReHIPS re-installs all the rules from the RulesPack.

I have consciously stayed away from the GUI so as not to inadvertently hit the "Install Rules" button.

I have tried this several times with the same result.

Is this expected behavior ?

Is it a feature of ReHIPS ?
Fixer said this in some other topic. So maybe you installed/uninstalled a program?
QuoteRules are also installed when Windows registry changes are detected in uninstall programs or by user request from the main ReHIPS GUI window.
https://forum.re-crypt.com/index.php?topic=2032.msg3221#msg3221

HJLBX

Quote from: aDVll on April 19, 2016, 10:29:09 AM
Quote from: HJLBX on April 19, 2016, 10:21:10 AM
I uninstall USER & SYSTEM rules groups.

After a period of time - sometimes a few hours while other times a day or so - it appears ReHIPS re-installs all the rules from the RulesPack.

I have consciously stayed away from the GUI so as not to inadvertently hit the "Install Rules" button.

I have tried this several times with the same result.

Is this expected behavior ?

Is it a feature of ReHIPS ?
Fixer said this in some other topic. So maybe you installed/uninstalled a program?
QuoteRules are also installed when Windows registry changes are detected in uninstall programs or by user request from the main ReHIPS GUI window.
https://forum.re-crypt.com/index.php?topic=2032.msg3221#msg3221

No.  I didn't change anything on system.  No installs\uninstalls - just delete USER & SYSTEM - then sit back and observe.