Ask Questions Here - ReHIPS Features & Unexpected Behaviors

Started by HJLBX, April 11, 2016, 01:56:50 AM

Previous topic - Next topic

aDVll

Ok try this. The program should be digitally signed by alps electric co. ltd so add that in trusted vendors and set the protection mode to Standard.
Btw i assume you use version 2.1.0 because you said isolation mode. Am i correct?
A good idea is to also go in Settings- Programs- click on your windows name or system and type Apntex.exe. You should have a rule for it and tell me the settings.

About the other programs you need to add hipsagnt64.exe, hipsgui64.exe, hipsservice64.exe to power applications of appguard. Also if i am right about using 2.1.0 it's not compatible with HMP.A and it was fixed on version 2.2.0.
About the rest of your programs i have no clue but someone might be able to give you some info. In general when beta testing too much programs is not such a good idea.

Umbra

#106
Quote from: XhenEd on May 22, 2016, 07:00:13 PM
These are: ZAM Premium, HMP.A, AppGuard, ESS 9, and CryptoPrevent. You can also count Rollback RX 10 Professional. :D
Of course, I did the standard exclusion of ReHIPS.

Quote from: aDVll on May 22, 2016, 07:28:45 PM
About the other programs you need to add hipsagnt64.exe, hipsgui64.exe, hipsservice64.exe to power applications of appguard. Also if i am right about using 2.1.0 it's not compatible with HMP.A and it was fixed on version 2.2.0.
About the rest of your programs i have no clue but someone might be able to give you some info. In general when beta testing too much programs is not such a good idea.

- ZAM : shouldn't give issues, it is ust a scanner
- HMPA : latest versions are indeed incompatible with v2.1.0
- Appguard : i used to put all ReHIPS processes in Power apps
- ESS & cryptoprevent: no idea
-  RX : no issue

Honestly Xhen, you have way too many security apps. ReHIPS + Appguard + HMPA will block almost everything, the rest are not necessary.

To do proper beta-testing , you must reduce redundant apps , since ReHIPS is a mix of HIPS & Sandbox , using other HIPS or sandboxes at same time may cause incompatibilities, and make the solving of issues more difficult.


XhenEd

Thanks, umbra and aDVll!

I actually have 2.2.0. When I said "isolation mode" it was actually said generally. I didn't know that it could refer to 2.1.0. :D
Good advice, umbra! I installed it on my production machine to see and eventually report any apparent issues with other software. I guess this was not a good idea. Anyway, I have a VM. I will test ReHIPS later on that.

HJLBX

If you are going to use the real user profile to launch exploitable apps, then I would use AppGuard and\or HMP.A.

Using the real user profile to execute any unknown\untrusted programs is just plain asking for trouble.

A lot of security soft protections will not work in ReHIPSUser profile -- because those softs do not support multiple active user profiles; their protections will work for C:\Users\User but not C:\Users\ReHIPSUser.  A case in point is AppGuard.  Guarded Apps work for the real user, but all ReHIPS isolated apps are launched Un-Guarded.

All I can say is that it depends upon how you use the real user profile (desktop).

That being said, if you use ReHIPS as recommended, then you really have no need to use anything else.  For best real user profile protection, I recommend AppGuard.

The AppGuard + ReHIPS combo = software restriction policy + non-hook HIPS, command line monitoring, program containment with restricted file system and registry access, and network access control (for isolated apps).

If you keep all exploitable, network facing apps isolated from each other -- it is as good security as you can get without making your security config a whole lot less user-unfriendly.

* * * * *

I really tried to mess with the real user file system and registry from inside an isolated environment, but could not succeed.

I am confident in ReHIPS' ability to protect system.  A few recommended improvements - like earlier GUI startup and auto-delete ReHIPSUser - will make it even better.

fixer

XhenEd
If your issue still persists, I think it's better to create a new topic to solve it. And several questions regarding this issue.
1. Try to disable ReHIPS. Does it persist?
2. If 1 is no, but it persists if you turn ReHIPS back on, my guess it's about some processes being blocked/executed in isolation, I'll need log.
3. If 1 is yes, try to disable ReHIPS service by typing "net stop ReHIPSSrvc" in cmd. (type "net stop ReHIPSService" to turn it back on later) [and yes, services names are a bit different, it's not a typo] Does it persist?

XhenEd

Hello again!

This is just a guess, but I think the reason why my laptop's own mouse wouldn't work was because I interrupted (closed) the initial installation of ReHIPS' own rules. I closed the cmd.exe because it already took around a minute while seemingly doing nothing.

In my VM, however, I decided to not interrupt it. As expected, it took longer to finish. But, it finished! I just had to wait. Nevertheless now, mouse gestures work at least in my VM. But of course, it might be because of security software installed. But at least mouse gestures now work! :D

So just a humble suggestion, maybe you can put a sentence reminding users to not close the initial installation of rules. In this way, users like me wouldn't close the cmd.exe.

Also, to clarify, my issue about mouse gestures (which is now gone, yay!) was when Pale Moon was inside ReHIPS' isolated environment. Mouse gestures always worked when Pale Moon wasn't inside that. :)

Umbra

on my machine, initial rules installing took 4-5mn

aDVll

Quote from: XhenEd on May 26, 2016, 04:44:55 PM
This is just a guess, but I think the reason why my laptop's own mouse wouldn't work was because I interrupted (closed) the initial installation of ReHIPS' own rules. I closed the cmd.exe because it already took around a minute while seemingly doing nothing.

It's a confirmed bug. Sometimes it takes seconds and sometimes it takes minutes. Devs will fix it given time.

fixer

Quote from: XhenEd on May 26, 2016, 04:44:55 PM
So just a humble suggestion, maybe you can put a sentence reminding users to not close the initial installation of rules. In this way, users like me wouldn't close the cmd.exe.
Thanks for your suggestion, we'll think how to do it.
But I don't think this is the culprit as rules are reinstalled if they weren't installed successfully at the first time.
If gestures don't work in isolated environments, it'd be better to create a new topic to find out the root of the problem. My best guess is they're not supported on isolated desktops. Do they work in isolated program that is executed on the main desktop?
And to be sure: you have notebook with touchpad and gestures are provided by some standard preinstalled application bundled with notebook?

SparknLight

Hello,

In the Settings->Programs window, the "Rest to Defaults" still grey, so never tested in my side.
A reset/default button, for each Program and their "Objects Permissions" and "Privileges" could be useful.

aDVll

Quote from: SparknLight on May 27, 2016, 08:28:00 PM
Hello,

In the Settings->Programs window, the "Rest to Defaults" still grey, so never tested in my side.
A reset/default button, for each Program and their "Objects Permissions" and "Privileges" could be useful.
Reset to default work only on the rest of the tabs but not programs. Good suggestion about the extra buttons. I am sure devs will consider it.

fixer

Other settings are quite easy to reset to default, there are just a bunch of checkboxes with some default values. But Programs, they aren't this easy. So Reset to Defaults button is always disabled for this tab for now. But we have some plans for it, so we didn't remove this button. Resetting to defaults for isolated environment access rights and permissions, it's an interesting idea, we'll think about it.

fixer

Quote from: XhenEd on May 26, 2016, 04:44:55 PM
maybe you can put a sentence reminding users to not close the initial installation of rules. In this way, users like me wouldn't close the cmd.exe.
Added some output on lengthy operations to indicate that it's not hang, but working.

Mr.X

Speaking of initial rules, can the be tweaked according user choice after initial installation of them?

aDVll

Quote from: Mr.X on June 09, 2016, 04:27:57 PM
Speaking of initial rules, can the be tweaked according user choice after initial installation of them?
If you mean if you can change the initial rules then yes. If a rule is present the rule pack will not affect them. They will stay as you set them up.