Author Topic: Best practice to use ReHIPS in Admin account and Standard User Account  (Read 2164 times)

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 602
  • Beta tester
1- install ReHIPS in admin account
2- install initial rules,
3- set learning mode
4- wait until the rules are installed, may take seconds to several minutes.
5- tweak your settings, launch your most used programs,  but dont delete any vendors in the TVL (Trusted Vendor List) in this account.
6- reboot
7- sign in back, to be sure system processes are whitelisted.
8- sign out
9- go SUA
10- on SUA the GUI won't show up, you have have to start REHIPS manually (you may have UAC prompt). create a shortcut will be easier next boot.
11- you will see that ReHIPS reinstall rules, let it do.
12- do step 5 again but this time you can delete unwanted vendors in the TVL.
13- Reboot again
14- sign in SUA, wait some minutes, then quit Learning Mode or keep it if you still need it.
 

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1120
  • Windows 10 latest 64 bit
What umbrapolaris said  8)

Also if you have a question read the other topics in this forum because most have the same questions and if you still haven't figure it out make a new topic so someone can help.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1497
Unwanted vendors may be removed from trusted vendor list right away, both trusted command lines and vendors lists shouldn't be updated on subsequent rules installation. This was the case earlier, but should be fixed now.

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 602
  • Beta tester
Unwanted vendors may be removed from trusted vendor list right away, both trusted command lines and vendors lists shouldn't be updated on subsequent rules installation. This was the case earlier, but should be fixed now.

Good to know ;)

Umbra

  • Active Testers
  • Hero Member
  • *****
  • Posts: 602
  • Beta tester
For step 10; you can create a scheduled task , it will launch the GUI at logon.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 461
  • Win10 x64 latest stable
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #5 on: September 02, 2016, 03:14:47 pm »
until you launch GUI , ReHIps will run in lockdown mode?
will there be system-tray notifications if something is blocked?

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1120
  • Windows 10 latest 64 bit
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #6 on: September 02, 2016, 03:17:23 pm »
until you launch GUI , ReHIps will run in lockdown mode?
will there be system-tray notifications if something is blocked?
No gui=No notification

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1497
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #7 on: September 02, 2016, 03:22:19 pm »
You can see all ReHIPS events in Windows Event Log-Applications and Services Log-ReCrypt, it has all events, including the ones occurred without GUI.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 461
  • Win10 x64 latest stable
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #8 on: September 02, 2016, 05:27:59 pm »
until you launch GUI , ReHIps will run in lockdown mode?
will there be system-tray notifications if something is blocked?
No gui=No notification
but I assume the option in RC3 will still work, for lockdown when GUI is offf

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1497
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #9 on: September 02, 2016, 05:41:29 pm »
Before RC3 lockdown mode can be always enabled or always disabled, doesn't matter if GUI is running or not. In RC3 one more lockdown option was introduced: it's enabled only without GUI (it hasn't started yet or was closed) and disabled otherwise.
And this new option doesn't affect notifications in any way.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 461
  • Win10 x64 latest stable
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #10 on: September 03, 2016, 10:46:12 pm »
if lockdown is enabled, does protection start before logging into user account, or after?

aDVll

  • Active Testers
  • Hero Member
  • *****
  • Posts: 1120
  • Windows 10 latest 64 bit
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #11 on: September 03, 2016, 11:03:49 pm »
if lockdown is enabled, does protection start before logging into user account, or after?
Protection starts when service loads. Services as far as i know start before login but Fixer can confirm for sure.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1497
Re: Best practice to use ReHIPS in Admin account and Standard User Account
« Reply #12 on: September 04, 2016, 12:44:07 pm »
Yup, ReHIPS service starts and becomes active and working before any user is logged in.