Remarks and suggestions from ReHIPS 2.1.0 beta-testers

Started by schelkunov, November 25, 2015, 12:40:37 PM

Previous topic - Next topic

schelkunov

Dear friends!

In this topic we try to group all the remarks and suggestions from ReHIPS 2.1.0 beta-testers.

  • Training mode
    When Training mode is turned on, ReHIPS studies the system and allows all installed applications without any restrictions. These applications remain allowed when Training mode is off.
  • Simplify virtual desktops
    Minimize usage of Virtual desktops. Hint a user in some way how to work with virtual desktops when they appear. Take a user directly to the appropriate virtual desktop when an isolated application starts.
  • Expand initial database

    • Expand a set of applications in the initial database
    • Reduce the number of default isolated applications in the initial database
    • Expand a set of trusted vendors
    Expanding of the initial database will simplify usage of ReHIPS.
  • Working with files from the isolated applications is too complex. Simplify it
    Files of the isolated applications are saved directly into their isolated environments. Simplify a navigation through them.
  • Simplify a navigation in the Programs tab
    Separate blocked and allowed applications
  • Interactive log
    Make Log tab interactive to simplify working with ReHIPS in Expert mode

If you feel something is missing don't hesitate to write about it in this topic

Best Regards

HJLBX

Just some things to consider...

1.  Create as many pre-configured rules to increase security, but also allow good usability (optimal for novice user).

2.  Create strong rules (or "Alert Mode") for vulnerable processes (can only be enabled in Expert Mode):

• cmd.exe (batch scripts)

• cscript.exe (VBS, VBE, ...)

• wscript.exe (VBS, VBE, ...)

• mshta.exe (HTML applications)

• regsvr32.dll (DLLs)

• mmc.exe (Management Console Plugins)

• regedit.exe (Registry scripts)

• regedt32.exe (Registry scripts)

• rundll32.exe (DLLs)

• rundll.exe (DLLs)

• powershell.exe (PowerShell scripts, currently incomplete due to the many ways PowerShell can be used for scripting)

• msiexec.exe (MSI installers)

• java.exe (JAVA applications)

• javaw.exe (JAVA applications)

• vssadmin.exe (Volume Shadow Copy)

NET Framework (below)

• csc.exe

• vbc.exe

• jsc.exe

• InstallUtil.exe

• IEExec.exe

• DFsvc.exe

• dfshim.dll

• PresentationHost.exe

3.  Ability for user to white-list legitimate\safe command-lines.


Umbra

#2
i agree with Hjlbx's post above.

the two modes must be very different, one easy to run with many preset rules but limited setting options (easy to run for beginners), the other very tweakable for advanced users.