Unable to run programs isolated from some virtual drives

Started by Mr.X, May 16, 2017, 08:21:52 PM

Previous topic - Next topic

Mr.X

Here's another bug for you.
Thankfully it isn't a security risk for ReHIPS though it is still a usability issue.
ReHIPS DOES catch and prompt for programs ran from an ImDisk RAMDisk but it is NOT ABLE to actually run them 'ISOLATED' from such a drive.
The same also happens for VMWare disks that get mounted on the host.

Windows 7 x64 VM [Note: Highly tweaked]
ReHIPS [Note: Fresh install]
IMDisk or VMWare 12 with attached/mounted disks
Gimagex (ImageX GUI) [Note: I removed the digital signature to make it more suspicious]

I've included a Problems Step recording and Procmon log to aid you in recreating or investigating this though I can say it has to do with ReHIPS current reliance on the Base Filtering Engine.

Ozone

I too have some problem with Imdisk, but did you try to add access to removable media in ReHIPS

Mr.X

No but I just re-tested with that option enabled in both IMDisk and ReHIPS but there was no change on my end. I'll have to re-test the VMWare disk at some point I guess.

Umbra

Quote from: Mr.X on May 16, 2017, 08:21:52 PM
ReHIPS DOES catch and prompt for programs ran from an ImDisk RAMDisk but it is NOT ABLE to actually run them 'ISOLATED' from such a drive.
so the prompt doesn't offer the "run in isolated environment" option?

fixer

There were already some issues with ImDisk here https://forum.rehips.com/index.php?topic=2032.msg15853#msg15853 They're already fixed. If it's the same issue, it's fixed. If it's something different, I'll take a closer look a bit later.

Mr.X

Quote from: Umbra on May 17, 2017, 05:56:27 AM
Quote from: Mr.X on May 16, 2017, 08:21:52 PM
ReHIPS DOES catch and prompt for programs ran from an ImDisk RAMDisk but it is NOT ABLE to actually run them 'ISOLATED' from such a drive.
so the prompt doesn't offer the "run in isolated environment" option?
It offers the option and attempts to launch said app but can not actually initialize it as isolated from either of those virtual drives while they are mounted.

fixer

I checked it, it's the same issue. So should already be fixed.