Rules Data Base/SYSTEM

Started by shmu26, August 27, 2017, 06:49:05 PM

Previous topic - Next topic

shmu26

When I look in settings, and I go to rules, I see a set of rules for SYSTEM.
What is it? It seems to contain a lot of the same rules that are in each user account.

aDVll

Anything run with System permission and not from a user will need a set of rules that might or might not be different than if a user launches.
System is basically a user account that your system uses to launch certain stuff.

shmu26

Thanks. I was checking the rule for mshta.exe, and it looked to me like the system rule was a little more permissive than the rule for regular user accounts.
Is it important to allow the system more permissions?

aDVll

I don't know why exactly mshta needs subprograms to be in allow but i have a feeling that even if you change it to alert it will not create an issue. It's never used.

fixer

ReHIPS allows to create different set of rules for every real user, including SYSTEM user. So it has basically the same set of programs like any other user (though most of them aren't really used). Don't worry about these rules much as they're mostly for OS use only and Administrator rights are required to start some program from this elevated account (for example to create a service). So the vast majority of programs don't work from this account, just a bunch of OS privileged processes and services.

Tarnak

Hello, I'm back.  :)

I have purchased a licence, yesterday. Still, I am no wiser as to how this software is best used. I have no knowledge as to the best way to set up the rules on my system.

Is there a default mode setting that makes it easy for that has no special knowledge, so 'idiot users' like me will feel safe using ReHIPS?

shmu26

Quote from: Tarnak on September 06, 2017, 06:12:22 AM
Hello, I'm back.  :)

I have purchased a licence, yesterday. Still, I am no wiser as to how this software is best used. I have no knowledge as to the best way to set up the rules on my system.

Is there a default mode setting that makes it easy for that has no special knowledge, so 'idiot users' like me will feel safe using ReHIPS?

If you did a default installation, you already have all the rules you need, unless you have some rare browser or rare email client or something like that.

aDVll

Quote from: Tarnak on September 06, 2017, 06:12:22 AM
Hello, I'm back.  :)

I have purchased a licence, yesterday. Still, I am no wiser as to how this software is best used. I have no knowledge as to the best way to set up the rules on my system.

Is there a default mode setting that makes it easy for that has no special knowledge, so 'idiot users' like me will feel safe using ReHIPS?
Yep if you don't have any pdf,office, browser application not isolated(either on alternate desktop or with the red border) then you are fine and you don't have to do anything. If you do have such application run them isolated when you get an alert and you are done.

Tarnak

#8
Quote from: aDVll on September 06, 2017, 01:16:36 PM
Yep if you don't have any pdf,office, browser application not isolated(either on alternate desktop or with the red border) then you are fine and you don't have to do anything. If you do have such application run them isolated when you get an alert and you are done.



Quote from: aDVll on September 06, 2017, 01:16:36 PM
Quote from: Tarnak on September 06, 2017, 06:12:22 AM
Hello, I'm back.  :)

I have purchased a licence, yesterday. Still, I am no wiser as to how this software is best used. I have no knowledge as to the best way to set up the rules on my system.

Is there a default mode setting that makes it easy for that has no special knowledge, so 'idiot users' like me will feel safe using ReHIPS?
Yep if you don't have any pdf,office, browser application not isolated(either on alternate desktop or with the red border) then you are fine and you don't have to do anything. If you do have such application run them isolated when you get an alert and you are done.

Thank you, both.  :)

I have been getting some popups, and I hope I have done the right thing with them.  I managed to get this screenshot, coming out of hibernation when I started my laptop, earlier this morning. I allowed it, because I knew about Glasswire. I made it to be a permanent rule.

P.S. I couldn't post the attached screenshot from it's normal location.   I had to copy and paste it to my desktop first, then I could get it show up here.  ReHIPS seems to block access to it, i.e. default location for my screenshots.




aDVll

#9
Just add glasswire in trusted vendors if it keeps producing popups.

About your screenshot location i assume you isolated the screenshot application? If yes then you need to change the save location to a place it has access(C:\ReHIPS\Default is for sure allowed).

fixer

Hello, Tarnak. And welcome back. Here is a blogpost with some hints on what programs should be isolated https://forum.rehips.com/index.php?topic=9542.0 There are just a few of them, so don't worry if you allowed some program, most likely it's OK.