[FAQ] Programs wildcards

Started by fixer, October 18, 2017, 07:03:52 PM

Previous topic - Next topic

fixer

As upcoming ReHIPS 2.3.0 release will have programs path wildcards support, let me explain this feature a bit.

What wildcards are supported? Symbols "?" and "*" serve as wildcards and have the same meaning as in the good old DOS times. ? stands for any symbol and * means any sequence of any symbols.
Keep in mind though that wildcards don't include path separators (\ or /). It means wildcarded path C:\MyPrograms\* covers C:\MyPrograms\file1.exe, but doesn't cover C:\MyPrograms\secret\file2.exe. In other words, subfolders aren't included.
From ReHIPS 2.5.0 "**" wildcard is added. It works the same as "*" wildcard, but includes path separators. So wilcarded program C:\MyPrograms\** will cover both C:\MyPrograms\file1.exe and C:\MyPrograms\secret\file2.exe.

What wildcarded programs operations are supported? Pretty much the same as for non-wildcarded programs. You can allow them, block, isolate, set parenting and subprocesses options. The only difference is wildcarded program rule doesn't point to some specific program, so it doesn't have hashes or level of trust and vendor based on digital signature.

Are there any wildcarded rules by default? Yes, there are several. At the time of writing it's C:\Windows\Installer and C:\Windows\SoftwareDistribution\Download\Install folders to cover windows updates as they come with some random names and immersive programs folders as they're sometimes updated and their folder name includes program version meaning their path changes after each update.

What is the priority in rules processing? First exact match is searched. It's used, if found. If not, ReHIPS tries to match wildcards.

From ReHIPS 2.4.0 the same wildcarding is possible for fine-grained children control.

shmu26

Sounds good.
Can you give a typical example of what a user would want to do with wildcards?

fixer

Wildcards are already used in RulesManager for example for rules like
C:\Program Files\WindowsApps\Microsoft.BingSports_*__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
or
C:\Windows\SoftwareDistribution\Download\Install\*
Metro apps may be often updated, it results in change of path, hence the first rule. Updates are downloaded and executed from the folder in second rule, we don't know their names, hence wildcard.