Author Topic: Standard user account -- not a "trusted user"  (Read 1483 times)

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 438
  • Win10 x64 latest stable
Standard user account -- not a "trusted user"
« on: November 28, 2017, 05:04:01 pm »
It seems that ReHIPS will create rules for a user account like described in subject line, but GUI does not have automatic startup.
So does that mean it will function like "permissive" mode, allowing any process that does not have a rule?

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Standard user account -- not a "trusted user"
« Reply #1 on: November 28, 2017, 05:46:59 pm »
ReHIPS installs rules for all users, including standard user accounts.

But ReHIPS Control Center automatic startup (and not just startup, any Control Center-specific setting actually, like Advanced Mode, Language, etc.) are user-dependent. And by default startup isn't enabled.

Without Control Center running ReHIPS operations depend on Lock-Down Mode. If it's enabled, for processes existing in database it acts accordingly, blocks otherwise (you can read about it here https://forum.rehips.com/index.php?topic=9539.0). If it's disabled, ReHIPS allows processes (you can ready about it here https://forum.rehips.com/index.php?topic=9609).

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 438
  • Win10 x64 latest stable
Re: Standard user account -- not a "trusted user"
« Reply #2 on: November 28, 2017, 10:40:49 pm »
So if lockdown is not enabled, could we say that it is comparable to permissive mode?
And does it make a difference if the admin account is still signed in, when I switch to standard account?

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Standard user account -- not a "trusted user"
« Reply #3 on: November 29, 2017, 02:06:25 am »
Not quite permissive. You see, when Permissive Mode is enabled, programs existing in database are processed according to their rules and new ones are allowed. But in no Lock-Down Mode+no Control Center every program is allowed. So it's more like ReHIPS is disabled.

ReHIPS program filtering is not based on who is logged in, so it doesn't matter if Admin is logged in or not. The only things that matter are: is Lock-Down Mode enabled and is ReHIPS Control Center running (and yeah, it doesn't matter, under which user it's running). If both are false, no filtering is performed as we can't block because Lock-Down Mode isn't enabled and we can't alert as no GUI is running, we don't want to hang the system blocking some system process, so allow=ReHIPS is basically disabled.

shmu26

  • Active Testers
  • Sr. Member
  • *****
  • Posts: 438
  • Win10 x64 latest stable
Re: Standard user account -- not a "trusted user"
« Reply #4 on: November 29, 2017, 08:50:04 am »
Thanks. Just trying to sort things out.
So as far as I am concerned, since I do not have lockdown enabled, the main factor will be whether control center is running in the admin account or not.
If yes, the SUA will be monitored, but the alerts will appear on the desktop of the admin account, not of the SUA account.
If no, then ReHIPS is sleeping.
I think I got it now. Please correct me if necessary.

fixer

  • Administrator
  • Hero Member
  • *****
  • Posts: 1395
Re: Standard user account -- not a "trusted user"
« Reply #5 on: November 29, 2017, 12:16:07 pm »
Yup, you're right.
But if you want you can always add SUA to trusted users and have ReHIPS Control Center running in it. And you can enable autostart for it if you want.