Main Menu

Help Please

Started by AMD1, March 06, 2018, 11:16:37 AM

Previous topic - Next topic

AMD1

Hi,

I am a new user of ReHIPS. I have installed the program and the rules.

The issue I am having is that the default isolation for Chrome does not allow RoboForm to work.

Do I need to add/change the  RoboForm processes to isolation also and if so how ?

A couple of other questions:

if I download something via Chrome in isolation, how to I get it out out to the real PC environment ?

How do you delete the contents of the Sandbox on exit( I dont mean delete the Sandbox itself)

Any assistance would be gratefully received.

Thanks

Andy


fixer

Hello, Andy. Welcome to our forum and thank you for your interest in our product.

I've just tried RoboForm and here is what I found. It installs as add-on into Chrome. Isolated Chrome sees that add-on. When this add-on is interacted with, it starts rf-chrome-nm-host.exe (process is executed using cmd.exe, this may show some ReHIPS alerts, just allow). This rf-chrome-nm-host.exe is a proxy to another process, robotaskbaricon.exe. And this robotaskbaricon.exe does all the heavy-lifting. Because Chrome is isolated, rf-chrome-nm-host.exe can't reach already running non-isolated robotaskbaricon.exe and tries to start its own new robotaskbaricon.exe. But new robotaskbaricon.exe checks if it's already running (and it is, the non-isolated one) and exists, which leads to error, like "Can not start RoboForm". To fix this you can exit running non-isolated robotaskbaricon.exe. This way rf-chrome-nm-host.exe will successfully start its own isolated copy of robotaskbaricon.exe.

From now on you have working and running RoboForm. But as it's running in isolation it can't access any locally saved information like login. You have 2 ways to solve it.
1. Enable Copy User Data setting for Chrome isolated environment. This way all accessed files will be automatically copied to the isolated environment. Just don't forget to disable it later.
2. Type in your login manually. This will probably require Set Hooks desktop access right in Chrome isolated environment.

And that's about it, use and enjoy.

The best way to save downloaded files in isolated browser is to make it save them into C:\ReHIPS\Browser folder. This is discussed in this blogpost https://forum.rehips.com/index.php?topic=9487.0 But if you need to reach already downloaded files, most likely they're in isolated user profile folder. You can see isolated user name in isolated environment options, it's ReHIPSUserX. And its profile folder is C:\Users\ReHIPSUserX.

Right now there is no autodelete on exit option for isolated environments. But you can always delete the isolated environment and reinstall rules thus recreating it.

AMD1

Many thanks Fixer this has helped me a great deal.

With regard to deleting contents of the isolated environment, can you simply delete the contents of C:\ReHIPS\Browser folder or C:\Users\ReHIPSUserX ?

shmu26

delete rules for chrome, and the isolated environment will be automatically deleted (unless you changed that setting)
Then reinstall rules for chrome, and IE will be automatically recreated.
But you will probably have to sign in again to your Chrome user profile, if you have one.

fixer

Isolated environments are based on separate ReHIPS users. ReHIPS users like any other Windows user have their own profile folders in C:\Users folder. So basically yes, isolated environments physically reside mostly in respective C:\Users\ReHIPSUserX folders. But it's descouraged to operate these folders manually and directly. If you want to delete some isolated environment, it's recommended to delete it via ReHIPS Control Center. This way it'll be deleted the appropriate way without any traces left (including C:\Users\ReHIPSUserX folder). And if you want that isolated environment back, you can Reinstall Rules.

But C:\ReHIPS subfolders aren't part of isolated environments, these are separate entities made for usability purposes to exchange files with isolated environments. So if you want you can manually delete them. Though I don't see any point in this as they're usually empty.

AMD1

Quote from: fixer on March 06, 2018, 03:17:44 PM
Hello, Andy. Welcome to our forum and thank you for your interest in our product.

I've just tried RoboForm and here is what I found. It installs as add-on into Chrome. Isolated Chrome sees that add-on. When this add-on is interacted with, it starts rf-chrome-nm-host.exe (process is executed using cmd.exe, this may show some ReHIPS alerts, just allow). This rf-chrome-nm-host.exe is a proxy to another process, robotaskbaricon.exe. And this robotaskbaricon.exe does all the heavy-lifting. Because Chrome is isolated, rf-chrome-nm-host.exe can't reach already running non-isolated robotaskbaricon.exe and tries to start its own new robotaskbaricon.exe. But new robotaskbaricon.exe checks if it's already running (and it is, the non-isolated one) and exists, which leads to error, like "Can not start RoboForm". To fix this you can exit running non-isolated robotaskbaricon.exe. This way rf-chrome-nm-host.exe will successfully start its own isolated cop
From now on you have working and running RoboForm. But as it's running in isolation it can't access any locally saved information like login. You have 2 ways to solve it.
1. Enable Copy User Data setting for Chrome isolated environment. This way all accessed files will be automatically copied to the isolated environment. Just don't forget to disable it later.
2. Type in your login manually. This will probably require Set Hooks desktop access right in Chrome isolated environment.

And that's about it, use and enjoy.

The best way to save downloaded files in isolated browser is to make it save them into C:\ReHIPS\Browser folder. This is discussed in this blogpost https://forum.rehips.com/index.php?topic=9487.0 But if you need to reach already downloaded files, most likely they're in isolated user profile folder. You can see isolated user name in isolated environment options, it's ReHIPSUserX. And its profile folder is C:\Users\ReHIPSUserX.

Right now there is no autodelete on exit option for isolated environments. But you can always delete the isolated environment and reinstall rules thus recreating it.
Hi,

I have had a go and I have ended up with this in my isolated browser processes by adding them as they flashed up to an existing isolated environment. Does this look right as I can only get this to work once and then I have to repeat it all again ?




fixer

From security point of view it looks OK as you have Chrome isolated and it's the main target to be protected.
From usability point of view it depends, if it works. If it works, then yeah, it's OK. If not, then we'll have to fix something :)

I saw your post on wilders forum, so I suspect something isn't working. But I'm not yet sure what exactly. Could you please describe it in detail, so I could reproduce it? As I tried to add some safenotes, restarted Chrome and safenotes seem to be OK and successfully saved.

AMD1

Hi Fixer,

When I start Chrome in IE that's fine and always has been. When I click on the RoboForm Icon (top right of browser) I am asked if i want to run rf-chrome-nm-host.exe so i select "always" and in IE. I am then taken to another window which ask me if i want to use an existing IE or a new one. At this point i select existing and Chrome. I do also get flagged with adding child processes of something to do with RoboForm and i select always and allow. One I have done this, i can use RoboForm from the browser to log in. I cannot however seem to save a change i made to safenotes back to the real system despite having copy user data checked.

NB Not sure what you are testing your end but I use RoboForm EveryWhere (not the desktop version)

I really want to try and get this resolved as i think it will work better for me than the other sandboxing software i have used.

Thanks

Andy

fixer

Let me clarify to make sure I understand correctly. You have Chrome and hence RoboForm isolated. In this isolated RoboForm you make some changes like add a new safenote. But you don't see that new added safenote on the real non-isolated system. Am I correct?

Roughly speaking, when an application is running in isolation, it can't write to non-isolated part of the system. So the changes isolated RoboForm makes remain in the isolated environment. This way if you start RoboForm in isolation again, it'll see all the changes. But if you have it running non-isolated, it'll see its old non-isolated settings (like everything that was in isolation never happened). Copy User Data is for transferring data INTO isolated environment only. It's described in this blogpost https://forum.rehips.com/index.php?topic=9560.0
But looks like RoboForm also utilizes some kind of online cloud storage. So you can synchronize with the cloud to keep your isolated and non-isolated settings in sync.

AMD1

#9
Quote from: fixer on March 07, 2018, 11:00:20 AM
Let me clarify to make sure I understand correctly. You have Chrome and hence RoboForm isolated. In this isolated RoboForm you make some changes like add a new safenote. But you don't see that new added safenote on the real non-isolated system. Am I correct? Yes. I have had RoboForm working within the IE but then when I close and re-open the browser, I have to re-activate/setup RoboForm in the IE

Roughly speaking, when an application is running in isolation, it can't write to non-isolated part of the system. So the changes isolated RoboForm makes remain in the isolated environment. This way if you start RoboForm in isolation again, it'll see all the changes. But if you have it running non-isolated, it'll see its old non-isolated settings (like everything that was in isolation never happened). Copy User Data is for transferring data INTO isolated environment only. It's described in this blogpost https://forum.rehips.com/index.php?topic=9560.0
But looks like RoboForm also utilizes some kind of online cloud storage. So you can synchronize with the cloud to keep your isolated and non-isolated settings in sync. Yes it has a sync function from PC to the cloud Noted and as I see it, changes within the IE to RoboForm data saves the amended/added data within the IE only and not saved to the real PC

I think it JUST needs a bit of tinkering to always have RoboForm working within the IE everytime I run Chrome in the IE

fixer

I took a look into RoboForm settings (and Google). Looks like you can change location for RoboForm data https://help.roboform.com/hc/en-us/articles/115001746311-How-do-I-change-the-data-folder-in-V8- You can change it to something like C:\ReHIPS\Browser\RoboForm and this way all RoboForm settings should be global to all isolated and non-isolated browsers.