ReHIPS

Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.

  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,683
    This one, AG and VS.
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,992
    Location:
    Europe then Asia
    Lol, not an easy choice.

    all 3 are different products, not comparable:

    AG is SRP : based on policy you will set, it will auto-block exe/dlls/installers launched from user-space and prevent process hollowing to some extent (via its memory protection feature) .
    VS is an anti-exe + Ai & reputation system: i don't need to explain what it does, i think you know already.
    ReHIPS is a sandbox + application control: the application control module acting like an anti-exe with Parent/Child monitoring.

    if you don't mind combos , you can do:

    - AG + VS
    - AG + ReHIPS (my combo) ,
    - VS + ReHIPS will have some redundant features unless you are fine with that and are able to tweak them both for better compatibility/usability.
     
  3. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    3,683
    Thanks for your advice. I realize that they are all different. Trying to make a choice as to which would be best for my setup. I don't my combos. :)
     
  4. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    24
    Location:
    Europe
    Hello everybody.

    Here comes RulesManager https://rehips.com/RulesManager 2.2.0.zip

    What is it? It's an extended and highly customizable RulesPack which was initially meant for domain corporate edition. I know, it doesn't look as nice and cute as main GUI and more like ReHIPS 1.0.0, but we'll take care of appearances later. It also slightly lags in development from main GUI, but it does its job and it's all that matters. As a sneak peek I'll tell you we'll replace RulesPack with this tool in the next major build.

    What to do with it? Put default.rdb and RulesManager32/64.exe (according to your OS bitness) in ReHIPS folder. RulesPack and RulesManager are interface-compatible, so ReHIPS will use RulesManager instead of RulesPack if it finds it and it'll use rules database from default file default.rdb.

    If you start RulesManager without any parameters, it'll show GUI. There you can open rdb file and settings file (this was meant to edit settings and distribute domain version with customized settings, but you won't need this feature). RDB file is Rules DataBase, you can edit it in any way adding new products, deleting or editing them, saving in separate rdb files, exchanging them, etc.

    It shows a tree similar to main GUI. The first level are products, the second one are files. Products (for example, Office) may consist of several files. Product is similar to isolated environment, one product=one isolated environment, may contain several files.

    When rules are being installed, files should be found and added to the ReHIPS database. There are 2 ways to find a file: it's a preinstalled file (like explorer.exe), it's found by path assembled from KNOWNFOLDERID https://msdn.microsoft.com/en-us/library/windows/desktop/dd378457(v=vs.85).aspx and hardcoded file path+name; and files that can be installed in random location (any installable software like Firefox), these are found by uninstall information from the registry (DisplayName value), the same name you can see in Control Panel-Uninstall Software, path is taken from InstallLocation registry value and is appended by hardcoded file path+name. Hardcoded paths support wilcards. Don't know if it makes much sense, try to take a look at predefined rules and feel free to ask if you have any questions. And there is one more non-familiar thing: Special Folders. When some software is installed (for example, Office), it may store settings in real user home profile folder or in HKCU registry hive. Being isolated this software won't have access to either of these locations. But we'd like to keep settings, so these settings have to be copied, that's what Special Folders are for, these folders and registry keys are copied from real user profile to ReHIPS user profile. Other than this quite complicated stuff, the rest is pretty much the same as in main GUI, same access rights, permissions, etc.

    Enjoy this release. And as usual, don't hesitate to contact me should you have any questions or suggestions.

    Best Regards, fixer.
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Looks promising. This means it's going to be easier to export/import settings, correct? Worked fine now when I tested it!
     
  6. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    815
    Doesn't actually export from settings that you see in rehips gui. You need to maintain the default.rdp file through rule manager.
     
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Yeah. Of course. You edit rules in RulesManager and keep that setting stored. Also makes it easier to import community created rules which are hardened. It's opening up for better things! Looking forward to it!
     
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,992
    Location:
    Europe then Asia
    Yes, RM is your tool to creates rules/IE then when you do a clean install of ReHIPS , just copy-paste your customized rdb file in installation folder and ReHIPS will load your rules/IE.
     
  9. PrinceYann

    PrinceYann Registered Member

    Joined:
    Nov 29, 2015
    Posts:
    23
    Are there plans to send the 2.2 version to security professionals for reviews?
     
  10. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    24
    Location:
    Europe
    We sent emails to some companies like online security magazines, but this process takes some time.
    If you have any contacts or suggestions, I'd be grateful and glad to send them too.
    Best regards, fixer.
     
    Last edited: Jun 19, 2017
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,992
    Location:
    Europe then Asia
    @ReHIPS but dont send it to PC Mag, they have no clues how to use any Application Control or HIPS softwares, they will trash ReHIPS
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Agreed. Just look at what they did when they reviewed AppGuard. :thumbd:
     
  13. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,992
    Location:
    Europe then Asia
    PC Mag is a magazine for noobs made by noobs, so don't expect them to understand or promote SRP , anti-exe , HIPS, etc...

    Why do you think they highly value BD...
     
  14. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,453
    Location:
    Location Unknown
    Is anyone else having trouble downloading 2.2? I can't seem to grab the last 100 KB, and I've tried multiple times.
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Works for me!
     
  16. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,453
    Location:
    Location Unknown
    curiouser and curiouser....
     
  17. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    815
    Reuploaded for you on a free host. FIle sha-256 hash is
    Code:
    F8D5B015E3CA3E5F59A44F8154CCFE4359965C24FE51671C0797C71C5538577F
    If you use Chrome safe browsing it shows the file as infected and you need to go in downloads and select keep file. Maybe that's why you think you are not downloading the last few KB?

    http://www109.zippyshare.com/v/GJRT8oQH/file.html
     
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,453
    Location:
    Location Unknown
    Well this is weird. I cannot download that file either; same issue. I can however download other files just fine, I just tried grabbing a random one from MajorGeeks. I am using Cyberfox. I wonder want the issue is, as it seems to only be that particular file.

    Slimjet also cannot download the file, with the reasoning being what you described; Chrome blocking malicious downloads. I wonder if that was what was happening in Cyberfox as well.
     
    Last edited: Jun 19, 2017
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,487
    Location:
    Sweden
    Did you try an other browser?
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,453
    Location:
    Location Unknown
    Yes I did; slimjet. I just amended my post at the exact same you posted. Sorry....
     
  21. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    815
    Chrome safe thingy keeps blocking rehips download and then allowing it and then blocking it. It's been doing it since release. Just go in downloads and select keep file and you are fine.

    Now why cyberfox doesn't work i have no clue. I don't think it has google safe browsing thingy.
     
    Last edited: Jun 19, 2017
  22. oZone

    oZone Registered Member

    Joined:
    Jan 18, 2017
    Posts:
    26
    Location:
    Earth
    Firefox is using google safebrowsing and cyberfox is based on firefox so it should use it too.

    You could try edge as it doesn't use google safebrowsing or disable safebrowsing in slimjet.
    It should be something like "Protect you and your device from dangerous site" as it's based on chromium.
     
  23. ReHIPS

    ReHIPS Developer

    Joined:
    Aug 29, 2014
    Posts:
    24
    Location:
    Europe
    What does it say, it just stops downloading?
    Best Regards, fixer.
     
  24. SHvFl

    SHvFl Registered Member

    Joined:
    May 7, 2015
    Posts:
    815
  25. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,453
    Location:
    Location Unknown
    Thanks for the hint. That worked!