Discussion in 'sandboxing & virtualization' started by MrBrian, May 24, 2014.
This one, AG and VS.
Lol, not an easy choice.
all 3 are different products, not comparable:
AG is SRP : based on policy you will set, it will auto-block exe/dlls/installers launched from user-space and prevent process hollowing to some extent (via its memory protection feature) .
VS is an anti-exe + Ai & reputation system: i don't need to explain what it does, i think you know already.
ReHIPS is a sandbox + application control: the application control module acting like an anti-exe with Parent/Child monitoring.
if you don't mind combos , you can do:
- AG + VS
- AG + ReHIPS (my combo) ,
- VS + ReHIPS will have some redundant features unless you are fine with that and are able to tweak them both for better compatibility/usability.
Thanks for your advice. I realize that they are all different. Trying to make a choice as to which would be best for my setup. I don't my combos.
Here comes RulesManager https://rehips.com/RulesManager 2.2.0.zip
What is it? It's an extended and highly customizable RulesPack which was initially meant for domain corporate edition. I know, it doesn't look as nice and cute as main GUI and more like ReHIPS 1.0.0, but we'll take care of appearances later. It also slightly lags in development from main GUI, but it does its job and it's all that matters. As a sneak peek I'll tell you we'll replace RulesPack with this tool in the next major build.
What to do with it? Put default.rdb and RulesManager32/64.exe (according to your OS bitness) in ReHIPS folder. RulesPack and RulesManager are interface-compatible, so ReHIPS will use RulesManager instead of RulesPack if it finds it and it'll use rules database from default file default.rdb.
If you start RulesManager without any parameters, it'll show GUI. There you can open rdb file and settings file (this was meant to edit settings and distribute domain version with customized settings, but you won't need this feature). RDB file is Rules DataBase, you can edit it in any way adding new products, deleting or editing them, saving in separate rdb files, exchanging them, etc.
It shows a tree similar to main GUI. The first level are products, the second one are files. Products (for example, Office) may consist of several files. Product is similar to isolated environment, one product=one isolated environment, may contain several files.
When rules are being installed, files should be found and added to the ReHIPS database. There are 2 ways to find a file: it's a preinstalled file (like explorer.exe), it's found by path assembled from KNOWNFOLDERID https://msdn.microsoft.com/en-us/library/windows/desktop/dd378457(v=vs.85).aspx and hardcoded file path+name; and files that can be installed in random location (any installable software like Firefox), these are found by uninstall information from the registry (DisplayName value), the same name you can see in Control Panel-Uninstall Software, path is taken from InstallLocation registry value and is appended by hardcoded file path+name. Hardcoded paths support wilcards. Don't know if it makes much sense, try to take a look at predefined rules and feel free to ask if you have any questions. And there is one more non-familiar thing: Special Folders. When some software is installed (for example, Office), it may store settings in real user home profile folder or in HKCU registry hive. Being isolated this software won't have access to either of these locations. But we'd like to keep settings, so these settings have to be copied, that's what Special Folders are for, these folders and registry keys are copied from real user profile to ReHIPS user profile. Other than this quite complicated stuff, the rest is pretty much the same as in main GUI, same access rights, permissions, etc.
Enjoy this release. And as usual, don't hesitate to contact me should you have any questions or suggestions.
Best Regards, fixer.
Looks promising. This means it's going to be easier to export/import settings, correct? Worked fine now when I tested it!
Doesn't actually export from settings that you see in rehips gui. You need to maintain the default.rdp file through rule manager.
Yeah. Of course. You edit rules in RulesManager and keep that setting stored. Also makes it easier to import community created rules which are hardened. It's opening up for better things! Looking forward to it!
Yes, RM is your tool to creates rules/IE then when you do a clean install of ReHIPS , just copy-paste your customized rdb file in installation folder and ReHIPS will load your rules/IE.
Are there plans to send the 2.2 version to security professionals for reviews?
We sent emails to some companies like online security magazines, but this process takes some time.
If you have any contacts or suggestions, I'd be grateful and glad to send them too.
Best regards, fixer.
@ReHIPS but dont send it to PC Mag, they have no clues how to use any Application Control or HIPS softwares, they will trash ReHIPS
Agreed. Just look at what they did when they reviewed AppGuard.
PC Mag is a magazine for noobs made by noobs, so don't expect them to understand or promote SRP , anti-exe , HIPS, etc...
Why do you think they highly value BD...
Is anyone else having trouble downloading 2.2? I can't seem to grab the last 100 KB, and I've tried multiple times.
Works for me!
curiouser and curiouser....
Reuploaded for you on a free host. FIle sha-256 hash is
If you use Chrome safe browsing it shows the file as infected and you need to go in downloads and select keep file. Maybe that's why you think you are not downloading the last few KB?
Well this is weird. I cannot download that file either; same issue. I can however download other files just fine, I just tried grabbing a random one from MajorGeeks. I am using Cyberfox. I wonder want the issue is, as it seems to only be that particular file.
Slimjet also cannot download the file, with the reasoning being what you described; Chrome blocking malicious downloads. I wonder if that was what was happening in Cyberfox as well.
Did you try an other browser?
Yes I did; slimjet. I just amended my post at the exact same you posted. Sorry....
Chrome safe thingy keeps blocking rehips download and then allowing it and then blocking it. It's been doing it since release. Just go in downloads and select keep file and you are fine.
Now why cyberfox doesn't work i have no clue. I don't think it has google safe browsing thingy.
Firefox is using google safebrowsing and cyberfox is based on firefox so it should use it too.
You could try edge as it doesn't use google safebrowsing or disable safebrowsing in slimjet.
It should be something like "Protect you and your device from dangerous site" as it's based on chromium.
What does it say, it just stops downloading?
Best Regards, fixer.
Thanks for the hint. That worked!
Separate names with a comma.