64 bit systems and HIPS

Xtwillight said:
question to Rehips:
when stay a stable version to disposal?
also available in German language?
Click to expand...
Release date is not yet disclosed. Follow the Rehips topic in this forum and when they do someone will post it.
About multi language i asked and will post on the Rehips topic when they reply.

EDIT:Also asked about process hollowing and process injection even though i am sure it can't be done because isolated application don't have access to other processes but i asked so we can have an official confirmation. Even asked about not isolated applications.
 
Last edited:
  • Like
Reactions: askmark, Solarquest, DardiM and 1 other person
@Umbra @hjlbx Since you opened great and informative conversation then I really need to clear this if you could answer me brothers please...

I have a PC with Windows 10 x64 system. I don't have any Virtual Desktop and I am not testing, analyzing any malwares on my system.
I just use my PC for browsing, emailing, chatting, as every normal user do but my Computer Security knowledge is Advanced ;) so I don't care of browsing Phishing, Malware, Adware, ... sites even downloading malwares since I have Ublock Origin with different filters applied.

Now I need to fully protect my Windows 10 x64 system with a full HIPS software, Will ReHIPS do that for me? or I need another HIPS sotware beside it like ESET, SpyShelter, Comodo?

Thank you very much brothers ;)
 
Last edited:
  • Like
Reactions: DardiM
Umbra said:
But where do you get weaponized dll injections? from apps you got from "unknown/suspicious" sources. so if you don't run those apps first isolated , that is your fault.
Click to expand...
so that is the advantage of ReHIPS over default/deny. You can still run it, even if you don't trust it. just run it isolated.
 
  • Like
Reactions: DardiM, Deleted member 178 and SHvFl
shmu26 said:
so that is the advantage of ReHIPS over default/deny. You can still run it, even if you don't trust it. just run it isolated.
Click to expand...
Exactly. Anything you don't trust or think that it can be exploited should be run isolated.
 
  • Like
Reactions: _CyberGhosT_ and DardiM
Umbra said:
it does bro, in the virtual desktop ; Fixer said it.
Click to expand...

If I interpreted what he said, the code injection, process hollow, memory scraping, etc isn't blocked - but any "damage" is limited to the isolated environment.

Think about it... TorrentLocker allowed to run - will perform hollow process (the HIPS does not block) - but the encryption of the files is limited to the isolated environment.

The HIPS itself doesn't block code injection, dll injection, process hollow, memory scraping, etc; what is blocked is file and registry system access. I think that is what he meant.
 
  • Like
Reactions: _CyberGhosT_ and Wave
hjlbx said:
If I interpreted what he said, the code injection, process hollow, memory scraping, etc isn't blocked - but any "damage" is limited to the isolated environment.

Think about it... TorrentLocker allowed to run - will perform hollow process (the HIPS does not block) - but the encryption of the files is limited to the isolated environment.

The HIPS itself doesn't block code injection, dll injection, process hollow, memory scraping, etc; what is blocked is file and registry system access. I think that is what he meant.
Click to expand...


so maybe it is the reason why it doesn't bock those vectors directly, because they will run in an IE.
 
  • Like
Reactions: _CyberGhosT_, shukla44, DardiM and 1 other person
hjlbx said:
Some vendor HIPS are behind in their capabilities on 64-bit systems - for just a single example Datpol (SpyShelter).
Click to expand...
I made a feature request to spyshelter, for process hollowing protection.
they responded: "Can you show me example of this "process hollow" ?"

does anyone have an example for them?
 
  • Like
Reactions: Solarquest, SHvFl and DardiM
shmu26 said:
I made a feature request to spyshelter, for process hollowing protection.
they responded: "Can you show me example of this "process hollow" ?"

does anyone have an example for them?
Click to expand...

they just making fun of you...they knows exactly what it is, and how it works and how to replicate one... if not, i feel sorry for their customers...
 
  • Like
Reactions: _CyberGhosT_, Wave, shmu26 and 2 others
Umbra said:
they just making fun of you...they knows exactly what it is, and how it works and how to replicate one... if not, i feel sorry for their customers...
Click to expand...
and I did not post the uncomplimentary remarks that came along with their rude request...
 
  • Like
Reactions: SHvFl
shmu26 said:
and I did not post the uncomplimentary remarks that came along with their rude request...
Click to expand...
Why do you care and want to show them info. If they are not capable to run a simple test on their own why would you try their software even when they are rude. Move on and ignore them. Some companies have 0 understanding on how much good customer support would benefit them.
 
  • Like
Reactions: _CyberGhosT_, Wave, Solarquest and 1 other person
SHvFl said:
Why do you care and want to show them info. If they are not capable to run a simple test on their own why would you try their software even when they are rude. Move on and ignore them. Some companies have 0 understanding on how much good customer support would benefit them.
Click to expand...
I never gave them a penny in my life. I just grab giveaways...
 
  • Like
Reactions: shukla44, SHvFl and ZeroDay
You must log in or register to reply here.

You may also like...