Advice Request OSArmor and Exe Radar Pro -- temporary alternative?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
1. COMODO and Kaspersky
2. Sandboxie
3. ReHIPS

1 - hardware-assisted and software-assisted virtualization.
2 - software-assisted virtualization.
3 - not really virtualization like 2 and definitely not 1.

Is this correct? :)
It sounds correct to me. Let's hear what others say.
Practically speaking, the way Sandboxie does it, they often need to issue a new build when Windows updates, or when software updates. With ReHIPS, the updates usually do not cause breakage.
 
  • Like
Reactions: Eddie Morra

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
isolating your browser should not cause any problems, unless it puts you over the 10 isolated process limit on the demo version.

If I was you, I would first run ReHIPS in Standard mode, and get used to it, before enabling expert mode.
Well the firefox were working fine, but i had too many chrome processes opened and it couldnt isolate chrome, wich caused some extensions to cut off. Learning mode seems nice, OSA probably easier to set up for noob like me. And OSA was pretty fast fixed for 1809 too,

Any other alternatives beside OSA, Re:hips
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Well the firefox were working fine, but i had too many chrome processes opened and it couldnt isolate chrome, wich caused some extensions to cut off.
Yes, that happens with Chrome, in the demo version. There's not much you can do about that.
I have a beta license, but even so, I don't always isolate Chrome, because I think Chrome is secure enough, especially when I have ReHIPS monitoring vulnerable processes. So I would say, just un-isolate Chrome, and set it to inspect child processes.

As for other alternatives, why not try SRP? You can set it up default/allow, if you wish, and still block dozens and dozens of vulnerable processes (in SRP they are called "sponsors").
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
If anyone is having issues with these NVT products on Windows 10 1809, and is looking for a temporary alternative, you might want to check out ReHIPS 2.4, free version.
ReHIPS
There are no reported issues on Win 10 1809, and the FREE version -- AKA "demo" version -- will do a lot of the things that OSA and ERP do. (The only limitation of the demo version is how many isolated processes you can run in the same session.)
Hey, guys, I am not implying that ReHIPS is a bona fide replacement for your favorite NVT product, because that would be comparing apples to oranges. I am just saying that you can get much of the same protection, that's all...

Tip: If you use the free version, and you want your multi-process browser (Chrome, Firefox, etc) to work normally, you should set the main executables (the ones that are isolated by default) to these settings:

View attachment 199155

You can further tweak the browser protection, even on the free version, but that is beyond the scope of this post.
If anyone out there is using ReHIPS demo version as an anti-exe, there are a couple rules you might want to tighten up:
Powershell_ISE
Bitsadmin

For both of them, change the rule to "Can Execute Sub-Programs: Alert".

You will find two of each, for every real user. Set them all to "Alert".
But I don''t do this for the rules in SYSTEM. It is recommended not to mess with SYSTEM rules.

If anyone has other suggestions for tightening up the ReHIPS default rules, please post.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top