App Review ReHIPS against Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
erreale

erreale

Level 9
Thread author
Verified
Content Creator
Malware Hunter
Well-known
Oct 22, 2016
409
XhenEd said:
You did run the test with the default settings, except when you chose the "Allow in Isolated Environment". The default selection was "Allow", not "Allow in Isolated Environment". So, going by default all the way meant that you just let the selection be.

That's why the weak link is the user. Running a questionable file to isolation is the best course of action (apart from "Block"), but not all users would select "Allow in Isolated Environment". Most of them would answer "Okay" to the prompt, without selecting other options.
Click to expand...

I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
 
  • Like
Reactions: simmerskool, Rengar, BugCode and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Sometimes a ReHIPS prompt has "block" selected by default, I never quite understood why and when.
I usually don't even notice, because I am so used to seeing "allow" selected. So when I blindly click on okay, I can't figure out why I see a block message popping up...
 
  • Like
Reactions: simmerskool, Rengar, SHvFl and 1 other person
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
erreale said:
I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
Click to expand...
Don't worry, I have literally no problems with the default settings. In fact, I approve the you tested ReHIPS with the default settings. :)

I was only pointing out that the outcome would be different if you followed the "default way" (lack of better term), that is, not selecting "Allow in IE". :)

Yeah, I acknowledge that what you have accomplished is a demonstration of how isolation works in ReHIPS, and not the "default" I was talking about. :D
 
  • Like
Reactions: simmerskool, BugCode, Rengar and 5 others
Davidov

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
Somehow he still ran out an email to the approval of the forum REHIPs hm. So how can I get rehips beta in this case :-(
 
  • Like
Reactions: SHvFl
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,613
SHvFl said:
Yeah, it pretty much stops everything. Make sure to delete the isolated environments from rehips-settings-programs when it's a real system because when you run the malware it might be copied there. Also, don't do copy user data in case it's a file grabber that will steal your files.
Click to expand...

first time watching this vid, I have not installed or used rehips yet, so it was helpful to see its operation. Question, I saw rehips had "standard" protection mode, ok, and then when each ransomware opened, there's a rehips popup and it looked like the default was "allow" but then tester selected allow in protected environment (paraphrase). Any concern with default allow? or is that something the user can automatically globally set so that default is allow in protected environment?
 
  • Like
Reactions: SHvFl

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
407
Video Reviews - Security and Privacy
bazang
bazang
NB InfoTech
    • Like
App Review Trend Micro Maximum Security Antivirus Review | Trend Micro vs Ransomware Test | [TESTED]
Replies
1
Views
736
Video Reviews - Security and Privacy
Bot
Bot
NB InfoTech
    • Like
App Review PC Matic Home Review | PC Matic Home Security Antivirus vs Ransomware | 2024
Replies
4
Views
750
Video Reviews - Security and Privacy
Dave Russo
Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top