App Review ReHIPS against Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

erreale

Level 9
Thread author
Verified
Content Creator
Malware Hunter
Well-known
Oct 22, 2016
409
You did run the test with the default settings, except when you chose the "Allow in Isolated Environment". The default selection was "Allow", not "Allow in Isolated Environment". So, going by default all the way meant that you just let the selection be.

That's why the weak link is the user. Running a questionable file to isolation is the best course of action (apart from "Block"), but not all users would select "Allow in Isolated Environment". Most of them would answer "Okay" to the prompt, without selecting other options.

I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Sometimes a ReHIPS prompt has "block" selected by default, I never quite understood why and when.
I usually don't even notice, because I am so used to seeing "allow" selected. So when I blindly click on okay, I can't figure out why I see a block message popping up...
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
Don't worry, I have literally no problems with the default settings. In fact, I approve the you tested ReHIPS with the default settings. :)

I was only pointing out that the outcome would be different if you followed the "default way" (lack of better term), that is, not selecting "Allow in IE". :)

Yeah, I acknowledge that what you have accomplished is a demonstration of how isolation works in ReHIPS, and not the "default" I was talking about. :D
 

Davidov

Level 10
Verified
Well-known
Sep 9, 2012
470
Somehow he still ran out an email to the approval of the forum REHIPs hm. So how can I get rehips beta in this case :-(
 
  • Like
Reactions: SHvFl

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Yeah, it pretty much stops everything. Make sure to delete the isolated environments from rehips-settings-programs when it's a real system because when you run the malware it might be copied there. Also, don't do copy user data in case it's a file grabber that will steal your files.

first time watching this vid, I have not installed or used rehips yet, so it was helpful to see its operation. Question, I saw rehips had "standard" protection mode, ok, and then when each ransomware opened, there's a rehips popup and it looked like the default was "allow" but then tester selected allow in protected environment (paraphrase). Any concern with default allow? or is that something the user can automatically globally set so that default is allow in protected environment?
 
  • Like
Reactions: SHvFl

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top