App Review ReHIPS against Ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
XhenEd said:
You did run the test with the default settings, except when you chose the "Allow in Isolated Environment". The default selection was "Allow", not "Allow in Isolated Environment". So, going by default all the way meant that you just let the selection be.

That's why the weak link is the user. Running a questionable file to isolation is the best course of action (apart from "Block"), but not all users would select "Allow in Isolated Environment". Most of them would answer "Okay" to the prompt, without selecting other options.
Click to expand...

I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
 
  • Like
Reactions: simmerskool, Rengar, BugCode and 3 others
Sometimes a ReHIPS prompt has "block" selected by default, I never quite understood why and when.
I usually don't even notice, because I am so used to seeing "allow" selected. So when I blindly click on okay, I can't figure out why I see a block message popping up...
 
  • Like
Reactions: simmerskool, Rengar, SHvFl and 1 other person
erreale said:
I left the default settings because I think it would not make sense to test this software after the user customized them. Most users would not make changes to this software as it wouldn't make changes on their anti-virus or others. Having said that I used "Allow in Isolated Environment" to see if ReHIPS was able to hold ransom as Petya or Serpent, but I might try to run the test again with the same set of malware by clicking allow and only see warnings of HIPS.
Click to expand...
Don't worry, I have literally no problems with the default settings. In fact, I approve the you tested ReHIPS with the default settings. :)

I was only pointing out that the outcome would be different if you followed the "default way" (lack of better term), that is, not selecting "Allow in IE". :)

Yeah, I acknowledge that what you have accomplished is a demonstration of how isolation works in ReHIPS, and not the "default" I was talking about. :D
 
  • Like
Reactions: simmerskool, BugCode, Rengar and 5 others
Somehow he still ran out an email to the approval of the forum REHIPs hm. So how can I get rehips beta in this case :-(
 
  • Like
Reactions: SHvFl
SHvFl said:
Yeah, it pretty much stops everything. Make sure to delete the isolated environments from rehips-settings-programs when it's a real system because when you run the malware it might be copied there. Also, don't do copy user data in case it's a file grabber that will steal your files.
Click to expand...

first time watching this vid, I have not installed or used rehips yet, so it was helpful to see its operation. Question, I saw rehips had "standard" protection mode, ok, and then when each ransomware opened, there's a rehips popup and it looked like the default was "allow" but then tester selected allow in protected environment (paraphrase). Any concern with default allow? or is that something the user can automatically globally set so that default is allow in protected environment?
 
  • Like
Reactions: SHvFl

You may also like...