ReHIPS - An HIPS/Sandbox without kernel Hooks - (quick test included)

Discussion in 'Other Security for Windows' started by Umbra, May 25, 2014.

  1. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #1 Umbra, May 25, 2014
    Last edited: Jul 18, 2017
    source


    changelogs



    ReHIPS 1.1.0 Beta was released.
    Changelog:
    - Architecture was refactored and changed to multithreaded
    - Separate desktops support was added to make system more secure
    - Many small fixes and improvements
    Demo-version restrictions were added:
    - Limit for the restricted processes is 10
     
  2. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,155
    4,921
    Null Island
    Windows 10
    Default-Deny
    Umbra, can you provide some more details? Have you tested ReHIPS? Does it works good on x64?
    Looks promising and maybe we have already an DefenseWall-like app for x64 :)
     
    Yash Khan and Terry Ganzi like this.
  3. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    not yet i am setting up the VM lol ;)

    will keep you informed

    i hope it will do as good as Defensewall ;)
     
    Yash Khan, Terry Ganzi and pablozi like this.
  4. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,155
    4,921
    Null Island
    Windows 10
    Default-Deny
    Waiting to see it in action. Go Umbra! Go! ;)
     
    Yash Khan and Terry Ganzi like this.
  5. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    some screenshots from my test

    [​IMG]

    [​IMG]

    blocking Process hacker

    [​IMG]

    i allowed PH to run restricted, ReHiPS widget appears an i can select the newly created desktop (it signifies that PH is sandboxed )

    [​IMG]
     
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    very very promising !
     
  7. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,155
    4,921
    Null Island
    Windows 10
    Default-Deny
    How about system resorces consumption in idle and while running restricted apps?
     
  8. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    lol ! hyper-light (screen took while PH restricted !)

    [​IMG]
     
  9. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    another test with Cclaner:

    the trashbin is full

    [​IMG]

    i restrict CCleaner and then ran a cleaning

    [​IMG]

    the trashbin content was not deleted, Ccleaner really restricted.
     
  10. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,155
    4,921
    Null Island
    Windows 10
    Default-Deny
    Damn son! That's pretty light software :D
     
  11. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    did a test above your post
     
    Yash Khan and Terry Ganzi like this.
  12. Overkill

    Overkill Level 30
    Trusted

    Feb 15, 2012
    2,106
    1,997
    USA
    Windows 7
    Default-Deny
    Will you be testing this against malware?
     
    Yash Khan, Moose and Terry Ganzi like this.
  13. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    will do right now with the same Malware that lock my system while in Sandboxie default setting
     
    Yash Khan, Terry Ganzi and Overkill like this.
  14. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #14 Umbra, May 25, 2014
    Last edited: May 25, 2014
    can't run any malware at all lol , the popup show off but the malware doesn't even started.

    [​IMG]

    it said it failed to restrict but at same time the malware didn't run; not sure if i was protected or it was a bug :D
     
  15. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    by the way, when ReHIPS is installed it disables Windows Defender, this is weird
     
    ispx, Yash Khan and Terry Ganzi like this.
  16. tailHey

    tailHey Level 6

    May 19, 2014
    258
    707
    I.T, Cinema, Video Games
    France
    Windows 10
    ESET
    Hello everyone!
    Interesting, I'll watch this thread, it could be just great :)
     
    Yash Khan and Terry Ganzi like this.
  17. Moose

    Moose Level 22

    Jun 14, 2011
    2,275
    1,185
    "by the way, when ReHIPS is installed it disables Windows Defender, this is weird"

    Any idea of why? Keep us updated? ;)
    Very interesting, software!
     
    Yash Khan and Terry Ganzi like this.
  18. King Mellow

    King Mellow Level 25

    Jun 21, 2013
    1,426
    8,285
    Nurse
    Manila, Philippines
    Windows 10
    Emsisoft
    Very interesting indeed..
     
    Yash Khan and Terry Ganzi like this.
  19. Malware1

    Malware1 New Member

    Sep 28, 2011
    6,481
    27,952
    Malware1
    I see KMSpico :D

    KMSPICO.png
     
    Yash Khan, souhrid, Umbra and 3 others like this.
  20. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,163
    29,656
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    nobody is perfect :D

    i am innocent !!!!! it is for research :p
     
    ispx, Yash Khan, Malware1 and 5 others like this.
Loading...
Similar Threads Forum Date
Poll Is it worth it to sandbox Firefox with ReHIPS? General Security Discussions Nov 28, 2017
Q&A ReHIPS Isolation: Run Chrome in sandbox? Other Security for Windows Jul 21, 2016
Need Help Build Security around ReHIPS 2.3 on a System? Apps - Questions & Help Dec 29, 2017