Separate names with a comma.
Discussion in 'Other Security for Windows' started by Umbra, May 25, 2014.
ReHips: could be the reincarnation of GesWall, pitty
When does ReHIPS decide to show the special command line prompt, and when does it simply inspect children? Is it mode-dependent?
Actually, there is another thing I don't understand, maybe it is related: what is the difference between "children" processes and "sub" processes? (My terminology might not be exact)
Yes, Expert Mode show all kind of stuff, almost an HIPS.
same thing , different names; like Process Hollowing is also Dynamic Forking
It shows special commands when the sub program option is set to alert. Children is what you normally understand, it's something that is going to get spawned by the parent. Sub programs is when a program tries to execute with command line parameters hence the alerts we talked earlier for command lines when you have it on alert.
So for example I have a program that executes cmd.exe when it launches. Is that called child or sub?
It will be sub program because cmd will launch with some parameters to execute something. For example my vpn applications calls cmd to clear dns and i get this command line "cmd.exe" /c ipconfig /flushdns.
Cool. That is exactly what I wanted to know.
Hello everybody and Merry Christmas.
We proudly present to you release of ReHIPS 2.3.0 DOWNLOAD As usual there are lots of changes.
We'd like to express our sincerest and deepest gratitude to beta-testers and other guys (and gals?), who tested, reported problems, endured remote debugging sessions, gave suggestions and really helped a lot to fix issues and shape ReHIPS as it is now. Thank you all very much, we really appreciate it.
Enjoy this release. And as usual, don't hesitate to contact me should you have any questions or suggestions.
P.S. You may want to read this blogpost entry https://forum.rehips.com/index.php?topic=9742.0 , if you've been using RulesManager and updating from an older version.
BTW, forgot to add changelog. Here it is.
-wildcards are ready;
-all top level windows are now mirrored on all desktops;
-added custom taskbar on isolated desktops;
-added restricted token, which allows to use main desktop without danger of DLL injection with allowed hooks;
-user SID is shown in isolated environment;
-made rules in RulesManager disablebale;
-fixed process isolation with UAC and UIAccess;
-separate isolated desktops can be globally disabled;
-hashes were changed to more informative entities;
-fixed Windows bug with non-shown icon (default icon) for RulesManager (see blogpost about this bug here https://forum.rehips.com/index.php?topic=9496.0);
-agent injects DLL asynchronously now, it removes queue and waiting time;
-desktops widget could be closed with UAC disabled, fixed;
-clients close socket immediately, speeds up socket server part shutdown;
-all the data is read before socket shutdown, fixed error with incorrect server connection code;
-blocked access to several new Windows 10 locations;
-Open File Access feature security improved;
-Copy User Data feature security improved;
-custom recycle bin added not to loose files involved in Open File Access;
-RulesManager registry now supports wildcards * and ?;
-Copy User Data metadata is now available not to copy the same data several times;
-string comparison is locale-independent now;
-some isolated processes were missing from the list;
-some rare deadlock was possible during processes processing;
-DLL may not be injected after Service restart;
-fixed Windows bug with printing and devices list (see blogpost about this bug here https://forum.rehips.com/index.php?topic=9713.0);
-DLL may not be injected into some processes due to race condition;
-rules could be installed for a user with wrong SID;
-carriage return wasn't correctly covered by wildcard in trusted command lines;
-improved installed software detection;
-rare deadlock due to race condition on shutdown was fixed;
-added several programs and trusted command lines/vendors to RulesManager;
-added Spanish translation (thanks to Mr.X);
-real user whose rule was enforced is now output;
-isolated windows border and color make their comeback to the settings;
-moved help file to CHM;
-Lock-Down Mode can be changed from tray menu;
-ReHIPS folder can be opened from tray menu;
-isolated processes list update on GUI startup was missing;
-some other small fixes and improvements (confirmation prompt to remove several programs from database, HWID is automatically passed on Buy, etc.).
Thanks fixer, great release!
Thanks and Merry Christmas.