HitmanPro.ALERT Support and Discussion Thread

deleted, no longer relevant to thread.

 

I use both HitmanPro 3.7.9.238 x64 (so called Kickstart) and HitmanPro.Alert 3.0.30.172 and as such am wondering what is, if any, the difference between HitmanPro's scan (default or quick) and HitmanPro.Alert's Scan computer jobs. Not a fundamental question but still, on my mind. Thanks.

 

HitmanPro.Alert uses HPM to scan, I'm guessing the default.

 

W7-x64, HP238, HPA172, IE11, Firefox 36.0.4

ROP alert during update/install of Skype 7.2

 

This has been addressed in next build. Expect new build today. Thanks for reporting

 

What about the situation where HitmanPro is not installed? I know HMP.Alert downloads HMP (if not installed of course) to scan when an alert has occurred (and the user decides to check), but when no alert and a simple scan, same? Maybe, then, OK.

 

HMP.A can't run a scan without HMP. Without HMP there is no scanner in HMP.A.

 

W7-x64, hp238, hpa172, Firefox 36.0.4, IE11
Uninstalling FireFox 36.0.4 generates Lockdown Alert



EDIT:
I did some additional install/uninstall testing with Firefox 36.0.4 and Firefox Nightly 39.0a and noticed that the Lockdown alert during uninstall only occurs when I use my uninstall program 'Soft Organizer 3.51'. Using W7->Control Program-> uninstall a program... does NOT trigger the Lockdown alert.
So the alert seems to be related with Soft Organizer 3.51.
This program can only be started with hpa b143 thru b172 active if 'Control Flow Integrity (ROP)' mitigation is UNchecked!
I have reported this ROP issue before in a previous post.

 

Under which profile is Firefox listed?

 

https://www.wilderssecurity.com/attachments/hpa172_uninstall-ff-36-0-4-jpg.247410

Up till uninstallation Firefox 36.0.4 was listed in hpa172 onder the 'Browser' profile.

 

I am in my HMPA snapshot, and I have been trying to update MBAM v1.75 to v2.0.4.1028 for more than 30 minutes, but it seems to be stuck in a loop with regserver cutting in and out.

I can only surmise HPMA is getting in the way, somehow....Looks Like I may have to cancel the MBAM upgrade, then uninstall HMPA and retry upgrading MBAM, without HMPA running.

EDIT: for incorrect word...with changed to without

 

Still running, but time to cancel... However, it came through...it was close, because I was just about to abort.

Spoiler: screenshots

 

Don't know about Firefox 36.0.4 but I had no issue when removing Firefox 36.0.3 prior to installing 36.0.4 (I always install Firefox "clean").
Exact same config here : W7-x64 [Premium], hp238, hpa172, Firefox 36.0.4, IE11

 

Thank you for your post.
I did some additional install/uninstall testing with Firefox 36.0.4 and Firefox Nightly 39.0a and noticed that the Lockdown alert during uninstall only occurs when I use my uninstall program 'Soft Organizer 3.51'.
Using W7->Control Program-> uninstall a program... does NOT trigger the Lockdown alert.
So the alert seems to be related with Soft Organizer 3.51. This program can only be started with hpa b143 thru b172 active if ROP mitigation is unchecked.
I will update my original post with this latest info.

 

The new build thanks slightly more time than anticipated. New build will be out next week instead.

 

OK, and thanks for this precision. Also, I'm happy it turns out this way because I would have been annoyed to be obliged to either avoid a clean FF install either to shut down HMP.Alert on every FF update.

 

Thank you for your reply.
The program Soft Organizer 3.51 is listed in hpa172 with the profile 'Other' in which two options are now UNchecked for proper functioning.
1. Control Flow Integrity, to avoid a ROP at startup,
2. Application Lockdown, to avoid a Lockdown alert during uninstall of a program (e.g. Firefox, FF-Nightly,...)

 

Software Organizer 3.51 is being advertised as "Soft Organizer (the new name of Full Uninstall) allows you to completely uninstall programs from your system. It features a vast array of options that leads to a full, no-traces-left uninstallation of any application in the system."
Source: http://download.cnet.com/Soft-Organizer/3000-2096_4-75450873.html

I can't really come up with a realistic scenario in which an attacker would be able to exploit a vulnerability in this program. Did you add Software Organizer to HMP.Alert manually?

 

I inadvertanly used the key you sent on my sisters machine, thinking the RC wasn't unique, and now I can't use it on my production one...can you issue...another key?

 

Thank you for your reply.
I am a licensed user of the application Soft Organizer 3.51 for over a year. I use the program regulary.
For testing purposes I manually added 3 applications to hpa, starting with build 143.
Personally I find it very hard to think of way's attackers could exploit vulnerabilities in application SW.
So if the technical advice is NOT to add this (these) kind of applications to hpa than it is understood and for me totally acceptable .

 

Using: W7-x64, with a licensed copy of HP240 and RC3 HPA172

Question out of technical curiosity:
Are there functional reasons to run a licensed copy of 'MBAE Premium' next to a licensed copy of HP/HPA3, or is it just a matter of choice for ONE of the two?
Or are there perhaps functional reasons for NOT running MBAE and HP/HPA next to each other?

 

Not as far as I can see...as you would effectively be duplicating protection (although in my opinion HMP.A covers more than MBAE)/

 

Thank you for your reply.

 

What about MBAE's Layer3 (Application Behavior) does HMP.A cover something similar as well?