HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Works! Thanks, looking forward to the next update. Very happy with my BlackFriday deal from way back in 2014 haha ;)
     
  2. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    HMPA blocked this week's TV recording again -- and that, even though I already have the "webcam" protection disabled.

    This show runs only once a week. I have no idea if or when they'll run it again. :ouch:

    There really needs to be a way to create exceptions in HMPA for specific programs/processes.

    If there is a way, please let me know. The whole point of a DVR (Windows Media Center) is so that you don't have to babysit the recording.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Sorry to hear. While Alert 3 is in RC state this should not have happened.
    Can you send me the alert you got during the recording? Should be in the Event Log.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    @erikloman ,

    I'm wondering if the Other template is the best option for Google Earth, or does it matter?

    Thanks.
     
  5. 142395

    142395 Guest

    Thanks as always!
    Tho I thought I have read that FireEye article before, great to know info leak don't necessarily require 2 vuln.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Most templates are the same. Except Java and Other. TemplateOther has Keystroke Encryption.
     
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I agree that we need manual exclusions - why aren't there available?
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Hi Erik,

    Getting a lot of Application has stopped working pop-ups from Windows with emet.dll as fault module, with build 155(not sure if it started with 155 or earlier). Most of the time it's Firefox when closing it.
    Alerts exploit migitations aren't conflicting with EMET because they're turned off since Alert is in expired trial status.

    (Win7x64 with WSA 8.0.7.28, EMET 5.1, MBAM Pro 2.0.4, HMPalert3 b155)

    Details:
     
  9. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    Been running 3.0.30 build 155 for days now and all is good, smoooooth. :thumb:
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    EMET 5.0 is buggy as hell. EMET 5.1 should a lot work better. Which one are you using?
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    5.1
     
  12. guest

    guest Guest

    EMET 5.1 is still not great. With EAF+ enabled it causes a quite significant slowdown and disabling EAF+ is basically the same as running EMET 4.1.
    HMPA and MBAE are much better choices :)
     
  13. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    I just got a alert from HMPA but I don't recall what it said, where can I check the log? it shows there's 1 alert but I cant find how to look it up.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    See Windows Event Log.
     
  15. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    Well I looked but really wasn't sure what I was looking for so I guess im not to worried about it, but does it really need to be that difficult to find compared to other programs?
     
  16. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    I found an Event ID 600 Task (9) for HMP.A at the right time and regarding the right process, ehrecvr.exe. I think I figured out how to save the log for that event to its own file and am sending it via PM.

    Thanks! Let me know if you need something else.
     
  17. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Anyone else notice HMP always detects ASK on scan? I noticed on totally clean machines, every few days when I run HMP it finds ASK in the Chrome AppData folder. I can guarantee there isn't Ask on any of the machines. It's never been installed, and HMP seems to point to no particular thing. If I was paranoid I would say Chrome itself was putting it in every few days. MBAM, Norton, JRT, ADWCleaner, nothing else detects it, then I run HMP, and it finds it.

    I assume it's an FP?
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Last edited: Feb 28, 2015
  19. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Same products now.. Bundled. Unless there is an extension using an ASK API, then it's a false positive. I will investigate further.
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That was before they were integrated, by the way. Now they are basically one product for all intents and purposes. So really, given HMPAlert HAS the HMP scanner built in we can argue semantics all day long.
     

    Attached Files:

  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I'm not going to argue with you about it but I will say that HMP.A 3 has had the scan with HMP option since the early betas, but anyway, I personally don't mind where or what you post.

    Enjoy your weekend. :)
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I will argue. Mayahana, please post pro questions in that thread.

    Pete, wearing mod cap
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I second that! I think most prior versions of EMET are buggy as hell also. IMO EMET 5.1 is by far the best build of EMET so far.
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Everything from Ask we consider a PUP due to their opt-out bundling. Ask replaces your homepage and hijacks your search engine.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.