HitmanPro.ALERT Support and Discussion Thread

@erik, have you looked at the memory use we have posted? is it in order?

 

HitmanPro.Alert 3 build 171 Release Candidate

Changelog

• Improved CryptoGuard mitigation
• Improved ROP mitigation
• Improved HeapSpray mitigation
• Improved Hardware-Assisted Exploit Mitigations
• Improved compatibility with EMET 5.1
• Improved compatibility with Sandboxie 4.16
• Fixed BSOD on some systems
• Various small internal fixes

Download
http://test.hitmanpro.com/hmpalert3b171.exe

Please let me know how this version runs on your computer

 

But not yet with EMET 5.2, I suppose?

 

Thanks Victek and @bjm_ for filling me in on this HMP.A feature. I learned something new today.

 

EMET 5.2 + Alert 3 on 64-bit still have an issue. If you disable EAF in EMET 5.2 it works.

EMET 5.2 + Alert 3 on 32-bit has no issues.

EMET 5.1 or older + Alert 3 have no issues.

 

HP.A 171RC
IE11 + SBoxie 4.16 + W8.1.x 64bit + NIS 21.7 = ROP
Event Log sent PM

 

HMPA 3 build 171RC has added rundll32.exe to applications under Other. Working fine so far.

 

Just updated to HitmanPro.Alert 3 build 171 RC - No problem up to now.
Nevertheless a recurrent issue (HMP.A builds 155 and 167) regarding an application called xmplay.exe is still present, a ROP attack only and no blocking with this mitigation disabled for xmplay.exe.
But... I get to wonder if, rather than being a false positive, it wouldn't be a true xmplay.exe attack/problem, even if the application is very well known and available since many years (I mean it's not a futility coming from nowhere).
Carrying on with HitmanPro.Alert 3 build 171 RC ...

 

I know. Not fixed yet . I am looking at it right now,

 

If it was Norton I would be affected too.

 

Erik,

So far so good!

 

Aha! Sorry, I presumed facts not in evidence based on posted Change Log ....

I've made suggested CryptoGuard Exception in AppGuard and Direct Access in SBoxie.
I'd like to test if my AG and SBoxie setup satisfy CryptoGuard temp files.

How may I invoke creation / update of CryptoGuard temp files. Date modified does not change ?

 

http://www.pcworld.com/article/2899952/all-major-browsers-hacked-at-pwn2own-contest.html#tk.nl_today

@erikloman PM sent on build you ask'd me to run

 

W7-x64, hpa b171, hp b238/b239, IE11 and Firefox 36.0.1:

Up till now only the already reported ROP and Null page mitigation issues!

See post #4083 HitmanPro.Alert Support and Discussion Thread

EDIT: The latest Firefox 36.0.3 runs without issues too.

 

Thanks !

 

FYI, Still getting alerts with v171 when launching Microsoft Update and Microsoft Update Catalog from XP Start Menu.

 

Some software do not like to be mitigated. Take for instance Spotify or MPC. These tools cannot be mitigated. Therefor do not add them to mitigation.

 

@erikloman
Thank you for this clarification.

 

ran the hmpa3 test app, ran most of the exploit tests on xp with _155, and it seemed that keystroke encryption failed. I typed into browser url space and I could read the text in the test app window. assuming this is how that test is run, then that indicates a failure, correct? otherwise _155 appears to be running and playing nice. Time to deploy _171 and see what happens. I just install _171 over _155, correct? or uninstall _155 first?? And I'm assuming I have the current test app, sha1= F54B68B761FF6EDF216A00CF5344D26D9F849494 Sorry for the few question but with nearly 4600 posts here would appreciate some guidance. I just switched from mbae yesterday.

 

I'll run the keylogger test and see encryption for the address bar...
I've always over installed new builds...
If I go backwards builds then.... I'll uninstall first...

 

Do you know why mitigation causes problems with Media Player Classic?

 

That's odd, though, since MPC gets along well with EMET. I wonder what might be causing conflict between HMPA and MPC.

 

Ever now, and then MPC triggers a mitigation from HMPA on my machine. I don't remember which ones for sure. I think they were HeapSpray, and ROP if I remember correctly. The problem I have with MPC, and HMPA is the blue protection border will not go away when I'm playing a video. I have to stop the video, and begin playing it again to get rid of the blue border. Sometimes I have to do it more than once.

 

thanks for confirming about installing newer beta over older. Meanwhile, I checked the pdf test manual and I was running the keystroke test correctly, I tried in the body of webpage (search engine input line) with both firefox and chrome and no encryption in either, I read test text box in the clear on xp using _155, and not running in sbie for that test. Just tested again using sbie on https page login page, and again no encryption. Installing _171 next.