HitmanPro.ALERT Support and Discussion Thread

I see you are testing with Sanboxie. You need to add \Device\NamedPipe\hmpalert to full access in Sandboxie. You may also want to try again outside Sandboxie, does Keystroke Encryption work now?

 

No problems with Firefox 36.0.3 and build 171 (W7 64 bits). About the memory usage with new build 171. At start 15 mb (now 20) and 11 mb (now 1). Ill leave it at that because it looks like Im the only one having this.

Btw... I see 43% cpu-spikes while starting a (sandboxed) browser (IE 11 and Firefox 36.0.3).

 

Do you also see the spike when Alert is not installed?

 

Hi erikloman

It was actually the PortableApps.com portable apps platform application that I was protecting using the 'Other' template. Chrome Portable is just one of many portable apps offered in this platform.

I guess my question really boils down to this: Should one attempt to protect all running applications, or stick with the default applications (browsers, plugins, office applications, etc.) and generally avoid trying to add other running applications (i.e. leave them as unprotected)? What should be the criterion for protecting an unprotected running application? And when should one use the 'Other' vs. 'Test' template?

Now using build 171 FF 36.0.3 - no problems.

 

Let me ask...without running the Keyboard logger Run Exploit v1.4.0.19. Do you see the Encrypting bar with scrambled characters upon keystrokes in a web facing app. Like typing here I see Encrypting. Do you see Encrypting here....?
Does the Exploit Test Tool populate to Exploit mitigation module. I've run 32 n' 64bit Test Tools. Both populate to Exploit mitigation.

 

Just want to report that, on build 167, I'm no longer experiencing the issues where HMP.A was preventing me from: 1) updating Java manually, and 2) deleting pages from a PDF in Adobe Acrobat.

Well done!

 

HitmanPro.Alert 3 build 172 Release Candidate

Changelog

• Fixed Sandboxie 4.16 ROP message

Download
http://test.hitmanpro.com/hmpalert3b172.exe

 

Thanks for reporting!

 

Basically most applications can be mitigated. Just choose the appropiate category. A browser should really go into Browsers template. A document or image viewer/editor should go into Office. Most others should go into Other (like chat applications).

Note that if you are going to use your editor (like Notepad++) to write scripts, untick Application Lockdown because otherwise you are unable to execute the scripts.

Finally, some apps actually perform a ROP operation in their programming. For example Spotify. So you need to disable ROP and IAF on Spotify.

Once Alert 3 is released there will be a PDF describing many of the above. Stay tuned.

 

I hope this version will play nicely together with SBIE. BTW, I saw that HMPA was featured on tweakers.net, I think some of those guys were overly negative, don't listen to them, the GUI looks just fine, it's better looking and handier than most security tools. Some of them also didn't seem to understand that HMPA is more than just CryptoGuard, a couple of those posters seem to be NOOBS.

 

To be honest I felt depressed by some of the replies. The binary should not have been on there yet as we are still testing it. Some viewers might not be able to recover from a problem

 

Is there an English version of this site?

 

I'm 99% sure I located the source of keystroke problem on xp. I uninstalled Trend 2015 av, and keystrokes are now encrypted (this is with 3b_155). I tried _171 and it gives me a ROP alert with dragon, so I uninstalled _171 and returned to _155 and it seems to be good, with keystrokes, with dragon and with sbie 4.16 (yes I had added the necessary line to sbie.ini). No clue why _171 is buggy with dragon (chrome) here (haven't read all 4600+ posts yet ). I never ran _167, ie, I started with _155 and then saw you released _171. probably going back to emsisoft for av. Need to update my signature.

 

see above that my _171 ROP with dragon was perhaps addressed by _172, will try it soon

 

Completely agree with Rasheed's comments. Most often the people who do not know are the people who knock/do down software without either understanding it or even wanting to. You stick to you guns re. HMP.A v3...it is a must have IMHO and way, way ahead of the competition. We will see who laughs last on this one...and I bet it will NOT be them.

Regards, Baldrick

 

Salutations,

Hitman Pro Alert is working like a champ!
Also, agree with Rasheed's and Baldrick!
You can make your dreams come true if
you put in the effort and make a reasonable plan.
You are winner, so do NOT listen to their comments!

Moose's World

 

in xp w/3b_172 not sure ROP issue is fully fixed? firefox seems aok both with & without sbie, including keystroke is good. Opened dragon 36.1.1 in sbie 4.16 and I get an ROP alert. BUT good news, I opened dragon without sbie, and no ROP, then went back and opened dragon with sbie and this time no ROP and keystroke is working in both dragon and firefox. delayed reaction to the _172 fix, whatever? will play more & updated if issue now.
Q? is the alert log accessible? gui says nn alerts, but no interaction, and searched c\ and not finding hmpa3 logs ?? ie for details you have to try a screen shot (if that works with hmpa3 protection?)

 

followup ref _172 ROP. I closed both firefox and dragon. I open dragon no ROP. Close dragon then open it in sbie and I still get the ROP! deeply curious to me. when I had firefox open in sbie and then started dragon with sbie, then dragon did open without an ROP, as if firefox running in sbie opened the door for dragon to run in sbie without an ROP block. deeply curious (to me) as sbie is setup with a firefox in its own sandbox and dragon in its own sandbox, so the apparent sbie_"bridge" from one to the other seems odd to me, but it's a question beyond my understanding windows and sbie. In any event, at least on xp it still seems like there is an ROP issue with sbie & dragon (chrome)...?

 

Logs are in the Windows Event Log. In version 3.1 there will be a log viewer when you click on the detection count in the GUI.

 

I don't know if those of the Wilders members that don't read Dutch used a translator for reading the mentioned Tweakers.net page, or haven't read it. I read it. I don't think the replies were overly negative. There were a few replies regarding the green border and there were a few replies of persons experiencing problems.
I can understand that not everyone wants the green border and not every user will instantly understand how to disable those borders. And of course it was no wonder there were some users experiencing issues, we see the same thing here at Wilders. So those replies were not not so bad, and some of the feedback may be helpful to SurfRight.
However, I understand that Erik was depressed by finding HMPA3 at Tweakers.net and reading some of the replies. This because of the fact that HMPA3 shouldn't yet have been on Tweakers.net, as it is still being tested, and because probably not all Tweakers.net users will be able to handle beta issues well.
As I understand it, Erik was mostly startled by finding HMPA3 at Tweakers.net while that was not intended. I don't know if it was to be prevented. Also other beta software is presented at tweakers.net, every now and then. If a company doesn't want a beta to be mentioned, I think that should be arranged with the Tweakers.net editors. Of course I don't know if such arrangement was made or not.

 

No, but I mentioned it because it's the biggest IT site in Holland, with a lot of active and knowledgeable people.

Well, if I'm correct, HMPA v3 is already available for download on the SurfRight website, so it should be no surprise. But I also wonder if it's a good thing, because some people might start to bash on it when it break stuffs.

 

I'm not using Sandboxie but build 172 is up and running just as fine as 171 was.

 

Don't get me wrong, everyone is entitled to their opinion, and I'm also quite often negative about certain products, but some guys were IMO over the top. Someone said that the GUI was too flashy and not functional, I think 9 out of 10 people will disagree with that. Some other guy claimed that CryptoGuard is the only interesting function that's worth it. Of course another dumb thing to say.

 

Running W7-x64, hp b238, hpa b171-> b172, Firefox 36.0.3 -> 36.0.4, IE11.

Up till now it all runs like a charm, no issues!