HitmanPro.ALERT Support and Discussion Thread

How exacly are you downloading YouTube video's? Using a plugin?

 

Which plugin?

 

You did a scan in Alert and HitmanPro reported a file to be deleted? Which file was going to get deleted? There is a log in C:\ProgramData\HitmanPro\Logs\ . You can also request the logs by starting HitmanPro (is a separate program from Alert).

 

HitmanPro writes a log in the above mentioned folder.

 

Perhaps a bit of a dumb question, but is this really the only way to monitor system wide code-injection done by legitimate apps? I do understand that hmpalert.dll must be injected into the browser in order to check for malicious hooks. Also, does legitimate software alter the browser memory in the same way that banking trojans do? What about this tool (see link), can the same thing be done with the help of a driver?

http://www.nirsoft.net/utils/injected_dll.html

Is SBIE already compatible with HMPA?

 

The HitmanPro scanner is separate of Alert.

Though, if you click on the Scan button in Alert, it will download the HitmanPro scanner separately and Alert will show progress in its interface.

Hope this helps.

 

Where does HMPA quarantine files? and how do I retrieve them when it's an fp?

 

No problems Sandboxie beta 4.13.5 and CTP3 (W7 64 bits). With the yet to be released CTP4: problem(s) solved with Sandboxie/Vista?

 

We are still tinkering the CTP4. New protection features, alternate UI and many fixes and improvements. Keep an eye on this thread.

 

A few niggles here.
Every time I open Chrome I get an alert - have run scans with HMP and even taken a look through DDS and GMER logs (nothing that jumps out at me)

Another issue (don't know if it's been flagged up) but when typing in a browser (I'm quite a quick typist) I'll sometimes get a double of the first letter; for example:
When typing wilderssecurity.com - I could get something like wwlderssecurity.com <-- Thinking something to do with key encryption?

I've had another BSoD too (0x7E NETIO.SYS) - not run a windbg analysis as I haven't had time but I've got a feeling it's HMPA.

Sorry if any of this has been mentioned before!

Jason

 

Perhaps just showing it only under exploit protected applications is less confusing.
Btw does Alert exploit-protect Firefox's Flash plugin process?

 

Yes it mitigates exploits the plugin-container process.

 

To clarify: since Flash 11.3, it has another process separate from plugin-container, FlashPlayerPlugin_*Version number*.exe, I mean this one.

 

Take your time with CTP4.

 

I can't find it, is my Firefox outdated or corrupt?

 

No, if you don't have it your Flash is outdated, not Firefox. But your probably looking in the wrong folder, it's in Windows\SysWOW64(or System32 for 32 bit systems)\Macromed\Flash

 

OK cool, didn't even know that HMPA could protect sandboxed processes.

BTW, Erik Loman has already explained to me via PM that it's not that simple. HMPA has to check which app is injecting code into the browser so that it can know if the browser is hooked by a legitimate app. If it is done by some AV it will not alert, but if it's done by some unsigned app it will alert. Apparently the only way to do this is by monitoring every process with the hmpalert.dll file. But now that I think of it, only the browser should be monitored for modification? Sorry I'm getting confused again.