HitmanPro.ALERT Support and Discussion Thread

Internet Explorer Lockdown
when trying to access Properties in right-click context menu in Internet Explorer.

N.B.
Where I say access Properties in right-click context menu in Internet Explorer,
I mean access Properties by right-clicking in some empty space in an open Internet Explorer tab, not access Properties by right-clicking an IE shortcut.


For Windows Vista SP2 x86 IE9:

Code:

Mitigation   Lockdown
 
Platform     6.0.6002/x86 06_17*
PID          5696
Application  C:\Program Files\Internet Explorer\iexplore.exe
Description  Internet Explorer 9
 
 
Process Trace
1  C:\Program Files\Internet Explorer\iexplore.exe [5696]
   "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:5848 CREDAT:334176
 
2  C:\Program Files\Internet Explorer\iexplore.exe [5848]
3  C:\Windows\explorer.exe [5040]
4  C:\Windows\System32\userinit.exe [5972]
5  C:\Windows\System32\winlogon.exe [8408]
   winlogon.exe
 
6  C:\Windows\System32\smss.exe [8288]
   \SystemRoot\System32\smss.exe 00000000 00000034

For Windows 7 SP1 x64 IE11:

Code:

Mitigation   Lockdown
 
Platform     6.1.7601/x64 06_25
PID          4628
Application  C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Description  Internet Explorer 11
 
 
Process Trace
1  C:\Program Files (x86)\Internet Explorer\iexplore.exe [4628]
   "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:267521 /prefetch:2
 
2  C:\Program Files\Internet Explorer\iexplore.exe [2680]
3  C:\Windows\explorer.exe [512]
4  C:\Windows\System32\userinit.exe [2704]

Is this expected behavior, or a bug?

I hope this is not expected behavior.
I wouldn't like it to need to disable IE's Lockdown mitigation and restart the browser each time I need to access Properties in right-click context menu in Internet Explorer. Especially when I have multiple browser tabs open and I'm logged in at multiple websites.
And of course this would be even more an issue for average/ non advanced users.

Edit 1:
Thanks to ropchain, I found out that there is an alternative to disabling IE's Lockdown mitigation and restarting the browser -
that is (temporarily) disabling (all) Exploit mitigation, which doesn't demand restarting the browser.
Nevertheless, I would like to know if the reported Internet Explorer Lockdown when accessing Properties is expected behavior, or a bug.

Edit 2:
I added the information that where I say access Properties in right-click context menu in Internet Explorer,
I mean access Properties by right-clicking in some empty space in an open Internet Explorer tab, not access Properties by right-clicking an IE shortcut.

 

This: https://www.netflix.com/se-sv/

 

On Wilders, I keep getting the blue fly-out for Plugin Container for Firefox. It happens at times which seem to be random, but is getting annoying. Sometimes when I browse a new thread, I get it. Sometimes just going to the next page in a thread triggers it. Also accessing the same thread may trigger it again, but not always. I even see it sometimes when posting a reply. Anyone know what keeps triggering this specific fly-out?

 

The site for the particular film (the scene of the crash) is like this (This is not the actual string after"movieid= because I once posted a similar URL and unknowingly posted my password info:

http://www.netflix.com/WiPlayer?mov...f871f2f-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The URL you give takes me to my "home" page which includes "my list" and other films to browse

Did not get the time last night but will reinstall and see what happens with IE11. I have my suspicions about the proper functioning of my FireFox plug-in container.

 

I often get a script error message on Wilders if I try to copy some text. It freezes my browser and can only close it with task manager.

 

I'm not currently noticing the problem you describe with FF 37.01

 

Have a read of this thread.

https://www.wilderssecurity.com/thre...h-player-starting-on-these-forums-now.373936/

 

I'm not having a problem with the flash fly-out - just the plugin container for the firefox fly-out. I set Safety Notification to Once per logon session and so far the blue fly-out has not reappeared. I would still be interested in knowing what triggers this. Erik?

 

Errr...one question....
Is there a way to disable protection completely with single click?

 

I apologize if this has already been asked....

1) Since I do not see the log in GUI, could the click on 'Number of alerts' show it?
2) At 'Last Alert', the time of last alert would be a nice addition

 

You can click on "Exploit mitigation" and select "Disabled".

 

Thanks!
Maybe devs could make a 'Disable' option in tray icon menu?

 

My problem appears to be definitely to be FireFox related or caused by Firefox.

I'm not sure about the media player associated with IE 11, whether its Silverlight or not and whether it's built into the browser as opposed to being an plug-in, but had no issues with Netflix on IE11 with HMPA. I know Netflix requires Silverlight on FireFox.

I had no issues with Flash on IE11 either.

BUT a new problem arose with FireFox and HMPA. I was unable to change urls. This is what would happen when I had Flash enabled in FireFox. I had to disable Flash in FireFox for it to be useable. With Flash enabled in FireFox my browser would freeze if I viewed any site that had a Flash object on it. When this happened with Flash enabled I could only close it with Task Manager. (This of course may be caused by a conflict between HMPA and some other program on my particular PC)

I had to do the same thing with Firefox and HMPA this AM. The problem started on the first page I viewed-New York Times. That page showed fine, but when I tried to go to a different URL the page would not change. The "loading page symbol" just kept spinning and there was a blank screen. I tried several URLs. The New York Times page had not given me any problems previously even when I had Flash enabled.

Had to close FireFox with Task Manager. Then I could not reopen FF. Got two types of messages: "FF is already running" and "A piece/part of Firefox is missing". The "Firefox is already running" is not new. Sometimes when I force FF to close there is some background process of FF that remains listed in Task Manager, but does not appear to be actually "running." Sometimes several of these can build up. I have always been able to shut these background processes down with Task Manager, BUT with HMPA installed I was not able to close them and thus was unable to restart FireFox. After uninstalling HMPA, I had no problem closing the background FF process down with Task Manager and restarting FireFox.

IMHO, there is some issue within Firefox that Mozilla has not acknowledged. NOT HMPA. For example, many (100's-1,000's-10,000's) of peeps can't use Flash in FF. It seems to be a random thing. Suggested Fixes from the FF forums work for some but not for others.

For a number of reasons I much prefer FF over IE, mainly because of several extremely useful and time saving extensions I use in FF. Though I have been using IE11 more frequently because I need to use it to view Flash Content.

Is anyone else having FireFox and or Silverlight issues with HMPA installed?

I will try it again from time to time. I would really like to use HMPA, but at this point I am not willing to give up the conveniences FF gives me.


Windows 8.1, FireFox 37.01 ( my Flash problem in FireFox started about two months ago with an earlier version.)

 

I've been having massive problems with the 37.x builds of Firefox regardless of HMPA. Interestingly most of the crashes are on this site.

 

HMPA blocks Emsisoft Emergency Kit because of VM detection.

I understand why, but shouldn't these kinds of programs from reputable sources be whitelisted? (for novice users?)

 

Same here, well done, nothing to report...

 

Ditto here!

 

I do wonder why some people still seem to get weird false positives, you would think that by now this would have been fixed, or perhaps something else on their system is triggering this? I also wonder if HMPA is perhaps a bit too strict when it comes to the anti-exploit part.

 

I can understand your frustration, it's never fun when you're having serious problems. To be honest, I have read other posts where people had problems caused by "Active Vaccination" and "BadUSB", so personally I kept them disabled. It's also true that you might not ever encounter an exploit attack, especially when you're using less targeted software. But it's more a bit of an alarm system, for that one time you might get hit with an attack.

 

There is a DEP issue with Silverlight. We are working on it. But so far we are unable to reproduce ourselves.

 

Yep, same here running fine.

Rules.

 

I tried to run EEK on Windows 7 (64 bits) when HPMA intercepted it. This was on the PC of a family member. I will try to reproduce it at home (later today).

Another weird thing: I disabled the flyouts, but yet HMPA displayed one when I ran a portable App that had JRE included.