HitmanPro.ALERT Support and Discussion Thread

That's right I've added Steam to the list. Now I have removed it and added it as a browser. I will test how well it works now. Thanks for the help Mark!

 

Exploits make use of the weakness in programming languages. Compilers and operating systems are the place to mitigate thise weaknesses exploits need to acquire control.

Stopping these holes in another security layers comes with a high cost of fine tuning logic to reduce false positives. First step of exploit is to take control, second step is to do something with this control. Blocking access to shell and scripts makes it a lot harder for exploits to do any harm with that control.

 

Thanks for the feedback, but you could have also explained it with only a couple of sentences. I already understand what HMPA is all about, but I was talking from my own point of view. Exploits are a serious problem, but at the moment I'm more worried about running/installing some malicious app myself, so that's why I'm mostly interested in the "risk reduction features".

And fact of the matter is, that with apps like HMPA there is always a chance that it will cause conflicts with other tools. I have tried the HMPA v3 + Sandboxie combo several times, and every time I ended up with problems, even with anti-exploit turned off.

So that's why I came up with the idea, to make a revamped HMPA v2 version, with the same v3 GUI. I just wondered if that would be feasible or not, that's all. But anyway, can you perhaps give some more info about the "CryptoGuard only" install method, is this available to home users?

 

• Added Anti-Ransomware install mode.
  This mode supports Windows Server 2008 R2 (or newer) environments. Requires Server license.

http://www.surfright.nl/en/whatsnewalert

 

12/02/15 Anything resolved regarding IE11, Avast, previous v of HMPA working fine, but same with latest HMPA stops launch of IE11 ?

 

Fantastic post, the best explanation I've seen yet of how your class of product works relative to traditional AV.

One quick question: given its effectiveness against exploits, could something like HMP.A serve to extend the life of, say, Windows XP?

 

There maybe a conflict with avast that can cannot be resolved ( i would like to know myself). I have un-installed Avast and there appears to no problems with HMP.A (Visa a Versa).

Also with Build 340 besides EI 11, Firefox & Chrome will not launch as well.But Opera, Seamonkey & Vviladi will launch.

I have gone back to Build 209 with Avast installed and Firefox & Chrome will not launch .

IE 11 when trying to launch with Build 209 gives a "Attack Intercepted".

Still Firefox & Chrome will not launch.

If needed will provide the Event or Mini Dump Logs












.

 

For every file downloaded from the web, HMPA keeps track of their location and applies a mitigation category to it, based on the application category that downloaded it.
In your test, when you downloaded ccsetup512.exe the second time (now under the Other mitigation category) to the exact same location where you stored the first ccsetup512.exe (under the Browsers protection), the setup is allowed to run (the mitigation category is not updated for the file). This is expected behaviour.
When you would've saved the second download on a different path, Application Lockdown would've kicked in and prevented the file from running, even when you try to run ccsetup512.exe from another process or using a different application not protected by HMPA.

 

A recent update of Avast appears to have ruined compatibility with all versions of HitmanPro.Alert, including versions from last year. Obviously, we are expected to solve it, and naturally we will
We'll DM a few people with Avast to test-drive our upcoming update, which fixes compatibility with Avast.

 

Yes - with the 64-bit tool I didn't test FF 64-bit as I have decided to stay with 32-bit version for now, only some exploits wit IE11.
hmpalert.exe had been set to Allow in Control Active Processes and under Identity Protection>Application Control (can't remember if I personally added this), and hmpalert-test.exe was set to monitor under System Control and was not listed under Identity Protection>Application Control.

 

@markloman do you have any notice on bitdefender & hmpa? it 's seems to cause issues...

 

Thanks @markloman,

I have removed the problem AV for the moment.

When ready if possible I'm willing to test the up and coming update.

 

Okay, did another test.

1. Before downloading anything I changed Vivaldi from "Browsers" to "Other"
2. Restarted Vivaldi
3. Downloaded and ran "Speccy" which I hadn't downloaded before.
4. It was allowed to run.

Besides both "Browsers" and "Other" seem to have "Application Lockdown" enabled, so they work differently for each profile?

Besides that Spotify was always set up with the same exploit mitigation template and it was allowed to download and install its updates several times but this last time it was stopped because of "Application Lockdown" which to me implies an inconsistency in how it works.

 

Hello Mark & Erik!

I've just found this video and tought to report it in case you havent saw it:

https://www.youtube.com/watch?v=xisnhhY7TR0

 

A comment from Mark or Erik would be nice. Is it possible to also offer this to home users, and what does this install mode actually mean, is the anti-exploit component not installed at all? And what about the other risk reduction features?

 

This is exactly what I mean, HMPA might offer superior exploit protection, but lots of people combine it with other tools like AV's, and they might not be willing to deal with incompatibilities every few months or so. It's a shame they won't be able to use the other HMPA features because of this. And I don't know the details, but I'm assuming this incompatibility is caused by the anti-exploit component, but I'm not saying that it's HMPA's fault.

 

Since you don't know the details why make that or any assumption?

More generally there's always the potential to lose compatibility when using multiple security products. Dealing with occasional conflicts comes with the territory for people who go that route.

 

I used the free version of Avast on Win 7x64 and was having problems.

 

https://malwaretips.com/threads/hitmanpro-alert-against-ransomware-encryptors.53628/

 

======
12/03/15 Hope the following is helpful.
Still, my only known issue that IE 11 will not launch, is resolved, when I go back to HMPA 3.0.59 build 209 under the current config:

W7 Ult SP1 x64
Avast v 11.1.2245 Free
Comodo FW v 8.2.0.4792 Free
Opera 33.0.1990.115
FF 42.0
Chrome Version 46.0.2490.86 m (64-bit)
Chrome Version 47.0.2526.73 m (64-bit)
IE 11.0.9600.18097

Only issue (as previously reported in my post on 11/27/15) cannot launch IE 11 if using HMPA 3.1.0 b340

In my testing, I can uninstall Avast, and use HMPA 3.1.0 b340 and IE 11 will launch OK. So, to me, Avast is involved, but it appears, only with the newer v of HPMA.
In my brief experience using paid HMP and HMPA, I have had no other issues so far.

 

Peter2150,

Did you select the custom install with "Secure Virtual Machines" in the free version (AV) ?

• Avast Free
• SecureAplus (Beta without local AV)
• Hosts Block
• MCShield
• GlassWire

Regards




.