HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    So do I.

    But Google uses an automated System, that does not take trust in consideration
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    No problem here with Build 342. :thumb:
     
  3. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    130
    Location:
    Australia
    Hi Peter2150,

    It is Hardware Based Virtualization.

    I believe it was previously called Avast NG, and was enabled by default on earlier versions of Avast if your system was capable and Hardware Virtualization of the CPU was enabled. (hopefully someone will correct me if I'm wrong)

    http://techdows.com/2014/09/avast-2015-beta-2-adds-avast-ng-and-grimefighter-free-features.html

    https://forum.avast.com/index.php?topic=154857.msg1125734#msg1125734

    I do not think in the latest free version it is enabled by default and it has to be checked in a Custom install. As i had a earlier version and upgraded to the latest version it was already installed.

    I will try this tonight or in the morning after trying out the latest pre-release of HMP.A and report back as I'm not on the problem system at the moment.

    Thanks.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I probably wouldn't have turn it on anyway. I think they've put to much in an AV, but that's me.
     
  5. hjlbx

    hjlbx Guest

    @erikloman
    • HMP.A 3.1.0 build 342
    • Windows x64 8.1 clean install
    • Comodo Internet Security Pro 8.2
    • Adguard 6
    HMPA does not protect Nitro Reader 3 (32 bit) - even after following the prescribed procedure of closing and relaunching it via the Mitigations interface.

    No toast, no border, endless loop of restart Nitro Reader 3 to protect it - but the HMPA protections never take effect.
     
  6. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    130
    Location:
    Australia
    Thanks erikloman & markloman & HMP.A team,

    Using HMP.A 3.10 build 342 Pre-release and the latest version of Avast free has fixed the problem of IE 11 not launching for me on my system. (Win7x64)

    Also all other browsers below that i use are working correctly. with flyouts, keystroke encryption and exploit mitigations. (all latest versions)

    • Firefox
    • Chrome
    • Seamonkey
    • Opera
    • Vivaldi Beta

    I have not had the time to check that all Java, Media, Office, Other and Plugins work as of yet, but it appears the pre-release build has solved all my issues. Thanks once again.

    Will report back if i run into any other issues.
     
  7. PoodleDoodle

    PoodleDoodle Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    6
    I joined to contribute to this thread. Love the product and subscribed to it as soon as I found out about it and did some research.
    There was a bit of a rough patch (with many security products) after the Win 10 1511 upgrade.

    Win10 x64
    HMPA 3.1.0 Build 342
    MalwareBytes Anti Malware Premium

    HMPA indicates that protection is assisted by hardware (Xeon E3-1241 v3)

    It seems that using the 32bit test tool, all pass except for Unpivot Stack. The calculator is successfully launched via the app and via Firefox...

    This also occurred with Build 340.

    Unpivot Stack was stopped by HMPA 3.0 before the 1511 upgrade.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Interesting. On my desktop host I tried outside of Sandboxie, I even shutdown the HMPA service shutting down HMPA, still couldn't download. So then I fired up my win 7 virtual machine. Has my same security setup, but there was one difference. In stead of FF 42, I had FF41.02 Through in the down load link and down it came. WEIRD
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Build 342 installed and working fine. Tired now, but tomorrow will try the link again with FF42, and then back install FF41 and see what happens.
     
  10. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    130
    Location:
    Australia
    Thought i would give this a real quick test out of curiosity and in no way am i an experienced tester.

    System Win7x64 in BootCamp (latest updates and latest versions below)

    • MBAM real time protection enabled
    • SecureAplus(Beta without local AV)
    • Hosts Block
    • McShield
    • GlassWire
    • Adguard
    • HMP.A 3.10 build 342 Pre-release
    • Dr Web Katana

    I found all my system worked as expected and the following browsers worked and didn't work.

    • IE 11 ("Attack Intercepted" browser was terminated see attachment)
    • FireFox (Worked with flyout)
    • Chrome (Worked with flyout)
    • Opera (Worked with flyout)
    • SeaMonkey (Worked with flyout)
    • Vivaldi Beta (Worked with flyout)

    Uninstalled Katana and all Browsers worked.

    I then threw Avast free & Katana into the mix as i was having problems with a earlier version of HMP.A with Avast. I found all my system worked as expected and the following browsers worked and didn't work.

    • IE 11 (Flyout appeared and launched but browser become unresponive and crashed)
    • FireFox (would not launch)
    • Chrome (would not launch)
    • Opera (Worked with flyout)
    • Seamonkey (Worked with flyout)
    • Vivaldi beta (Worked with flyout)

    Uninstalled Katana and all browsers worked again. I was having similar issues with HMP.A (earlier version & without Katana) & Avast installed that have been resolved with the latest pre-release of HMP.A.

    From my limited testing and not very knowledgeable testing it appears Katana may also be incompatible with Avast in its current form.

    Make of this test what you will.
     

    Attached Files:

  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Unable to download this with ANY browser, FF42 initially red warning, but with 'Block reported attack sites' unticked, now times out, also on IE11, Chrome, Pale Moon, Cyberfox ... is the server now offline?
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is due to that we host an in-house built DellTest.exe binary that I signed with the controversial eDellRoot certificate. The signing was used to proof you could sign a binary with the certificate (it allows everything). Although the binary itself just shows a message box, but the certificate is triggering Google's algorithm. The result is that Google now blocks all files from test.hitmanpro.com :'(

    We've removed the DellTest.exe but it may take a while before Google's backend churns through its backlog.

    Thanks all for reporting!
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    :thumb: Concept proven!
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Found my problem. It was Heimdal Pro, no message, just timing out (that has happened to me before). Unticking Secure DNS, and clearing cache and download worked (using IE11).
     
  15. Magic_The

    Magic_The Registered Member

    Joined:
    Jun 24, 2015
    Posts:
    40
    HitmanPro Alert is causes instability conflict with IDM (internet download manager)
    it conflict with chrome extension Idm staff have confirmed that, they should patch it soon.


    Hi Erik,

    Hitmanpro Alert conflict with IDM (Internet download manager) in (Chrome extension)

    I have already contacted to the IDM staff, they should release a patch soon.
     
  16. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64:
    HitmanPro.Alert 3.1.0 Build 342 Pre Release is running fine!:thumb:
     
  17. darxide001

    darxide001 Registered Member

    Joined:
    Dec 5, 2015
    Posts:
    2
    @erikloman
    Is it possible to exclude specific devices from the webcam notifier? Whenever windows media center attempts to use my tv tuner card for a scheduled recording I get a hitman prompt popup for that device.
     
  18. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
  19. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    No problem downloading this morning with FF42.
     
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I received the page block notice, but was able to simply bypass it and download build 342. The update from 340 to 342 went smoothly and so far I have no issues to report :thumb:
     
  21. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    No problem to report so far (10 x64 build 10586.17)
     
  22. PoodleDoodle

    PoodleDoodle Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    6
    Are you able to test Unpivot Stack protection?
     
  23. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    that's odd if your CPU supports Hardware-assisted CFI :confused: (basic requirement to intercept this 'behaviour' as stated into Exploit Test Tool Manual)...

    I'm unable to intercept instead system() in msvcrt...even if i'm quite sure it's related to msvcrt.dll that is newer than version 7.0.9600.17415...

    "Note: This exploit test is currently only available when msvcrt.dll is older than version 7.0.9600.17415"


    Erik?
    Mark?
     
  24. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    just tried and it's succesful intercepted (10 TH2, i7 4790)
     

    Attached Files:

  25. PoodleDoodle

    PoodleDoodle Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    6
    I'm not sure what the issue is for me... This definitely worked fine on 3.0 and before the 1511 upgrade.

    I'm on Win10 Pro x64 build 10586.17 as well. My CPU absolutely supports CFI.

    The only other security software I'm running is MBAM, and I've tested with it disabled as well.

    I've tried removing and reinstalling HMPA, with identical results.

    Unpivot Stack protection fails...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.