HitmanPro.ALERT Support and Discussion Thread

HitmanPro.Alert 3.1.0 Build 343 Released

Release History:

• Improved hardware-assisted ROP mitigation.
  Improved DEP mitigation.
• Improved BadUSB mitigation.
• Improved upgrade procedure.
• Improved hooking engine.
• Fixed compatibility with Avast! on 64-bit systems.
• Fixed keystroke encryption compatibility with Trusteer Rapport.

Download: http://dl.surfright.nl/hmpalert31.exe

Later this week, we'll be updating existing users automatically to this new build.

 

Sorry to report that Unpivot Stack protection fails for me (calculator starts) on Build 343...

 

Early days, but so far so good with Build 343.

 

W7-x64:
Download went fine, installed 3.1 build 343 over build342, no problems/issues so far.

 

W7-x64:
No failure for me using the Exploit Test Tool (32-bit) 1.9.1, with hmp 3.7 build 251 and hmpalert 3.1 build 343.

 

No problems upgrading to build 343.

Win10 1511 build 10586.17 x64/Norton Security with Backup v22.5.5.15

 

Are you running natively or in a virtual machine?
Do you see the Hardware-Assisted Exploit Protection moniker on the main GUI of Alert?

 

I see you have fixed keystroke encryption compatibility with Trusteer Rapport (in 342 already).
Re the WSA Identity Shield / HMPA keystroke encryption indicator compatibility issue (your comments #7627, #7632), I did try to pursue it but their Escalation Team couldn't reproduce it, so I gave up.
I use WSA because my bank recommends it - the Identity Shield specifically. I just live without the indicator now - and hope that there are no other conflicts between the two

 

@markloman any word on this? im not the only one and after i posted this other issues get handled but nobody seems to have a look at this...

tnx in advance

 

Hi Erik,

I am running native Win10 Pro x64. HMPA does show that Exploit Mitigation is assisted by hardware. All other tests are successfuly blocked, except for Unpivot Stack.

I have Sanboxie installed, as well as Hyper-V for running Linux VMs. But none of that is running during the tests.

Thoughts?

 

Hello.

Using HitmanPro.Alert version 3.1.0 build 340. Is it possible to exclude folders from the "scan computer" feature?

 

I have an Intel Q9450. Why I don't see the Hardware-Assisted Exploit Protection Icon? Or do not have my processors this function?

 

I'm not following you, my response was to "why do you make this assumption", and I explained why I did. And I'm not unhappy with the direction of the product at all, I was just wondering if they can offer a version where the anti-exploit component is not installed, because sometimes disabling this module is not enough to fix compatibility problems. However I'm indeed unhappy about being ignored when I ask a simple yes or no question.

 

Since Build 340 I have problems regarding the keys that I press and the keys that appear on the screen. Often keystrokes seem to be repeated, when typing fast. This is extremely annoying. The problem is only present, if the keystroke encryption in Hitman Pro Alert is activated.
I use the Neo Keyboard Layout for faster and more ergonomic typing. To use it a keyboard driver (kbdneo32.zip or kbdneo64.zip) and a Autohotkey expansion (kbdneo_ahk.exe) are necessary. The Autohotkey expansion is necessary because some keys (i.e. arrow keys) can't be changed in the driver.
When disabling the Autohotkey expansion the problem is gone, but this also means the keyboard layout is not fully functional. So I guess there is a problem with Autohotkey in general.

 

Expected behavior, as you need an i3, i5 or i7 processor to benefit from Hardware-assisted CFI.

As indicated in the test manual: http://dl.surfright.nl/Exploit Test Tool Manual.pdf
"Important: This test is only intercepted by HitmanPro.Alert if the main processor (CPU) is an Intel® Core™ i3, i5 or i7 CPU"

 

Win10 Home x64 on an i5, Avast Free version 11.1.2245, EMET 5.2 (recommended settings), HMP.Alert Free/no license version 3.1.0 build 343.

The issue with IE11 not launching persists; Windows error message with 'error code 0xc0000005'
Whether starting IE11 from the HMP.Alert webbrowser list of from regular Windows Start menu; same Windows error message.
Edge will not launch from HMP.Alert webbrowser list (no error message created)) but will launch from Windows Start menu.

In HMP.Alert, under 'webbrowsers' are listed
- Chrome 47 (chrome.exe)
- Internet Explorer 11 (iexplore.exe 32-bit)
- Internet Explorer 11 (iexplore.exe)
- Microsoft Edge 11 (microsoftedge.exe)
- Microsoft Edge Content Process... (microsoftedgecp.exe)

edit;
After removing 'Avast Free AV', no more issues.
IE11 and Microsoft Edge will launch from Windows Start menu and from HMP.Alert browser list.

 

Erik, you got PM

 

Playing with LastPass, I'll observe orange encryption flyout with LastPass Master Login dialog in Firefox okay... but, not in Chrome or IE. Anyone else...?

 

Yeah, I'm seeing the live encryption indicator when logging into the LastPass plugin in Firefox, but not Chrome. It's working elsewhere in Chrome though, such as Google search fields.

 

Yeah, encryption is working okay otherwise. So, not just my setup.
IE and Chrome nada LP master password encryption.
Firefox has LP password encryption.
Thanks

 

As a workaround I log into LastPass using Firefox first, and then when I open Chrome it is logged in there automatically (no additional typing required).

In the plugin go to "Preferences/Advanced Settings/Share login state with other browsers"

 

Aha, live and learn. LP has toys I haven't played with yet. Thanks again.

 

Hello,
i'm running Firefox (64Bit) sandboxed (Sandboxie) and since yesterday, HMPA for testing this combination. The sandboxed Firefox shows, that it is protected by HMPA (green Frame, secure browsing and exploit-protection), but when i open surfright's exploit test tool and start a test for Firefox, the browser starts without any reaction of HMPA. HMPA only reacts, when i run Firefox outside Sandboxie. Is it right, that i've got to run the exploit test tool in Firefox's sandbox for testing?