HitmanPro.ALERT Support and Discussion Thread

I installed build 351 manually on Monday and everything's working great so far.

Vista Home Premium SP2, x64

 

Indeed Tracker Update is PDF-Xchange's own update mechanism. I tried turning off Application Lockdown, which asks one to restart the application (PDF-Xchange Editor in this case), but the problem still occurred. Also with disabling all mitigations.
I am assuming temporarily disabling mitigations doesn't require a Windows restart as well.

 

I felt the same, because obviously I was placed on an 'inferred' ignore list [from my perspective], because I got no replies to my posts in this thread from the developers [subsequent sale to Sophos], recently.

Just the way the cookie crumbles, I guess. - http://idioms.thefreedictionary.com/That's the way the cookie crumbles

 

I decided to trial this software, I installed it on a windows 10 machine which has defenitly never ever used hitman pro alert before but when trying to activate the trial license I get a prompt telling me that "this computer has already had a free trial".

 

@Tarnak
As I mentioned, January 1,

Also to consider:
With your avatar, you're giving everyone the finger.
That may not be very helpful.

 

Have you ever activated HitmanPro on that machine? Until this year both HMP and HMP.A shared a single licence.

 

never

I brought a paid license now anyway (1 year).

Already found holes in the tool.

The failed test is using an old DEP exploit test, the tester runs an overflow.exe process to test DEP exploits, which hitman pro alert is failing.

If I add overflow.exe to EMET and tick the DEP box its mitigated. but there is no way to manually add executables to hit man pro alert I am aware off, it can only let you add currently running processes which seems extremely limited considering its premium price.

It also shows that just protecting the master process does not protect processes launched by that master process.

I also noticed plugin-container.exe launched by firefox browsers is also not protected.

 

With all due respect, I am not giving the finger to anyone. That happens to be Jackson Browne, giving the finger to someone [in the audience] that is probably yelling something to him, when he was performing on stage at one of the many concerts he has given over the years.

 

I now managed to add overflow.exe by getting it to show up in the running apps list using a trick and when overflow.exe is added its protected.

But I am curious why hitman pro alert 3 does not have a manual add button (like the manual exclude button) and why it has an exclude button when binaries are not protected by default.

Given it doesnt inherit memory restrictions to launched processes, how does it protect e.g. a payload been run from an exploited browser? (emet and mbae also have this problem of course). I would like to see an option to use whitelisting instead of blacklisting so by default all binaries have mitigations applied, and one has to whitelist to exclude.

 

I understand, and although using that image for your avatar can be considered as funny,
others may find it annoying, or even offensive, and that could be less than helpful if you want anyone's help.
I'm just saying.

 

Well, I guess that is a problem for them. I certainly don't mean to offend, and if offence is taken that is unfortunate.

 

The avatar doesn't offend me, but I am curious why you would use it given that it might have a negative impact on you? In any case I'm glad to learn that it's Jackson Brown in the picture and not yourself

 

01/20/16
Stupendous Man , paulderdash
,
RE: TrackerUpdater (Using PDF-Xchange Editor pd version)
I have had no issues during the last two TrackerUpdater updates and HMP & HMPA. But noticed during TU update, HMPA shows it as not protected, however, when launching PDFXchange Editor, PDFXchange Editor is protected. I was wondering about adding it (the updater) to protection list and if so under which template "Other"?.
Comodo free, Avast free, NoScript and Adblock plus in FF
PDF-Xchange Editor pd version
Sbxi pd
HMP & HMPA pd
W7 Ult SP1 x64
Also: HMPA shows Exploit protection Assisted by Hardware
All above are current versions as of today.

 

Yes I have also had no issues previously either with Tracker Updater (used by Tracker Software PDF-XChange Editor, Viewer, etc.).
Maybe next time there is an update, it may be worth trying adding it to the protection list, template 'Other' (?) though I suspect it won't help ...

 

01/20/16
Separate question to
markloman or all.
If using VPN software, is it safe/useful/or a good idea, to add it to the protection list?

HMP & HMPA pd

 

Are you sure?

http://s28.postimg.org/c57x4s44d/hmpaffpc.jpg

 

Yes, it's protected. Perhaps chrcol missed it because you have to scroll the UI to the right to see the items listed under plugins.

 

Yes, I will do this as replacements may be needed. I uninstalled a LOT already. Sorry if being obtuse, but again, the ROP issue and Lenovo's software? Can I contact Surfright or no? I know about the bloatware, yes!, but some stuff is still useful and convenient. Please reply.

plat1098

 

Hi, there!!!

 

I hold hand up I guessed on plugin container firefox isnt used on my win10 rig.

I now installed hitman pro alert on my main rig and indeed plugin container is listed.

However I have noticed that many processes are not detected by hitman alert pro, everything in my system tray is not detected such as proximitron and pidgin, two internet facing apps. Also seems no way to harden system processes like svchost.exe, so I have kept EMET to harden processes hitman pro alert doesnt support. But everything hitman supports I have removed from the EMET apps list so is no conflict. MBAE has been uninstalled.

Various apps it detects but doesnt protect by default such as steam I protected as well using hitman.

Regarding the normal hitman pro software, thats a on demand scanner like malwarebytes right, and if I understand right I can also use my license on that? It wont conflict with nod32 a./v as its on demand only?

Thanks

--edit--

Noticed when I launch steam I get 2 popups, one for steam.exe and another for the steamwebhelper (the web helper is probably the more important process).
However in hitman pro alert interface there is no visibility of steamwebhelper.exe either in the configured app section or in the running process section, this doesnt give confidence things are working right so is it possible to make this show up as expected?

 

Yes I understand, but it's no surprise to me that HMPA now makes the Comodo sandbox malfunction. That is the risk that you take with injecting code into all processes. I'm sure that for the anti-exploit and risk mitigation features, you don't need system wide injection, but Mark and Erik think differently, it's the way they have programmed HMPA, so changing this will be probably difficult.

Mark, I'm still waiting for a reply to my PM?

 

You can protect any process even processes in the system tray, you just need to bring the app to the front for it to show up in the HMPA process list.

http://s17.postimg.org/44mn2u18v/hmpa_protect_list.jpg

Here is a list of my processes, most reside in the system tray, such as OneDrive, Intel Rapid Storage, AutoHotkey, etc and won't show up in HMPA until I bring them to the front, then I can add them to HMPA manually if I'm feeling paranoid about a specific app just by clicking on it and choosing a profile.

 

in my opinion you should NOT protect av-software like ESET (shown in your protect-list). they are protected by themselves.