HitmanPro.ALERT Support and Discussion Thread

Now, what security soft vendor buys a game to test with their product in response to a user report ?

Go, go, go... SurfRight !!

 

why don't you sell me the key ASA you have fixed the issue?? (discounted txs )

 

I have no issues running The Division on my Windows 10 x64 machine.
Even though I have no problems with this pretty awesome game, you may want to try to exclude this program "F:\Ubisoft\Tom Clancy's The Division\TheDivision.exe" in HitmanPro.Alert. To do this, follow these steps:

1. Open HitmanPro.Alert
2. Click on the gear icon in the top right corner and select Advanced interface
3. Now click on the blue tile called Exploit mitigation
4. Select Applications
5. Scroll to the far right, to the EXCLUDE category, and select Add exclusion
6. In your case, browse to and select this file: F:\Ubisoft\Tom Clancy's The Division\TheDivision.exe

Note: By default The Division is installed in this path: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe

What other security software do you have installed on the machine?
Looking forward solving this! Thanks!

 

Thanks for checking out the game ( ), after I reinstalled hmpa and set an exclusion for the game it launched without issues. Without a individual exclusion but even with all mitigations/preventions/browser protections turned off globally (so for all apps, not per app) it still triggers the Exception code: 0xc0000005 with Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02.

I also use Norton Security.

 

Yep, no problem with Other for me. My Reply #8895 was to Rasheed187 said: ↑

 

This worked, thanks. It's only blocked when keepass checks and loads the extensions for the first time.

 

I totally forgot about this. I think this should be changed, Keystroke Encryption should be system wide, with an exclusion option. You shouldn't have to add apps to the anti-exploit protection list just to get protection against loggers.

Because they are not targeted by exploits.

 

Sorry I think I posted this in the wrong thread last time.

So here is my current setup

MBAE free covering all the browsers

EMET covering all the non browsers like Adobe office etc..

Hitmanpro.Alert free covering everything else non exploitation wise.

For some reason IE11 keeps getting killed by HMP.A regardless of whether HMP.A is disabled or enabled.

It seems like HMP.A is still running stuff even when everything is disabled. Is this true?

With HMP.A uninstalled everything works fine.

Any ideas?

Thanks

 

KeePass/Enpass open n' data loaded in memory is vulnerable....as any process in memory.
Good to know they're not targets.

 

Are all of these installed and in use on 1 machine?

I have some problems on occasion with IE 11 x64, but I suspect it is the interaction with password Manager: Sticky Password (a good product btw).
Back when I used EMET, it would barely open at all and gave Heap Spray errors (EMET)

 

Yes,

Let me clarify a little.

MBAE free version covers browsers, Java and a couple other things

EMET covers other apps like Adobe, office, etc..

I have no apps overlapping with both MBAE and EMET. So any app is protected by either or, but no app by both.

This combination works perfect with no issues.

Now HMP.A (free) has nonexploit level protection that I want to run. Things like badusb, browser monitoring etc.

Here is the problem when I enable HMP.A:

Apps protected by MBAE (browsers,Java) run perfectly fine.

However, apps protected by EMET (Adobe, office) fail to run whatsoever.

Here is what I have tried:

If I disable all mitigations for that app in EMET but leave the app on the app list (meaning EMET.dll is still injected but not doing anything) the app still fails to open.

Additionally, if I disable every function and feature in HMP.A free and switch it to audit mode, while the EMET mitigations are still disabled, the app still fails to run.

Finally, if I delete the app from the app list in EMET (meaning EMET.dll is no longer injected) the app will finally run.

The app also runs fine with HMP.A uninstalled regardless of whether it's EMET mitigations are enabled/disabled/removed from app list.


This can only draw me to one conclusion.

Specifically, the injection of EMET.dll into an app, triggers HMP.A (free) to terminate that app on launch, even when HMP.A is completely disabled and in audit mode. Keeping in mind that HMP.A (free) is not supposed to include exploit protection.

Even though HMP.A claims to not include exploit level protection in its free version, it is still watching for injected DLL's into apps (even when in audit mode) and terminating those apps on launch. And there is no way to disable this behavior.

I disabled every function and feature in HMP.A, nothing works beside uninstalling it.

HMP.A simply does not work with EMET.

Please let me know if I am doing something wrong here.

Thanks

 

MBAE is not the issue, I think we posted at the same time, I explained everything in the post right before yours.

 

Adding to this,

I tried to enable the free one time 30 day trial,

hoping that I could disable this behavior using unlocked exploit features in the premium version,

and it gives me a message, "this computer has previously used a trial already" .....

 

You used the free trial period already on this computer using either HitmanPro and/or HitmanPro.alert. They both use/share the same license.

 

HMPA and EMET 5.x do not run together as stated previous in this forum. It currently is not a high on our to do list. Running two anti-exploit tools (let alone 3) is highly unrecommended anyway.

 

Can you take a look at these posts please?

https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-356#post-2571267
https://www.wilderssecurity.com/thre...-tuersteher-light.359127/page-41#post-2571943

 

Correct. Though it depends whether Alert will alert on it. There is an algorithm behind it.

 

But, HMP.A claims not to have any exploit mitigation in the free version correct? So, theoretically this shouldn't be an issue.

But it is, because HMP.A is doing things while in disabled/audit mode, anti-exploit things, that the user has no way of disabling.

Not only is this an issue because its supposed to be disabled and not doing anything, but also because while disabled/enabled, its doing things antiexploit things it claims to have no capability of in the free version.

 

It's not clear what it's doing at the moment. What is clear is the lack of compatibility between HMPA and the version of EMET you're running.

 

Do we at least know why:

1. HMP.A is blocking things while in audit mode?

and

2. Why it is looking for injected EMET.DLL into apps, in the free version?

^^ Again, this is exploit mitigation, which is claims to not support in the free version.

 

HMP.A against newer version of WinLocky ransomware - courtesy of @cruelsister:

https://malwaretips.com/threads/more-fun-with-ransomware.57188/

Appears to be credible bypass.