HitmanPro.ALERT Support and Discussion Thread

Mark, can I ask exactly what false positive with Norton updates you refer?

Thanks,
Dave

 

HMPA 3.5.1 Build 548 beta
The Safe Browsing-Feature can't be disabled, the setting is "locked"
But, why is it a locked setting?

 

No problems upgrading build 548 beta. Same here: Safe Browsing-Feature locked.

 

1. The false positive could occur when Norton updated some of its files, mainly .ptx files.

 

Are you running the HitmanPro.Alert user interface without administrative privileges? Try opening it with admin rights.

 

Same, even after running as Admin.

Thanks Mark. I remember now from private beta testing.

 

I'm on an Admin account, and it is locked.

 

Its locked (even with admin rights).

 

+1. As Admin.

 

I found the problem. My mistake Expect a new build soon.
Note: you found a new feature that should not be seen yet, oh well

 

All seems well.
No HeapSpray alert with the mentioned actions.
And no blank page with opening the http://www.infoworld.com/blog/woody-on-windows/ page.
The blank page, yesterday, may have been some coincidence.
As I said, all seems well.

 

Installed the new update and testing, let see how it work with the new windows update

 

Please comment on the lack of keyboard encryption since build 3.5, thanks. I would like reassuring a fix is been worked on.

 

Keystroke Encryption works and doesn't need a fix as far as I know. I followed the discussion here but seems to me that it works and that only the orange border is not working on some applications (you do need to enable the Live Encryption Indicator from the Safety Notification settings). This might also be cause by e.g. software from Webroot or another anti-keylogger. What other security software do you have on your machine?

 

Installed new version, still getting update errors (as reported by PM for last build)

Code:

PS C:\> Get-EventLog -LogName application -source HitmanPro.Alert -Newest 5

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
   33120 Aug 02 22:23  Warning     HitmanPro.Alert               214 Check for update has failed. Trying again in 120 minutes.
   33014 Aug 02 22:22  Information HitmanPro.Alert               100 The hmpalertsvc broker service was successfully started.
   33000 Aug 02 22:21  Information HitmanPro.Alert               213 An update was succesfully downloaded and is pending to be installed at next ...
   32917 Aug 02 20:40  Warning     HitmanPro.Alert               214 Check for update has failed. Trying again in 120 minutes.
   32420 Aug 02 18:25  Warning     HitmanPro.Alert               214 Check for update has failed. Trying again in 120 minutes.

 

Those "error" messages are normal SEE HERE

 

Thanks, I had not seen that post

However I disagree with the statement, it is not "normal" to put irrelevant messages in the event logs
It might be expected for a beta where a debug message has been left in temporarily, but not "normal"

 

Correct. In KeePass there is no orange border (@master password-dialog), but Alert is encrypting the keystrokes. (I had checked it with a keylogger)

Main window of Keepass = Border + Keystroke encryption-symbol can be seen (go to "Search..." and type something in)
Master Password-dialog = No Border, no "keystroke encryption-symbol" (but keystrokes are encrypted)

 

You're secret is safe with us

 

interesting read - https://www.blackhat.com/us-16/brie...exploits-with-perfectly-placed-hardware-traps

 

I just confirmed the previous stable works, 3.5 does not. That to me is a slam dunk.

Other software is emsisoft anti malware, and hmpa is whitelisted on the behaviour monitor (proper whitelisting its not even monitored).
ESET nod32, which has real time file scanning and exploit blocker disabled. I only use it for email scanning.

Thats it really. Other security software is not the always running type so just things like cryptoprevent which just sets some SRP rules.

HMPA < 3.5, some apps dont show the orange bar but is just cosmetic, every app in protected list has keyboard encryption.
HMPA >= 3.5, no apps have keyboard encryption even if the orange bar still shows.

 

I just rolled back to 3.1 to test again and is working again, did not touch any other config or software on my machine. The only thing I did temporarily was to block everything on the firewall to prevent HMPA reverting itself to 3.5 before I could add the registry key to stop it updating.

Keeppass and chrome both now encrypt typing.

I am taken a back that me and someone else took the effort to report it here and you casually assumed it was working.

With that said I was testing 3.5 before release and it was bad of me to not test the keyboard enceyption.

Info.

Windows 8.1 pro x64 - up to date on hotfixes and windows update.
HMPA
EAM (currently beta build which has fixed some nasty issues from stable)
nod32 v8 (real time file scanning, protocol filtering and exploit blocker disabled)
cryptoprevent (it just adds some SRP blacklists, doesnt active monitor anything.)
sandboxie, neither chrome or keeppass is sandboxed.
windows firewall control, just a gui frontend for built in windows firewall
Some windows hardening in registry and group policy. If really required will send you this information.

 

That describes to some extent how Alert's hardware-assisted anti-exploit works. Alert has this since 2014:
https://www.wilderssecurity.com/thr...discussion-thread.324841/page-71#post-2389909

 

Hello,
Sory if my question if a bit redundant but my IT level is not very high and I'm not able to understand all your technical explanations
Is LastPass protected (keyboard encryption) with HitmanPro.Alert 3.5.0 build 546 ?

 

@erikloman , maybe a good idea to build in HitmanPro and HitmanPro Alert the same as in MalwareBytes AntiMalware; that you can deactivate your license on that product installed? (your key)