HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. guest

    guest Guest

    Is this new release compatible with MBAE?
     
  2. guest

    guest Guest

    Why would you run both Anti-Exploit and Alert 3 at the same time?

    They offer both almost the same kind of mitigations and both can be bypassed with some effort.
    Imho running two tools at the same time will only cause an additional slowdown if you want the exploit mitigation capability of both.
    Sure, if you're running Anti-Exploit and Alert 2, than I can see an advantage otherwise not.
     
  3. guest

    guest Guest

    The free version of HPA3, only alerts about the exploit but doesn't block it, right? if MBAE is bypassed I could still be alerted about an intrusion.
     
  4. guest

    guest Guest

    I'm not so sure about your first statement. I have always thought that the exploit mitigations and active vaccination were only available if you have a license.

    Regarding your second statement:
    Yes, it is theoretically possible that HMPA would catch an exploit that is able to bypass MBAE. But it should be possible to bypass both mitigation tools at the same time.
    It is just like the idea of running two anti-virus engines at the same time.
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There will be an update either today or tomorrow. I recommend waiting on that build if you are planning on running 124 or 125 along other security products.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    With enough effort you can bypass anything.

    Alert is currently the only product that has hardware assisted exploit mitigations which can detect ROP attacks that use CALL preceded gadgets (like this one http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/). Our Exploit Test Tool has a few tests to simulate such attacks.

    In addition, Alert has IAF which protect the IAT of PE files. The IAT is currently used by researchers to get around EAT protection methods (http://www.cs.vu.nl/~herbertb/papers/sec14-paper-goktas.pdf).
     
    Last edited: Dec 17, 2014
  7. guest

    guest Guest

    I haven't yet encountered any alert with regard to IAF. I will try to figure out when it triggers an alert.
     
  8. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Erikloman, when we can expect final version 3?
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If they knew the answer to that it would be released now. To quote a line I love from the movie Masters and Commanders, "It will be ready when it's ready"
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Final will be released when its done. We are not bound by budget or deadline though we are fully committed to release Alert 3 as quick as we can. But only when it is stable and performing.

    Hope this helps.
     
  11. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    244
    Location:
    United States
    You have just made my day!

    In regards to Exploit Mitigations, does anti-screen logging fall into this category or is that a seperate concept that Zemana drummed up?
     
  12. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Still on build RC 120 - so far so very good! Waiting for automatic update to check if the update process is stable. :)
     
  13. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    Erikloman, one more question is this HMPA 3.0.21 build 125 Release Candidate compatible and can be used with Sandboxie 4.14 on both 32-bit and 64-bit systems Windows XP Home/Pro Service pack 3, Windows Vista, Windows 7, Windows 8 and Windows 8.1?

    Will HMPA version 3 final be compatible with Sandboxie 4.14 as well on all Windows that I mentioned, and on both 32-bit and 64-bit systems?
    Big thanks in advance.
     
  14. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    @CoolWebSearch: Yes. Worked from the beginning on.

    Just add those exclusion in the Sandboxes:

    OpenPipePath=\Device\NamedPipe\hmpalert*
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Actually, I don't quite agree: https://www.wilderssecurity.com/threads/emet-mbae-and-hmp-a.370363/

    Thanks, looking forward to it!
     
  16. guest

    guest Guest

  17. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    From release notes:

    Remarks and known issues
    - HitmanPro.Alert 3 is not compatible with Sandboxie on Windows Vista.

    @erikloman

    My question: just for now or never?
     
  18. guest

    guest Guest

    Who uses windows vista?
     
  19. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert version 3.0.22 build 129 Release Candidate

    Changes
    • Improved compatibility with third-party security software/hooking engines.
    • Improved performance of protected applications.
    • Minor improvements to the user interface.
    Build 124 changes:
    • Added compression of the resource section to optimize the binary, reducing the file size over 30%.
    • Improved process startup performance.
    • Improved Import Address Table Filtering (IAF) mitigation.
    • Fixed issue with Application Lockdown that prevented some applications from installing updates.
    • Fixed sudden loss of keyboard encryption that could occur when the computer wakes from sleep.
    • Fixed drawing of the notification and keystroke encryption indicator in Internet Explorer 11.
    • Fixed a problem when opening Office documents from the Windows Command Prompt.
    • Fixed a problem that manifested when opening the multiplayer version of Call of Duty: Advanced Warfare.
    Download


    Let us know how this version runs on your machine.
    Users running build 120, 124 or 125 will be updated at a later moment.

    FYI: Our behavior-based CryptoGuard technology in HitmanPro.Alert 3 protects against CryptoLocker, CryptoWall, TorrentLocker, CoinVault, OphionLocker and variants.
     
  20. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Installed build 129 and entries typed into the address bar of IE11 are still being encrypted as with bld 125 unless I uninstall Emsisoft IS :(
    Other than that it seems to be working OK.
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What else are you running? We tested with Emsisoft and its working ok. Maybe a third factor.

    Anyone else having the same issue with Emsisoft?
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    using EIS and HMPA build 129, I see no start up issues. I just checked IE11 as I don't normally use it. I also have EIS on board. No issues. Letters and numbers in the address bar are normal, but box at bottom shows encryption

    Software I run is EIS, SBIE, ERP, Appguard and HMPA.

    Pete
     
  23. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    @erikloman

    Any solution to post #3133? I've used this profile for awhile. I also tested another profile in the likely the former
    was corrupted , but same results. Probably would apply to Firefox as well.
     
    Last edited: Dec 18, 2014
  24. guest

    guest Guest

    @erikloman

    I've got a question regarding the HMP.Alert Terms (http://www.surfright.nl/en/alert/terms)

    Specifically regarding the following paragraph:
    Does this mean that information about intercepted attacks (like source code and malicious URLs) will be sent to SurfRight?
     
  25. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Thanks, build 129 now works without issues.

    *Corrupt installation, it wasn't running.
     
    Last edited: Dec 19, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.