HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Sure! It is around 800 MB :(
    And where can i safely upload and trash it later :)

    Edit: haha, after compressing it came down to 151 MB.. :)
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Tom

    This version, is very stable. All the beta builds also have been stable. I wouldn't recommend using it and MBAE together. My opinion.

    Pete
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Send it via wetransfer.com to erik@surfright.com.
     
  4. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Thanks! Its on the way. 51% compelted :)
    And how about trail license. Can i get the trail license for RC version?

    Edit: Sent!! It should be in your inbox!!

    Thanks, Harsha.
     
    Last edited: Dec 4, 2014
  5. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Good to know, Pete, as I have not been using the any of the previous versions. And you're probably right about using it together with MBAE.
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Just to report also that after upgrading to build .120, and a couple of reboots, issue I saw seems gone, and I'm logged-in with Pale Moon.
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Issue could be caused by a crash of the Alert service. Can you run AppCrashView to see whether hmpalert.exe has crashed? You can download AppCrashView from here http://www.nirsoft.net/utils/app_crash_view.html
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Three questions. What is the status of Prey compatibility? It's rather inconvenient for me to test.

    What are the limitations of the free version now that you've added new features? I still don't know how to downgrade the license.

    What happens to my trial license that HMP.A automatically activated during beta testing?
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    1. The RC does not have a permanent whitelist option. Most likely will make it in the final, or in version 3.1
    2. The free version has all features of v2 and most of the new v3 features. Only exploit mitigations and active vaccination require a license. If license is expires, you still have hollow process, webcam notifier, cryptoguard, safe browsing, keystroke encryption, etc.
    3. All testers can get a full license from me. Just send me a PM.
     
  10. guest

    guest Guest

    @erikloman

    Could you explain the difference between IAF (HMPAlert) and EAF+ (EMET 5) ?.
    Based the descriptions of both mitigations they should be pretty much the same.
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Ok thanks, ran AppCrashView, and nothing in it to coincide with what I reported. Most recent, refers to dump I've already provided.
    Whatever happened, it's ok now, and seems stable (the RC), as far as I've seen.
     
  12. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    49
    Reboot Did the trick Not sure what was going on.

    Thanks
     
  13. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    RC working fine for me. None of my previously reported issues exist in RC! Good job Erik and Mark!
     
  14. guest

    guest Guest

    It simply doesn't make sense to use HMPAlert and MBAE together.
    Although they both offer strong protection against almost all the exploits used in the wild, I stil think that HMP.Alert is just a little bit better due to hardware supported CFI.

    There is no such thing as a 'bad' exploit mitigation tool. Each solution (MBAE/HMPA/EMET (with ASR)) will be able to block almost all 'normal' exploitation techniques.
    In my opinion the only thing that matters is the GUI and the amount of customization possible.

    When you don't want to chose all different settings by yourself --> MBAE/HMPA
    When you want to be able to configure most mitigations by yourself and want to have extensive reporting --> HMPA/EMET
     
  15. Fardooste

    Fardooste Registered Member

    Joined:
    Nov 24, 2014
    Posts:
    6
    I installed on my machine and disabled everything except cryptoguard. so far it seems stable. i look forward to testing your server release.
     
  16. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    No problems to report here, great job!
     
  17. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    No issues here as well (running together with MBAE) on Win7 (64).
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I am using the private build. Here is a screenshot for the prompt I get when opening IE, and one for the prompt I get when opening Firefox. I also get a prompt when closing Firefox, but I don't know what it says. It disappears just as soon as it appears. Should I also get a prompt when closing Firefox?
     

    Attached Files:

    Last edited: Dec 4, 2014
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm getting some false positives with Media Player Classic. HMPA kills Media Player Classic saying it has blocked a threat. I'm sure the files are not infected. I can go back and play the same files again, and HMPA gives me no alert.

    General View

    Mitigation HeapSpray PID 12272 Application C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe Description MPC-HC x64 0x00000000116AC000 0x00000000082F6000 0x000000000EA4C000 # Size: 172KB Size: 172KB Size: 172KB -- ------------------ ------------------ ------------------ 1 97.64% ADD 95.01% ADD 96.35% ADD 2 0.41% 0x00 2.72% 0x00 1.99% 0x00 3 0.41% 0x81 0.41% 0x81 1.40% 0x81 4 0.23% 0x78 0.23% 0x78 0.20% 0x82 5 0.20% 0x7F 0.21% 0x7F 0.04% 0x7F

    Details

    C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
    HeapSpray
    Mitigation HeapSpray PID 12272 Application C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe Description MPC-HC x64 0x00000000116AC000 0x00000000082F6000 0x000000000EA4C000 # Size: 172KB Size: 172KB Size: 172KB -- ------------------ ------------------ ------------------ 1 97.64% ADD 95.01% ADD 96.35% ADD 2 0.41% 0x00 2.72% 0x00 1.99% 0x00 3 0.41% 0x81 0.41% 0x81 1.40% 0x81 4 0.23% 0x78 0.23% 0x78 0.20% 0x82 5 0.20% 0x7F 0.21% 0x7F 0.04% 0x7F
     
    Last edited: Dec 4, 2014
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Free version limitations anyone? It simply doesn't make sense to state that those programs are somehow always equivalent and redundant.
     
  21. guest

    guest Guest

    I understand your opinion but let me clarify a few things:
    If you've never done any research into the mitigation capacity of both products then you just simply can't draw any conclusions.
    For example: this is the list of mitigations present in Malwarebytes Anti-Exploit that I encountered during some testing: https://forums.malwarebytes.org/index.php?/topic/158426-full-list-of-exploit-mitigations/

    EMET, HMPA and MBAE all share a large collection of similar mitigation techniques.
    Whether it's about DEP/ASLR enforcement, stack pivot mitigation, stack execution mitigation or caller checks, they all have some form of it.
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I just installed the RC and got an alert, after I typed the first character on my bluetooth keyboard.
    That's a good sign, HMP.Alert recognized a USB-Bluetooth dongle, and asked me to confirm, that it's not a bad-usb.

    HMP.Alert is a great piece of software !
     
  24. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    What will be the price of a license?
     
  25. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    49
    Any way to build in support for Eraser and other file shredding utilities with out compromising security? Or maybe the whitelist in the final build will fix that.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.