HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Further to the above post - I am experiencing similar issue i.e. HMP.A 3.1.0 build 328, Webroot Indentity Shield on, no consistency in seeing indication of orange encryption flyout (bottom right, sometimes) when typing e.g. this post or in search bar (never) in Firefox. No orange border in either case.
    This may have been addressed previously in this thread, but does HMP.A Keystroke Encryption 'step aside' if it detects other keylogger protection software e.g. that provided by WSA Identity Shield.
    I ask because in prior builds I think I saw the orange flyout (bottom right) more consistently.
    If I move my cursor to the top of the screen (which then shows the green border), I do see a box bottom right indicating 'Safe browsing, Exploit Mitigations, Keystroke Encyption' - does that mean the latter is active and overriding WSA Identity Shield?
    Just wondering what is meant to happen @erikloman ?
     
    Last edited: Oct 29, 2015
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Firefox 41.0.2 not showing fonts (build 328 beta/W10 x64). Caused by Block untrusted fonts?
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      32.5 KB
      Views:
      73
    • 2.jpg
      2.jpg
      File size:
      18.4 KB
      Views:
      70
  4. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    No problems with the new build except that the tray context menu stays in the same language even if you change it in settings (until you reboot the computer I think)
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    3.1.0 Build 328 installed and working fine for me :thumb: I saw and enabled the new "block untrusted fonts" feature. Is there a reason it is not enabled by default?
     
    Last edited: Oct 29, 2015
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is behavior by Microsoft's design. The Block Untrusted Fonts feature blocks all fonts not located in the C:\Windows\Fonts\ folder.
    This means that embedded fonts (in documents) and fonts loaded from internet are not loading when the feature is enabled.

    Font parsing is done in the kernel, this poses a threat. An excellent example is the Duqu malware which is notorious known for abusing embedded fonts to gain elevated privileges. More information here: https://threatpost.com/of-truetype-font-vulnerabilities-and-the-windows-kernel/101263/

    If you want to allow fonts from the internet, I recommend keeping the Untrusted Fonts mitigation set to Disabled.
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    We can see something "step aside" by Identity Shield Off. Keystroke encryption has an entirely different presentation with Identity Shield Off.

    I've never seen an Alert Risk reduction real protect event. Maybe, the Alert Risk reduction module "steps aside" for Webroot. Webroot touts an array of protection from threats accessing personal data. e.g., man-in-the-browser.
    My attention on Keystroke encryption is simply because I can see it.
    I've not seen an Alert Safe browsing, Exploit mitigation nor Risk reduction real protect event.
    No dispute that it's 100% preferable not to see than see a real protect event.

    We've been advised Alert Keystroke encryption steps aside for another keystroke encryption. Does Webroot Keylogger protection "appear as" Keystroke encryption to Alert. Anything else "appears as" to Alert..?
    Acknowledge, Surfright in-house testing every iteration is not feasible nor expected.
    So, we rely/trust user feedback as to Alert Safe browsing, Exploit mitigation n' Risk reduction real protect.

    Reasonable concern is that maybe, I'm degrading overall protect by Webroot+Alert.
     
    Last edited: Oct 29, 2015
  9. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Thanks for info. Log can be found via Event viewer : Application and Service Logs/Microsoft/Windows/Win32k/Operational

    Beschrijving: C:\Program Files (x86)\Mozilla Firefox\firefox.exe heeft geprobeerd een lettertype te laden dat wordt beperkt door het beleid voor het laden van lettertypen.
    FontType: Geheugen
    FontPath:
    Geblokkeerd: true
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Where @bjm_? I don't recall seeing where Surfright explicitly says this - maybe I missed it ...
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Um, as I recall users asked about Keyscrambler or Zenmana.
    Sorry, I did not think to bookmark messages.
    If I want Alert Keystroke encryption when logging in to KeePass. I'll turn Off Identity Shield.
     
    Last edited: Oct 29, 2015
  12. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
  13. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    yesss :)
     
  14. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    erik, i like the new Alert home page! :thumb:

    3.1.328 works like a charm, good work!!
     
  15. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    New Alert home page?
     
  16. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
  17. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    @erikloman
    Updated the translation with EOP protection related strings. Look at your inbox.

    If anyone else needs them/wants to translate, I think that's all, but I could miss some string:
    Code:
    481=Block untrusted fonts
    482=Stop elevation of privilege attacks
    483=Stop elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    484=Restart the computer for the changes to take effect.
    912=Audit
    ---
     
    Last edited: Oct 30, 2015
  18. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Just bought the Halloween special, 3 pcs for 2 years. Thank you to the devs of this great product. I look fwd to using and supporting your work for years to come.
     
    Last edited: Oct 29, 2015
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman

    HitmanPro.Alert 3.1.0.328 BETA working with no problems here.

    With Regards
    Take Care
    TheQuest :cool:
     
  20. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    Using Win 10 and installed HitmanPro.Alert 3.1.0.328 BETA....can log in to my banking sites ok except for PayPal....using lastpass...it goes in to a continuous loop of trying to log in......anyone seen this before?
     
  21. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    Not a problem here.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Erik and Mark,
    Is it OK and safe to add the Win10 application, 'Groove Music' to the protected applications - Media? What about other Win10 applications?

    Thanks.
     
  23. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    Now this morning all is ok with logging in to PayPal....must have been a glitch with PayPal....sorry everyone....
     
  24. alexphoenix

    alexphoenix Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    4
    Installed HMPA 3.1.0.328 today (Clean Install). Keyboard stopped working. Keyboard refused to work in browsers, in the "search programs and files" box, at a command prompt, everywhere! Also ctrl-shift-esc refused to bring up Task Manager. Uninstalled program and rebooted - keyboard problem persisted. Removed "Unknown USB device" from Device Manager and scanned for hardware changes - keyboard funcionality restored. Re-installed HMPA - problem recurred. Also running MBAE free edition and MSE AV (Yeah! I know it's not the greatest but it has a light footprint) on an Optiplex 780 running W7 Professional 32 bit with all updates, patches etc installed.

    Any suggestions?
     
  25. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Interesting! What brand and type of keyboard do you have?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.