HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. hjlbx

    hjlbx Guest

    Now, what security soft vendor buys a game to test with their product in response to a user report ?

    Go, go, go... SurfRight !! :thumb:
     
  2. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    why don't you sell me the key ASA you have fixed the issue?? (discounted txs :D)

    :thumb:
     
  3. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    I have no issues running The Division on my Windows 10 x64 machine.
    Even though I have no problems with this pretty awesome game, you may want to try to exclude this program "F:\Ubisoft\Tom Clancy's The Division\TheDivision.exe" in HitmanPro.Alert. To do this, follow these steps:

    1. Open HitmanPro.Alert
    2. Click on the gear icon in the top right corner and select Advanced interface
    3. Now click on the blue tile called Exploit mitigation
    4. Select Applications
    5. Scroll to the far right, to the EXCLUDE category, and select Add exclusion
    6. In your case, browse to and select this file: F:\Ubisoft\Tom Clancy's The Division\TheDivision.exe

    Note: By default The Division is installed in this path: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe

    What other security software do you have installed on the machine?
    Looking forward solving this! Thanks!
     
  4. dios

    dios Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    14
    Thanks for checking out the game ( :D ), after I reinstalled hmpa and set an exclusion for the game it launched without issues. Without a individual exclusion but even with all mitigations/preventions/browser protections turned off globally (so for all apps, not per app) it still triggers the Exception code: 0xc0000005 with Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02.

    I also use Norton Security.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Now that's dedication
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yep, no problem with Other for me. My Reply #8895 was to Rasheed187 said:
     
  7. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    This worked, thanks. It's only blocked when keepass checks and loads the extensions for the first time.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I totally forgot about this. I think this should be changed, Keystroke Encryption should be system wide, with an exclusion option. You shouldn't have to add apps to the anti-exploit protection list just to get protection against loggers.

    Because they are not targeted by exploits.
     
  9. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    Sorry I think I posted this in the wrong thread last time.

    So here is my current setup

    MBAE free covering all the browsers

    EMET covering all the non browsers like Adobe office etc..

    Hitmanpro.Alert free covering everything else non exploitation wise.

    For some reason IE11 keeps getting killed by HMP.A regardless of whether HMP.A is disabled or enabled.

    It seems like HMP.A is still running stuff even when everything is disabled. Is this true?

    With HMP.A uninstalled everything works fine.

    Any ideas?

    Thanks
     
    Last edited: Mar 11, 2016
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    KeePass/Enpass open n' data loaded in memory is vulnerable....as any process in memory.
    Good to know they're not targets.
     
  11. jd97

    jd97 Registered Member

    Joined:
    Apr 27, 2015
    Posts:
    28

    Are all of these installed and in use on 1 machine?

    I have some problems on occasion with IE 11 x64, but I suspect it is the interaction with password Manager: Sticky Password (a good product btw).
    Back when I used EMET, it would barely open at all and gave Heap Spray errors (EMET)
     
  12. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    Yes,

    Let me clarify a little.

    MBAE free version covers browsers, Java and a couple other things

    EMET covers other apps like Adobe, office, etc..

    I have no apps overlapping with both MBAE and EMET. So any app is protected by either or, but no app by both.

    This combination works perfect with no issues.

    Now HMP.A (free) has nonexploit level protection that I want to run. Things like badusb, browser monitoring etc.

    Here is the problem when I enable HMP.A:

    Apps protected by MBAE (browsers,Java) run perfectly fine.

    However, apps protected by EMET (Adobe, office) fail to run whatsoever.

    Here is what I have tried:

    If I disable all mitigations for that app in EMET but leave the app on the app list (meaning EMET.dll is still injected but not doing anything) the app still fails to open.

    Additionally, if I disable every function and feature in HMP.A free and switch it to audit mode, while the EMET mitigations are still disabled, the app still fails to run.

    Finally, if I delete the app from the app list in EMET (meaning EMET.dll is no longer injected) the app will finally run.

    The app also runs fine with HMP.A uninstalled regardless of whether it's EMET mitigations are enabled/disabled/removed from app list.


    This can only draw me to one conclusion.

    Specifically, the injection of EMET.dll into an app, triggers HMP.A (free) to terminate that app on launch, even when HMP.A is completely disabled and in audit mode. Keeping in mind that HMP.A (free) is not supposed to include exploit protection.

    Even though HMP.A claims to not include exploit level protection in its free version, it is still watching for injected DLL's into apps (even when in audit mode) and terminating those apps on launch. And there is no way to disable this behavior.

    I disabled every function and feature in HMP.A, nothing works beside uninstalling it.

    HMP.A simply does not work with EMET.

    Please let me know if I am doing something wrong here.

    Thanks
     
    Last edited: Mar 12, 2016
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I would agree, that the two don't work well together. I would recommend dropping MBAE free, and going with HMPA paid.
     
  14. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    MBAE is not the issue, I think we posted at the same time, I explained everything in the post right before yours.
     
  15. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    Adding to this,

    I tried to enable the free one time 30 day trial,

    hoping that I could disable this behavior using unlocked exploit features in the premium version,

    and it gives me a message, "this computer has previously used a trial already" .....
     
  16. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    You used the free trial period already on this computer using either HitmanPro and/or HitmanPro.alert. They both use/share the same license.
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HMPA and EMET 5.x do not run together as stated previous in this forum. It currently is not a high on our to do list. Running two anti-exploit tools (let alone 3) is highly unrecommended anyway.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Correct. Though it depends whether Alert will alert on it. There is an algorithm behind it.
     
  20. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    But, HMP.A claims not to have any exploit mitigation in the free version correct? So, theoretically this shouldn't be an issue.

    But it is, because HMP.A is doing things while in disabled/audit mode, anti-exploit things, that the user has no way of disabling.

    Not only is this an issue because its supposed to be disabled and not doing anything, but also because while disabled/enabled, its doing things antiexploit things it claims to have no capability of in the free version.
     
  21. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It's not clear what it's doing at the moment. What is clear is the lack of compatibility between HMPA and the version of EMET you're running.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Features can be disabled, but they are installed, and that in itself can cause conflict.
     
  23. hmpa111

    hmpa111 Registered Member

    Joined:
    Mar 11, 2016
    Posts:
    11
    Do we at least know why:

    1. HMP.A is blocking things while in audit mode?

    and

    2. Why it is looking for injected EMET.DLL into apps, in the free version?

    ^^ Again, this is exploit mitigation, which is claims to not support in the free version.
     
  24. hjlbx

    hjlbx Guest

  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.