HitmanPro.ALERT Support and Discussion Thread

Ask Mark or Erik by PM

 

Small update to my HMPA 3.5 download issue with Avira Web Protection on. Apparently it only happens in Opera. Chrome, Firefox and Edge are not affected, interesting... Disabling mitigations for Opera (not just unticking them) fixes the problem, but that is not something I would like to do.

I also think Adobe Cloud Updater displayed an issue with downloading updates as well (as I had to download the latest Lightroom CC update manually after Adobe Cloud failed to unpack the downloaded updates several times), but I am not able to confirm it at this moment.

I hope this will help in troubleshooting and fixing this.

 

I can't get the blizzard game overwatch to run since installing hmp.a. The process is showing up in task manager but it wont launch at all. Is anyone else having this problem?

 

I had a same problem: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-400#post-2591035

 

That fixed it. Thanks.

 

The thing is, there is nothing special about Bouncer and MemProtect. Just about all tools that monitor process execution will pass the "Exploit Test Tool" from Surfright. I have tested it against EXE Radar and SpyShelter, and guess what? They also block the execution of calc.exe.

But that doesn't mean they can block the exploit in an early phase, like MBAE and HMPA both can do. The faster you block the exploit chain, the less chance of a bypass, that's the big advantage of specialized anti-exploit tools. Bouncer + MemProtect is basically AppGuard for "uber geeks", there is nothing special about it.

 

My observations are:
1. He bypassed the Windows SmartScreen warning and ran an unknown executable anyhow
2. The Kaspersky tray icon has an yellow triangle alert on it. Was real-time protection disabled?
3. We do not know the status of HMPA based on the tray icon, but if this was not crypto-ransomware, and no unusual process or memory exploits were employed, HMPA may not have picked this one up.
4. The mystery at 1:20 in the video: A number of desktop shortcuts, including HMPA, disappear at the exact same time as the files in the test folder on the desktop. This only shows the shortcuts being removed, not the actual programs.
5. So when he runs HitmanPro, a trojan is detected. I find it hard to believe that a known trojan got past the Kaspersky realtime detection without being detected.

 

@Tinstaafl Mark loman explained that the guy tests with HPMA and Kapersky disabled as you suggested. HPMA protects against these variants. Thx

 

yeah I read in your older post that you use memprotect, but I have absolutely no idea how to enable it.

 

@chrcol That is the advantage of HPMA it has a GUI and good support at Wilders

 

@Tinstaafl :
Darn, the "You-Tester" not only bypassed smartscreen, but also UAC...

Such video is only good for generating clicks, and discredit the security solutions, that where loaded, but deactivated,
just to create more rumors and clicks.

Not worth to discuss anymore.

 

I suspect the bypass UAC is only when the default whitelist UAC mode is enabled, not the proper UAC aka vista mode.

 

+1

Yep, not exactly a real world test. I usually leave my protection enabled

 

Ha, yes! You will have much better protection with you stuff turned ON!!!

 

Amen!

 

I've always been worried about keystroke encryption and stuff like that affection input latency in games, am I overthinking things?

 

Are you are referring to this: Privacy and Espionage Protection - Proactively encrypts keystrokes - HMPA feature? Then you probably don't need to worry about latency in games. As I understand this feature, it only encrypts keystrokes as you type credentials into forms on webpages. Keeps your passwords safe from spies.

In any case case, I doubt that real-time encryption using today's modern CPU's would create any perceptible latency. I used to run TrueCrypt with full disk software encryption using on-the-fly encrypt/decrypt for the entire boot drive, and could not tell any difference in real world performance from a non-encrypted boot drive. Only with CrystalDiskMark could I see any measurable throughput difference in MB/S on a SATA 3GB/S SSD.

 

BTW, do you think that HMPA would be able to mitigate these exploits:

https://www.wilderssecurity.com/threads/running-for-office-russian-apt-toolkits-revealed.387746/

 

@markloman @erikloman

Ever since I did the update to Windows 10 Anniversary, HMPA and Bitdefender don't play nice. Some programs (until now AdGuard, PushBullet and O&O ShutUp) fail to start there GUI without any errors and only show background processes in Windows Task Manager with excessive CPU usage (about 25% for each process).

Making exclusions in HMPA doesn't help, until now this function kinda seems a bit useless because it never seems to solve anything. Also really annoying is that HMPA doesn't tell me anything when it's blocking stuff that ain't specifically in the protection list.

To solve the problem I need to do one of the following: either uninstall HMPA or make process exclusions in Bitdefender while leaving HMPA installed. Uninstalling HMPA gives a 100% success rate of solving the problem, while exclusions in Bitdefender is a bit of a hit or miss solution depending on the program.

I think there is a conflict between Bitdefender's Active Threat Control and HMPA. The only thing Bitdefender support advises me to do is uninstall HMPA. And I ain't planning on constantly excluding things in Bitdefender, because that kinda makes the whole real-time antivirus idea a bit useless.

Lately I'm getting a bit annoyed by all these issues, it's a real time drainer constantly working around these problems and contacting support departments of different developers in the hope that they ain't gonna give me the runaround, while in the past everything worked fine..

 

Thanks for the info.
I'm using 64 bit Chrome, tho I'm not sure if it has sth to do w/ key stroke encryption.
Anyway I tested old version of HMPA, so will test later w/ new v3.5.

 

@denniz The O&O ShutUp GUI started fine on my system (clean 1607 install), with both HMP & HMPA installed. It also ran fine on a family member's PC (1607 as an update), with both HMP & HMPA installed. Perhaps something else is interfering on your system?

 

I understand your frustration, but the problem is with Bitdefender not HMPA. They expect users to run their product exclusively instead of working to maintain compatibility with HMPA. I experienced the same thing with another AV vendor and decided to drop their product. I feel that Windows Defender is strong enough in Windows 10 to serve as my AV and it gets along fine with HMPA and MBAM.

 

I have no issues what so ever with BD and HMPA

 

I'm glad to hear that, but it doesn't change the fact that BD apparently won't support people who do have issues.