HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    779
    MBAE and EMET both. Its been reported multiple times and RC is supposed to be compatible with EMET.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Why would you want to use both. To me it's asking for trouble, with no gain. I've just spent some time testing against a real live piece of malware, and HMPA with it's extra features, does a better job in IMHO.

    Pete
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Firstly, you haven't proven there is no gain. Secondly, the free version without exploit mitigation is forgotten yet again. Lastly, it is my choice after all. Waiting for the RC then.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Tried again, it is indeed EMET 5.1 incompatibility. After disabling that on Chrome, it runs fine now. Weird thing is, EMETed Chrome wouldn't run no matter what I disable on HMP.A.

    Can I at least get rid of the trial license activating without my consent? I don't want to trial the paid features yet.

    *P.S., I can't disable the safety notification border, it's greyed out. Maybe that's why?
     
  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    From Community Technology Preview 4 Release Notes: The checkbox ‘Show border around applications’ under ‘Safety notification’ is currently checked and locked on purpose.
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,392
    Location:
    the Netherlands
    The same was mentioned by Adric, October 8, to which Mark replied and again Adric replied.
    I replied that I see the same issue.
    I said I understand that for testing the HitmanPro.Alert 3 modules a license is required, put perhaps not all users may have realized that would cost their trial license that they might have wanted to save for later on.
    I said I hope SurfRight can reward the testers with a new free unactivated trial license.
    And I said that I really hope that automatically activating the trial license will not be implemented with the HMP.A final version. Probably some users would rather keep their free unactivated trial license for HMP than activate all HMP.A modules.
    Unfortunately, there was no further reply from Mark or Erik regarding that matter.
     
  7. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    @erikloman @markloman

    I have a question regarding Application Lockdown. Does this extend to protected applications' attempts to execute malicious .dlls as well?
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,131
    Location:
    USA
    Disabling features in HMPA doesn't change the fact that the DLL is injected in all processes. Conflicts are likely caused by the fact that both applications are injecting DLLs into the same processes. The results are unpredictable.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Running more than one anti mitigation is most likely going to be as problamtic as running multiple firewalls and multiple aV's Victec, I was at first concerned about the muliple injection of it's DLL's, but at this point, I have to say it has NOT been a problem.

    Pete
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    The more security, the more possible conflicts. All one can do is try to prevent possible overlaps, create exceptions, or remove something. So far, I had minimal problems running all 3 configured to not overlap. Multiple DLL injection, even of security programs, is actually quite common and usually painless imo.
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    Could someone tell me if all the HMPA test attempt to launch calculator.exe? If the calculator does not launch, and the browser crashes does that mean the attack was successfully blocked? I just want to make sure I understand the test correctly.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I think so, but my test was with real malware, as opposed to the test exe
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    I tested HMPA with the test about a month ago, but I don't remember what kind of feedback I was getting from the test that indicated a pass, or fail. I do remember HMPA failing at least one of the test. I just want to make sure exactly what constitutes a pass. I tested AppGuard with a few of the test out of curiosity. I was going to test AppGuard against all of them. I turned program guard off on OA in order to test AG, and OA was still prompting me about the test lol Hell.. maybe I should test OA to see what the results are. Online Amor covers a lot more than most people think. I done some rudimentary testing recently with SpyShelter, and Online Armor. SpyShelter remained silent for the most part, and Online Armor flagged every little thing. Well, i'm getting off topic though now. I'm working on something right now. When I get done i'm going to see how many of the exploit attacks from HMPA test OA, and AG can mitigate.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    The test gave a description below each one what should, or should not happen. I should have payed closer attention to detail. I just finished testing OA, but can't post about it in this thread.
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The tester comes with a PDF document detailing each test.
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    Ok, thank you! I just found the pdf manual. It's from September. I hope it is still up to date.
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The manual in the CTP4 zip belongs to that version. There will be a new manual with RC.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,657
    Location:
    USA
    Ok, thank you for the info.
     
  19. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Too bad it is not compatible with EMET :/
     
  20. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Our current public builds are all compatible with EMET 4.1 and the upcoming release candidate is compatible with EMET 5.1.
     
  21. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Oh that is nice to hear ! :)
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    hi zakazak

    My testing with some real malware, shows HMPA to be far superior to EMET 5.1 so I wouldn't worry about it. Also I wouldn't run two anti mitigation programs any more than I'd run multiple real time AV's

    Pete
     
  23. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Yep but HMPA only protects browsers while EMET is able to protect more apps (communicators, mail, ftp, etc)?
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    Note quite. I have HMPA on board and it protects the browsers(against more then just exploit mitigation), Windows Media Player, Gom Player,Windows Media Center,PowerDVD 13,Rhapsody Music player,SMPlayer,VLS media player,Adobe Acrobat Pro,Adobe Reader,TrueCrypt 7.1, Office Programs, Skype.

    Pete
     
  25. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    uhm I am not able try it out myself right now (at work for the next 8 hours) but: Can you add the apps you want to protect with HMPA ? Or are those fixed apps that are getting protected ?

    Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.