Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
MBAE and EMET both. Its been reported multiple times and RC is supposed to be compatible with EMET.
Why would you want to use both. To me it's asking for trouble, with no gain. I've just spent some time testing against a real live piece of malware, and HMPA with it's extra features, does a better job in IMHO.
Firstly, you haven't proven there is no gain. Secondly, the free version without exploit mitigation is forgotten yet again. Lastly, it is my choice after all. Waiting for the RC then.
Tried again, it is indeed EMET 5.1 incompatibility. After disabling that on Chrome, it runs fine now. Weird thing is, EMETed Chrome wouldn't run no matter what I disable on HMP.A.
Can I at least get rid of the trial license activating without my consent? I don't want to trial the paid features yet.
*P.S., I can't disable the safety notification border, it's greyed out. Maybe that's why?
From Community Technology Preview 4 Release Notes: The checkbox ‘Show border around applications’ under ‘Safety notification’ is currently checked and locked on purpose.
The same was mentioned by Adric, October 8, to which Mark replied and again Adric replied.
I replied that I see the same issue.
I said I understand that for testing the HitmanPro.Alert 3 modules a license is required, put perhaps not all users may have realized that would cost their trial license that they might have wanted to save for later on.
I said I hope SurfRight can reward the testers with a new free unactivated trial license.
And I said that I really hope that automatically activating the trial license will not be implemented with the HMP.A final version. Probably some users would rather keep their free unactivated trial license for HMP than activate all HMP.A modules.
Unfortunately, there was no further reply from Mark or Erik regarding that matter.
I have a question regarding Application Lockdown. Does this extend to protected applications' attempts to execute malicious .dlls as well?
Disabling features in HMPA doesn't change the fact that the DLL is injected in all processes. Conflicts are likely caused by the fact that both applications are injecting DLLs into the same processes. The results are unpredictable.
Running more than one anti mitigation is most likely going to be as problamtic as running multiple firewalls and multiple aV's Victec, I was at first concerned about the muliple injection of it's DLL's, but at this point, I have to say it has NOT been a problem.
The more security, the more possible conflicts. All one can do is try to prevent possible overlaps, create exceptions, or remove something. So far, I had minimal problems running all 3 configured to not overlap. Multiple DLL injection, even of security programs, is actually quite common and usually painless imo.
Could someone tell me if all the HMPA test attempt to launch calculator.exe? If the calculator does not launch, and the browser crashes does that mean the attack was successfully blocked? I just want to make sure I understand the test correctly.
I think so, but my test was with real malware, as opposed to the test exe
I tested HMPA with the test about a month ago, but I don't remember what kind of feedback I was getting from the test that indicated a pass, or fail. I do remember HMPA failing at least one of the test. I just want to make sure exactly what constitutes a pass. I tested AppGuard with a few of the test out of curiosity. I was going to test AppGuard against all of them. I turned program guard off on OA in order to test AG, and OA was still prompting me about the test lol Hell.. maybe I should test OA to see what the results are. Online Amor covers a lot more than most people think. I done some rudimentary testing recently with SpyShelter, and Online Armor. SpyShelter remained silent for the most part, and Online Armor flagged every little thing. Well, i'm getting off topic though now. I'm working on something right now. When I get done i'm going to see how many of the exploit attacks from HMPA test OA, and AG can mitigate.
The test gave a description below each one what should, or should not happen. I should have payed closer attention to detail. I just finished testing OA, but can't post about it in this thread.
The tester comes with a PDF document detailing each test.
Ok, thank you! I just found the pdf manual. It's from September. I hope it is still up to date.
The manual in the CTP4 zip belongs to that version. There will be a new manual with RC.
Ok, thank you for the info.
Too bad it is not compatible with EMET :/
Our current public builds are all compatible with EMET 4.1 and the upcoming release candidate is compatible with EMET 5.1.
Oh that is nice to hear !
My testing with some real malware, shows HMPA to be far superior to EMET 5.1 so I wouldn't worry about it. Also I wouldn't run two anti mitigation programs any more than I'd run multiple real time AV's
Yep but HMPA only protects browsers while EMET is able to protect more apps (communicators, mail, ftp, etc)?
Note quite. I have HMPA on board and it protects the browsers(against more then just exploit mitigation), Windows Media Player, Gom Player,Windows Media Center,PowerDVD 13,Rhapsody Music player,SMPlayer,VLS media player,Adobe Acrobat Pro,Adobe Reader,TrueCrypt 7.1, Office Programs, Skype.
uhm I am not able try it out myself right now (at work for the next 8 hours) but: Can you add the apps you want to protect with HMPA ? Or are those fixed apps that are getting protected ?