HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. 142395

    142395 Guest

    All right, but what do you mean by Japanese keyboard?
    There're so called Japanese keyboard with which I can directly type those Japanese character, but as I said I can use English keyboard to input Japanese char.

    Anyway, it's great to hear that you're started working on adding support, as we really don't have many options.
    Even Kaspersky who sell a lot in Japan don't support, while they keep saying "We will support" for years. Same goes for Zemana. I don't know how difficult it is.
     
  2. 142395

    142395 Guest

    What do you mean?
    ROP is a set of methods to bypass DEP, so it makes sense when combined other exploit which causes memory curruption. And does 'Stack' mean Stack Pivotting? SP is also used to byapss DEP (it's part of ROP), especially with heap over-flow because it is not easy to change a value on stack in heap overlflow attack. SP replaces the top of stack to chain attack to next, usually return-to-libc.

    I think any data or code which is interpreted by vulnerable program can cause those exploits, but surely script is one of the preferred method, especially in use after free which is the most popular attack recently.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I meant Japanese keyboard layout (choose in software). Your previous post with instructions were very valuable. Thanks :thumb:

    I will contact you (via PM) when we have a version that you can test.
     
  4. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    460
    Trialling HPA CTO 4. I have found that it prevents Phrase Express from expanding text abbreviations into full text snippets in Firefox and Chrome
    http://www.phraseexpress.com
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Passphrase intercepts keystrokes. Alert 3 encrypts keystrokes to thwart banking trojans that steel credentials.

    Disable the Keystroke Encryption in Alert to keep using tools like Phrase Express. This opens up stealing of keystrokes to malware. But you cant have one without the other.
     
  6. Fardooste

    Fardooste Registered Member

    Joined:
    Nov 24, 2014
    Posts:
    6
    I would be willing to pay for a cryptoguard-only version designed to work with servers. Are you developing such a version? Also, is the beta hitman pro alert more stable with servers than 2.6.5? Thank you very much.
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    I'm wondering how well keystroke encryption works for public WiFi. I'm presuming not so well, since the unencrypted text has to be sent to the server.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Keystroke encryption has nothing to do public wifi. It's about preventing keylogging. The keystrokes are encrypted until they get to the browser and then are decrypted.

    Pete
     
  9. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    Interesting question I just came up with while looking at user J-L's setup and noticing he uses prey, a popular device recovery software thingy. How will HPA affect the operation of something like that that would remotely activate the webcam or take remote screenshots etc. Would alerts pop up?
    Could be something to think about for people with that software as well as lojack for laptops
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    There are no alert pop ups with HMPA. If it alerts it shuts down the offending program. How it would react to that software is an interesting question.
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    If the camera is started it will show a popup to the user. You can try yourself using our Exploit Tester which has a webcam test.
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Alert 2.6.5 has support for servers. We have many clients running Alert 2.6.5 on servers to block crypto-ransomware. I do not recommend running Alert v3 on servers as it is still in beta.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Indeed it did, is there a way to whitelist Prey? Other features didn't seem to be impacted, but I did allow webcam access. Will try again in 10 minutes (free version limitation) with webcam blocked to see if it still works.

    *It's taking longer than I thought, still no second report. Will edit once it arrives.

    *Sorry, will have to wait until tomorrow. Going to sleep now.
     
    Last edited: Nov 25, 2014
  14. Fardooste

    Fardooste Registered Member

    Joined:
    Nov 24, 2014
    Posts:
    6
    I have run alert 2.65 on servers, but it sometimes interferes with them and has a performance hit. We don't need browser protection on servers, just standalone smb cryptoguard blocking as these are not for surfing.
     
  15. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    I installed prey as well to give it a shot. Got a good looking log file but have not gotten any reports so it may be some other software is blocking it. I will try to get it working, I Also want to see if i can get absolute (lojack) to activate my webcam and see if it alerts. Has anyone tried metasplot remote activation yet?

    EDIT: Scratch that, Disabling the webcam protection does in fact allow the program (Prey) to work unhindered. And it does alert when enabled.
     
    Last edited: Nov 25, 2014
  16. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    A quick question about the last stable version of HMPA (2.6.5.77). I've been using it on Win XP SP3along with Firefox 27.0.1 and have noticed the following behavior.

    The first time each day I launch my FF browser, it (the browser) crashes when I close it. But that only happens once. In other words, if I have not rebooted, that problem will not occur again regardless of how many times I use it or re-open it. However, once I shut down or reboot, the same exact thing happens again. I can certainly live with it and work around it, but it's just a little annoying. By the way, I did not notice this happening prior to installing HMPA 2.

    Any thoughts as to what might be causing this?
     
    Last edited: Nov 25, 2014
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Finally, a second attempt, definitely longer than the 10 minutes I've set. This time I blocked it, and Prey seems to still work, just without the webcam picture of course.

    If possible, I would like HMP.Alert to have the ability to whitelist programs w/o having to disable its protection.
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The Webcam filtering got improved in the RC build. Where you can actually choose to block or allow the app to have access. I will have a look at Prey to see if we can improved for the final.
    RC is close to being released.
     
  19. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    Erik, most of the source code is open, I have been working with the devs a bit getting some things to work so if there is some specific piece of info you need let me know.
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Thanks! :thumb:
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro Black Friday / Cyber Monday deals!

    Buy 1 year, Get 2 year!

    Since HitmanPro.Alert 3 and HitmanPro use the same license, the deal applies to both HitmanPro and HitmanPro.Alert 3. Buy one license, use both products!

    blackfriday.jpg

    Links:
    1PC 2yr for price of 1yr
    3PC 2yr for price of 1yr
     
    Last edited: Nov 26, 2014
  22. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    Cool! Happened to be just about time for renewal anyway so perfect timing!
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    That's great to know! Can't wait for the official RC.

    *Should've posted it earlier, but can someone refresh my memory of the Prey EXE file I'll need to whitelist in the future? Or will the be implemented automatically?
     
  24. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    Erik is looking into it. Not sure if he will build in something specific for prey or if there will just be a options to white list. There is a specific module for the webcam functions in prey you would probably have to whitelist all the files in that. Then again it is just a script that runs to take the picture so we will have to see what erik says

    @erikloman By the way I updated my version of prey to the newest beta release as I was having some issues and the new version (WEBCAM) DOES NOT set off an alert from HMPA So that might be something to look at to see how they do it and add that to the code so it can be blocked. Their new version uses a TON of node libraries and there is a lot of random stuff in there that I am not exactly sure what it does.
    I think it uses DirectShow.
     
    Last edited: Nov 26, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.