Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Of course Victek, and thanks for your advice.
Not forgetting Active Connections also...
As soon as final stable version 3 is out Webroot will whitelist HMP automatically.
Thanks @shadek or I could always get some whitelisting done in the meantime, hopefully. I haven't taken a look at any WSA scanlogs for this yet.
edit: on checking yeah, both the hmpalert.sys and the hmpnet.sys drivers need whitelisting ideally.
Yes, once Alert 3 is released, you'll be able to use the paid features with you HitmanPro license.
Does this belong to HMPA c:\windows\system32\conhost.exe "-229208061919898010-18463975781924818821-1620140479-1831381111-3801501221002492504" I received a prompt from VS to alllow, or deny it. I have never gotten this prompt before. I just installed the latest beta of HMPA so I figure maybe it belongs to it. I was away from my computer for several hours before I was able to choose allow from the prompt. I went ahead, and whitelisted it. I hope it temporarily being blocked does not cause any adverse affects for HMPA.
I googled it, and it is a windows program. Off hand doesn't appear to be HMPA related. Erik may shed more light on it.
conhost.exe is definitely a windows program, but I think HMPA is using it. Sorry, I misstated my question Pete. I should have said is HMPA using this for something c:\windows\system32\conhost.exe "-229208061919898010-18463975781924818821-1620140479-1831381111-3801501221002492504 I'm not sure about the last part after conhost.exe. Maybe it does belong to HMPA. It's above my understanding without further researching it. I will just wait on Erik to enlighten us.
Its 100% not part of Alert. I have no idea what this is.
I'm just gonna quote this:
If you want to read more about the technical background of "ConHost.exe", read this:
Thank you very much BoerenkoolMetWorst for your info.
Thanks! I have not ideal why VoodooShield is just now prompting me about then. Strange.
Thank you. I will take a look at your link to see what I can learn.
I'm sure it has been answered before, but can't find the answer anymore...
How to reset the number of alerts in HitmanPro.Alert CTP4 , without deleting my license ?
Where are the log files for HMPA? I can't find them, and I don't see any logging inside HMPA GUI. I only see number of alerts, and it list nothing there. I think I had a false positive last night with Media Player Classic.
All logging is done in the Windows Event Log.
I would suggest HMPA having it's own log. Its tedious having to wade through all the other recorded events from all the other applications.
I filtered by application, and looked through all the blocked events from HMPA. HMPA did not record the blocked exploit it detected with Media Player Classic. The log is just full of entries from HMPA saying HMPA failed to update, and that it will try again in 120 minutes. HMPA needs better logging so valuable information can be recovered for the developers. It really helps to improve a product.
For the developers the logs seem useful. If I got FP alerts, I immediately go there and capture the logs so I can send them to the developers. That seems to be what they need
Yeah, they need to have their own logging. If they had their own logging I would have been able to collect needed information.
I filtered the logged events and deleted all HitmanPro entries.
Now the alert counter is reset to 0.
THX for the advice.
I would prefer to have it manged within the HMP.Alert UI.
The reason for lots of alerts was a self compiled AutoIt Script, and a script for some DISM actions.
My experience was the logs did not capture the blocked exploit which I believe to have been a false positive. I just wanted to get the information about the blocked event to them, but I can't since it was not recorded in the Window's Event Logs. I just wanted to be able to contribute something towards HMPA's development.
Should HMPA give a different alert to inform the user that IE is being protected vs Firefox. HMPA says it protects this application from exploits when I open IE. When I open Firefox it informs me that it protects this Browser from exploits. The alert is different. It makes no difference to me, but I thought I would report it in case they want to keep things uniform. Is this the same behavior other users are seeing?
Can you post the screenshots with the difference? Are you running CTP4 or the private build I sent you last week?
Found a new bug/conflict with Adobe Reader and BullZip PDF Printer. When I went to print a PDF from adobe using BullZip it gave me a ROP mitigation. @erikloman I can send the log if needed
Separate names with a comma.