HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Um, why would you need anti mitigation on eraser and file shredding utilities
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,825
    Location:
    Among the gum trees
    Erik,

    I installed HMP.A RC and was hoping to try the free version only but it picked up the activation from an earlier trial. How do I get HMP.A to forget the key and just run as the free version?

    Also, while running activated I opened Windows Media Player and HMP.A RC popped up and said it had blocked an exploit which I'm confident was a false positive. I'm currently restoring a backup image pre HMP.A so I'm sorry I will not be able to upload you the logs, but I thought I'd let you know just as an FYI.

    Thanks.

    W7 x64, Norton 360.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    1. There is no difference between free or expired license.
    2. Did the Alert mention heap spray or ROP?
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,825
    Location:
    Among the gum trees
    1. The license hasn't expired, it is still valid.
    2. I am sorry Erik, I should of taken more notice.
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    With IAF the Import Address Table (IAT) of the module no longer discloses the addresses of critical functions as they are replaced by addresses pointing to Alert. If you would call the address from the IAT, Alert makes sure the caller originates from that same module.

    So the IAF mitigation is twofold:
    1. No disclosure of critical functions via IAT
    2. Enforces that the caller originates from the same module as the IAT

    EAF revolves around EAT whearas IAF revolves around the IAT.

    Hope this helps.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Disable Exploit Mitigation on the blue tile (in Advanced Interface).
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,825
    Location:
    Among the gum trees
    :thumb: Thanks Erik.

    And keep Vaccination set to Passive?
     
  8. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Testing HMPA RC3 keylogger protection . Seems to work for a short time and then stops working. Also tried the exploit test tool and that seemed to work. Using the browser for keylogger test. Could be related to other security software installed.
    Keys at times seem sluggish on the keyboard.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you see if hmpalert.exe has crashed via AppCrashView?
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,825
    Location:
    Among the gum trees
    @erikloman ,

    Can I explain why I choose the free version of HMP.A over the activated version? (many thanks for the license by the way) I seriously appreciate what you are doing with the help from the Wilders members. More power to those who strive for a malware free future.

    Put simply, I use all my security applications to 'alert' me of potential malware. If Norton, mbam, mbae, hmp, hmp.a, sas (heavens forbid), or what ever, notifies me there is potential malware on my machine I will not bother trying to remove it. Instead I will look toward a recent image backup, of which I try and update roughly weekly. For me, all scanning / protection tools are used to 'alert' me of potential danger. If there is an 'alert' from any of my tools I'll simply restore the latest image. Why fight with malware??

    All the best of luck,
    Krusty Dave
     
    Last edited: Dec 5, 2014
  11. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    974
    One small issue with HmP.Alert build 120 and earlier. My Windows 7/64 bits taskbar is set to hide automatically. Sometimes the HmP.Alert-green border prevents the taskbar from showing up/unhiding. I need to press the Windows-key.
     
  12. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    @erikloman @Peter2150 What I meant is that the cryptogaurd blocks eraser and other file shredder programs. It would be nice to add them as "safe"
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Gotcha. Only problem is there are problably a bunch programs that do this. I also have one. But I just turn it off cryptoguard when I use it.

    It would be nice I agree, to be able to add something to white list it, but that could be tough. I am not even sure which part of the program I use is the problem.
     
  14. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    I have eraser set to do batch deletes of my sandboxed download folder as well as a few other places I stick things I dont want or that are just temporary on a nightly basis. Interestingly it was not caught by CPT4 so something must have changed
     
  15. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    416
    My 2 cents:
    Running Win 7 32bit, Panda Antivirus Pro (Former Panda Cloud Pro), Latest Slimjet Browser (Chrome clone)
    Strange behavior when browsing for example Facebook, if you have the videos to auto play, huge slowdown and cpu usage for the browser.
    I also saw this on a news site when playing their video clips.
    Removed Build 120 and all went back to normal.

    /E
     
  16. reyes

    reyes Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    48
    Location:
    INDIA
    Remarks and known issue
    • Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
    Regarding this conflict i would like to know more and want to help solve this as i would like to use them together. i was successful in installing and using outpost firewall(64bit) and hmpa(previous version). The key was to let outpost auto create rule for hmpa. Although i used it for some time i had a BSOD once, don't know what was the cause. will try to check again tonight
     
    Last edited: Dec 5, 2014
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,101
    Location:
    The Netherlands
    The free version of HMPA does not offer exploit protection, so it's possible to use them both. HMPA does offer more features and in theory the exploit protection is more powerful, but MBAE can also stop most if not all known exploits, so it's a matter of preference.

    I agree about this, but MBAE and HMPA have an advantage over EMET, namely "stage 2" protection, so even if exploit mitigations are bypassed, they can still stop the payload from running.
     
  18. guest

    guest Guest

    -
     
    Last edited by a moderator: Dec 5, 2014
  19. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,411
    Location:
    Surrey, England.
    Issue I spoke of yesterday (with Pale Moon) has returned today. Using PM, without keystroke encryption now, to type ok. Anybody using HMPA RC with Pale Moon not seeing this issue?
     
  20. Fardooste

    Fardooste Registered Member

    Joined:
    Nov 24, 2014
    Posts:
    6
    What is the eta to the server hmpa beta? Happy to beta test it for you.
     
  21. reyes

    reyes Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    48
    Location:
    INDIA
    ok installed HMPA alongside outpost firewall 64bit.... let it auto create rules for hmpa..... as of now everything is fine.... no crashes so far....
    Browser: firefox inside sandboxie
    OS: windows 8.1 update 64bit
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,081
    Location:
    USA
    So far build 120 is working much better on my systems then build 92 did. It's getting along fine with my other security software and not causing loading/unloading glitches with Firefox. It's also really nice having the real-time feedback in the lower right corner of protected apps, eg displaying "encrypting keystrokes" while typing. I would like to see some options for the border in the final release. I know some people would like to turn it off. I would actually like to make the border a little thicker so its easier to see and have it display continuously, not only when I move the mouse to the edge of the application, so it's more obvious when an app is protected.
     
    Last edited: Dec 5, 2014
  23. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    If you mean NirSoft AppCrashView then no not using it. Seems to be working again for time being. Will do more testing. Didn't see anything in event viewer.
     
  24. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    HMPA RC has added wrsa.exe (Webroot SecureAnywhere) to exploit mitigation. Everything seems to be working normally, but is this normal behavior? No risk Webroot process will provide less protection?
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    To what template (name of the group) was it added?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.