Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Um, why would you need anti mitigation on eraser and file shredding utilities
I installed HMP.A RC and was hoping to try the free version only but it picked up the activation from an earlier trial. How do I get HMP.A to forget the key and just run as the free version?
Also, while running activated I opened Windows Media Player and HMP.A RC popped up and said it had blocked an exploit which I'm confident was a false positive. I'm currently restoring a backup image pre HMP.A so I'm sorry I will not be able to upload you the logs, but I thought I'd let you know just as an FYI.
W7 x64, Norton 360.
1. There is no difference between free or expired license.
2. Did the Alert mention heap spray or ROP?
The license hasn't expired, it is still valid.
I am sorry Erik, I should of taken more notice.
With IAF the Import Address Table (IAT) of the module no longer discloses the addresses of critical functions as they are replaced by addresses pointing to Alert. If you would call the address from the IAT, Alert makes sure the caller originates from that same module.
So the IAF mitigation is twofold:
1. No disclosure of critical functions via IAT
2. Enforces that the caller originates from the same module as the IAT
EAF revolves around EAT whearas IAF revolves around the IAT.
Hope this helps.
Disable Exploit Mitigation on the blue tile (in Advanced Interface).
And keep Vaccination set to Passive?
Testing HMPA RC3 keylogger protection . Seems to work for a short time and then stops working. Also tried the exploit test tool and that seemed to work. Using the browser for keylogger test. Could be related to other security software installed.
Keys at times seem sluggish on the keyboard.
Can you see if hmpalert.exe has crashed via AppCrashView?
Can I explain why I choose the free version of HMP.A over the activated version? (many thanks for the license by the way) I seriously appreciate what you are doing with the help from the Wilders members. More power to those who strive for a malware free future.
Put simply, I use all my security applications to 'alert' me of potential malware. If Norton, mbam, mbae, hmp, hmp.a, sas (heavens forbid), or what ever, notifies me there is potential malware on my machine I will not bother trying to remove it. Instead I will look toward a recent image backup, of which I try and update roughly weekly. For me, all scanning / protection tools are used to 'alert' me of potential danger. If there is an 'alert' from any of my tools I'll simply restore the latest image. Why fight with malware??
All the best of luck,
One small issue with HmP.Alert build 120 and earlier. My Windows 7/64 bits taskbar is set to hide automatically. Sometimes the HmP.Alert-green border prevents the taskbar from showing up/unhiding. I need to press the Windows-key.
@erikloman @Peter2150 What I meant is that the cryptogaurd blocks eraser and other file shredder programs. It would be nice to add them as "safe"
Gotcha. Only problem is there are problably a bunch programs that do this. I also have one. But I just turn it off cryptoguard when I use it.
It would be nice I agree, to be able to add something to white list it, but that could be tough. I am not even sure which part of the program I use is the problem.
I have eraser set to do batch deletes of my sandboxed download folder as well as a few other places I stick things I dont want or that are just temporary on a nightly basis. Interestingly it was not caught by CPT4 so something must have changed
My 2 cents:
Running Win 7 32bit, Panda Antivirus Pro (Former Panda Cloud Pro), Latest Slimjet Browser (Chrome clone)
Strange behavior when browsing for example Facebook, if you have the videos to auto play, huge slowdown and cpu usage for the browser.
I also saw this on a news site when playing their video clips.
Removed Build 120 and all went back to normal.
Remarks and known issue
Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
Regarding this conflict i would like to know more and want to help solve this as i would like to use them together. i was successful in installing and using outpost firewall(64bit) and hmpa(previous version). The key was to let outpost auto create rule for hmpa. Although i used it for some time i had a BSOD once, don't know what was the cause. will try to check again tonight
The free version of HMPA does not offer exploit protection, so it's possible to use them both. HMPA does offer more features and in theory the exploit protection is more powerful, but MBAE can also stop most if not all known exploits, so it's a matter of preference.
I agree about this, but MBAE and HMPA have an advantage over EMET, namely "stage 2" protection, so even if exploit mitigations are bypassed, they can still stop the payload from running.
Issue I spoke of yesterday (with Pale Moon) has returned today. Using PM, without keystroke encryption now, to type ok. Anybody using HMPA RC with Pale Moon not seeing this issue?
What is the eta to the server hmpa beta? Happy to beta test it for you.
ok installed HMPA alongside outpost firewall 64bit.... let it auto create rules for hmpa..... as of now everything is fine.... no crashes so far....
Browser: firefox inside sandboxie
OS: windows 8.1 update 64bit
So far build 120 is working much better on my systems then build 92 did. It's getting along fine with my other security software and not causing loading/unloading glitches with Firefox. It's also really nice having the real-time feedback in the lower right corner of protected apps, eg displaying "encrypting keystrokes" while typing. I would like to see some options for the border in the final release. I know some people would like to turn it off. I would actually like to make the border a little thicker so its easier to see and have it display continuously, not only when I move the mouse to the edge of the application, so it's more obvious when an app is protected.
If you mean NirSoft AppCrashView then no not using it. Seems to be working again for time being. Will do more testing. Didn't see anything in event viewer.
HMPA RC has added wrsa.exe (Webroot SecureAnywhere) to exploit mitigation. Everything seems to be working normally, but is this normal behavior? No risk Webroot process will provide less protection?
To what template (name of the group) was it added?