Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Is this new release compatible with MBAE?
Why would you run both Anti-Exploit and Alert 3 at the same time?
They offer both almost the same kind of mitigations and both can be bypassed with some effort.
Imho running two tools at the same time will only cause an additional slowdown if you want the exploit mitigation capability of both.
Sure, if you're running Anti-Exploit and Alert 2, than I can see an advantage otherwise not.
The free version of HPA3, only alerts about the exploit but doesn't block it, right? if MBAE is bypassed I could still be alerted about an intrusion.
I'm not so sure about your first statement. I have always thought that the exploit mitigations and active vaccination were only available if you have a license.
Regarding your second statement:
Yes, it is theoretically possible that HMPA would catch an exploit that is able to bypass MBAE. But it should be possible to bypass both mitigation tools at the same time.
It is just like the idea of running two anti-virus engines at the same time.
There will be an update either today or tomorrow. I recommend waiting on that build if you are planning on running 124 or 125 along other security products.
With enough effort you can bypass anything.
Alert is currently the only product that has hardware assisted exploit mitigations which can detect ROP attacks that use CALL preceded gadgets (like this one http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/). Our Exploit Test Tool has a few tests to simulate such attacks.
In addition, Alert has IAF which protect the IAT of PE files. The IAT is currently used by researchers to get around EAT protection methods (http://www.cs.vu.nl/~herbertb/papers/sec14-paper-goktas.pdf).
I haven't yet encountered any alert with regard to IAF. I will try to figure out when it triggers an alert.
Erikloman, when we can expect final version 3?
If they knew the answer to that it would be released now. To quote a line I love from the movie Masters and Commanders, "It will be ready when it's ready"
Final will be released when its done. We are not bound by budget or deadline though we are fully committed to release Alert 3 as quick as we can. But only when it is stable and performing.
Hope this helps.
You have just made my day!
In regards to Exploit Mitigations, does anti-screen logging fall into this category or is that a seperate concept that Zemana drummed up?
Still on build RC 120 - so far so very good! Waiting for automatic update to check if the update process is stable.
Erikloman, one more question is this HMPA 3.0.21 build 125 Release Candidate compatible and can be used with Sandboxie 4.14 on both 32-bit and 64-bit systems Windows XP Home/Pro Service pack 3, Windows Vista, Windows 7, Windows 8 and Windows 8.1?
Will HMPA version 3 final be compatible with Sandboxie 4.14 as well on all Windows that I mentioned, and on both 32-bit and 64-bit systems?
Big thanks in advance.
@CoolWebSearch: Yes. Worked from the beginning on.
Just add those exclusion in the Sandboxes:
Actually, I don't quite agree: https://www.wilderssecurity.com/threads/emet-mbae-and-hmp-a.370363/
Thanks, looking forward to it!
Thanks, I will wait for the new version of HPA to test it together with MBAE to see what happens...
From release notes:
Remarks and known issues
- HitmanPro.Alert 3 is not compatible with Sandboxie on Windows Vista.
My question: just for now or never?
Who uses windows vista?
HitmanPro.Alert version 3.0.22 build 129 Release Candidate
Improved compatibility with third-party security software/hooking engines.
Improved performance of protected applications.
Minor improvements to the user interface.
Build 124 changes:
Added compression of the resource section to optimize the binary, reducing the file size over 30%.
Improved process startup performance.
Improved Import Address Table Filtering (IAF) mitigation.
Fixed issue with Application Lockdown that prevented some applications from installing updates.
Fixed sudden loss of keyboard encryption that could occur when the computer wakes from sleep.
Fixed drawing of the notification and keystroke encryption indicator in Internet Explorer 11.
Fixed a problem when opening Office documents from the Windows Command Prompt.
Fixed a problem that manifested when opening the multiplayer version of Call of Duty: Advanced Warfare.
Let us know how this version runs on your machine.
Users running build 120, 124 or 125 will be updated at a later moment.
FYI: Our behavior-based CryptoGuard technology in HitmanPro.Alert 3 protects against CryptoLocker, CryptoWall, TorrentLocker, CoinVault, OphionLocker and variants.
Installed build 129 and entries typed into the address bar of IE11 are still being encrypted as with bld 125 unless I uninstall Emsisoft IS
Other than that it seems to be working OK.
What else are you running? We tested with Emsisoft and its working ok. Maybe a third factor.
Anyone else having the same issue with Emsisoft?
using EIS and HMPA build 129, I see no start up issues. I just checked IE11 as I don't normally use it. I also have EIS on board. No issues. Letters and numbers in the address bar are normal, but box at bottom shows encryption
Software I run is EIS, SBIE, ERP, Appguard and HMPA.
Any solution to post #3133? I've used this profile for awhile. I also tested another profile in the likely the former
was corrupted , but same results. Probably would apply to Firefox as well.
I've got a question regarding the HMP.Alert Terms (http://www.surfright.nl/en/alert/terms)
Specifically regarding the following paragraph:
Does this mean that information about intercepted attacks (like source code and malicious URLs) will be sent to SurfRight?
Thanks, build 129 now works without issues.
*Corrupt installation, it wasn't running.
Separate names with a comma.