HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Nice post Mark. This program is a surefire keeper in my opinion
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You can disable just the CryptoGuard feature until we have reproduced and fixed the issue. No need to uninstall the software because of one single feature :thumb:

    Can you post the Windows Event Log information of the alert?

    Steps to disable CryptoGuard:
    1. Click on the gear icon on the top right edge of the window
    2. Choose Advanced Interface from the menu
    3. Click on the orange tile
    4. Click on CryptoGuard
    5. Click on Disable
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Thanks for the detailed update of features. By the way, since HMPA leverages Intel CPU hardware features how is its effectiveness impacted on AMD processors?
     
    Last edited: Dec 19, 2014
  4. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Any update on this? I mentioned that my computer has an AMD processor in case that could have any bearing on the problem.
     
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I use Windows XP Professional Service pack 3 and Windows 8.1, I'm not worried about Windows 8.1, but I'm worried if HMPA final 3 version will be compatible with Windows XP Professional Service pack 3 and for how long HMPA final 3 version will support Windows XP Professional Service pack 3, and how much RAM memory it will need for HMPA version 3 final to run on Windows XP Professional Service pack 3 without any slowdowns and without any problems?
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Well, how is the release candidate running on XP SP3?
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,247
    I don't know, this is why I'm asking someone who already tried HMPA RC 3 on Windows XP, because I don't like to install RCs and betas on Windows XP, for just in case, I cannot allow myself to put in this position, because if I get some BSODs or have reinstall the whole Windows XP from scratch, I currently just don't have time to go through this, this is why I'm asking, if someone already tried HMPA RC 3 on Windows XP by now, any help and info are always welcome.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    If you have an AMD processor then only stack-based ROP mitigations are used. The same as EMET is using. This means that CALL-preceding or CALL-using gadgets cannot be detected on AMD hardware (see Exploit Test Tool documentation in the zip). But there are still a lot of other mitigations (check out the image in Mark's post above).
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Of course Alert 3 will run on XP SP3, including the final and the upgrades after the final.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That wouldn't be an issue if you imaged your system, and if you don't something eventually is going to bite you
     
  11. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    Looks to be getting better and better with each release. Curious about Anti-screen capturing or screen logging if you will, will HMP stop these types of threats as well?
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Ok, I understand. As Peter said you might want to image your system regardless. That way if something goes wrong you can immediately get it back to where it was. That's much easier then reinstalling everything. Imaging is quite easy with something like Macrium, or other free backup software.
     
  13. guest

    guest Guest

    I am not aware of any kind of protection present in HMPA that would prevent such a thing. But I'm sure that HitmanPro would catch such malware during scans :)
     
  14. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    Yesterday I noticed, that HMP.Alert-120 stopped Dropbox from modifying three jpg files.
    My first thought was: false positive, but when I looked at the files properties , one of them had a new time stamp.
    I updated HMPA to 129 and again got an alert from cryptoguard.
    This only happens on my WIN7-32bit machine, while the other DropBox linked machine (WIN8.1-64) had no alert.

    What is DropBox doing with my pictures? Tagging? Watermarking?
    Or is this nothing to worry about?


    (I do not have access to the 32bit machine till monday, so I can not post log files right now.)
     
  15. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,112
    Solved in build 129.
     
  16. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    As a non-technical user, I don't understand what this means. Does the level of protection that's lost matter using HMP.A 3.0.22 Build 129 RC with an AMD Phenom II x3 720 processor and W7x64?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,790
    Location:
    The Netherlands
    Nice post, looks very exciting. :thumb:
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Great stuff there. What is the status of Prey compatibility? Can you whitelist it for webcam access?
     
  19. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    947
    Location:
    Canada
    Couple of problems. I'm running HMPA and MBAE, I will uninstall one of them when I decide which one to use. I tried to open IE 11, MBAE blocked it saying it blocked an exploit, this did not happen before I installed the latest version of HMPA.

    Second problem, in Chrome I get the green border and the orange box saying keystrokes are encrypted, in IE 11 I get neither, this is with MBAE protection shut off.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    That was the case for me, except build 129 fixed the problem.
     
  21. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    947
    Location:
    Canada
    I am running 129.
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    Just browsing and I get the following. See screenshots. It appears m paid registration details are lost. Back to a free version that has no mitigations protection etc.

    ScreenShot_Hmp.A_3.0.22 build 129_install_19.gif ScreenShot_Hmp.A_3.0.22 build 129_install_20.gif ScreenShot_Hmp.A_3.0.22 build 129_install_21.gif
     
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Actually you're right. My installation somehow got corrupt and HMP.A wasn't running.

    *Can somebody provide the build 120 installer? I'd rather not restore my disk image due to the number of changes I've made since then.
     
  24. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    947
    Location:
    Canada
    Tarnak what program are you using that throws up those alerts?
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Digmor

    That is ancient history. SSM or System Safety Monitor. It only runs on 32 bit, and was abandoned years ago.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.