Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Nice post Mark. This program is a surefire keeper in my opinion
You can disable just the CryptoGuard feature until we have reproduced and fixed the issue. No need to uninstall the software because of one single feature
Can you post the Windows Event Log information of the alert?
Steps to disable CryptoGuard:
Click on the gear icon on the top right edge of the window
Choose Advanced Interface from the menu
Click on the orange tile
Click on CryptoGuard
Click on Disable
Thanks for the detailed update of features. By the way, since HMPA leverages Intel CPU hardware features how is its effectiveness impacted on AMD processors?
Any update on this? I mentioned that my computer has an AMD processor in case that could have any bearing on the problem.
I use Windows XP Professional Service pack 3 and Windows 8.1, I'm not worried about Windows 8.1, but I'm worried if HMPA final 3 version will be compatible with Windows XP Professional Service pack 3 and for how long HMPA final 3 version will support Windows XP Professional Service pack 3, and how much RAM memory it will need for HMPA version 3 final to run on Windows XP Professional Service pack 3 without any slowdowns and without any problems?
Well, how is the release candidate running on XP SP3?
I don't know, this is why I'm asking someone who already tried HMPA RC 3 on Windows XP, because I don't like to install RCs and betas on Windows XP, for just in case, I cannot allow myself to put in this position, because if I get some BSODs or have reinstall the whole Windows XP from scratch, I currently just don't have time to go through this, this is why I'm asking, if someone already tried HMPA RC 3 on Windows XP by now, any help and info are always welcome.
If you have an AMD processor then only stack-based ROP mitigations are used. The same as EMET is using. This means that CALL-preceding or CALL-using gadgets cannot be detected on AMD hardware (see Exploit Test Tool documentation in the zip). But there are still a lot of other mitigations (check out the image in Mark's post above).
Of course Alert 3 will run on XP SP3, including the final and the upgrades after the final.
That wouldn't be an issue if you imaged your system, and if you don't something eventually is going to bite you
Looks to be getting better and better with each release. Curious about Anti-screen capturing or screen logging if you will, will HMP stop these types of threats as well?
Ok, I understand. As Peter said you might want to image your system regardless. That way if something goes wrong you can immediately get it back to where it was. That's much easier then reinstalling everything. Imaging is quite easy with something like Macrium, or other free backup software.
I am not aware of any kind of protection present in HMPA that would prevent such a thing. But I'm sure that HitmanPro would catch such malware during scans
Yesterday I noticed, that HMP.Alert-120 stopped Dropbox from modifying three jpg files.
My first thought was: false positive, but when I looked at the files properties , one of them had a new time stamp.
I updated HMPA to 129 and again got an alert from cryptoguard.
This only happens on my WIN7-32bit machine, while the other DropBox linked machine (WIN8.1-64) had no alert.
What is DropBox doing with my pictures? Tagging? Watermarking?
Or is this nothing to worry about?
(I do not have access to the 32bit machine till monday, so I can not post log files right now.)
Solved in build 129.
As a non-technical user, I don't understand what this means. Does the level of protection that's lost matter using HMP.A 3.0.22 Build 129 RC with an AMD Phenom II x3 720 processor and W7x64?
Nice post, looks very exciting.
Great stuff there. What is the status of Prey compatibility? Can you whitelist it for webcam access?
Couple of problems. I'm running HMPA and MBAE, I will uninstall one of them when I decide which one to use. I tried to open IE 11, MBAE blocked it saying it blocked an exploit, this did not happen before I installed the latest version of HMPA.
Second problem, in Chrome I get the green border and the orange box saying keystrokes are encrypted, in IE 11 I get neither, this is with MBAE protection shut off.
That was the case for me, except build 129 fixed the problem.
I am running 129.
Just browsing and I get the following. See screenshots. It appears m paid registration details are lost. Back to a free version that has no mitigations protection etc.
Actually you're right. My installation somehow got corrupt and HMP.A wasn't running.
*Can somebody provide the build 120 installer? I'd rather not restore my disk image due to the number of changes I've made since then.
Tarnak what program are you using that throws up those alerts?
That is ancient history. SSM or System Safety Monitor. It only runs on 32 bit, and was abandoned years ago.