HitmanPro.ALERT Support and Discussion Thread

@erikloman/markloman

Is there any difference in the 'level of protection' offered by the hardware assisted CFI on different generations of Intel CPU's? (For example: Sandy Bridge vs. Haswell)

Why would anyone run both tools?

 

No difference. Haswell does support a new mode but Alert 3.0 does not yet use it.

 

Okay, thnx. That saves me quite some time.

 

Has this verion been tested with WSA? have you heard about any incompatibility with WSA?

 

I was just trying to figure out if it's right to draw the conclusion that MBAE can not protect against certain attacks, "exotic" or not. But personally I also think that MBAE and HMPA are both great tools. And I'm sorry to hear you lost your "30 minute" post, I also hate it when this happens. I think Firefox has an extension which let's you save your forum posts, but I'm not sure.

LOL, I do wonder, shouldn't security tools be able to protect their own processes against DLL injection?

To clarify, I'm not blaming the developers of MBAE/HMPA/EMET, it's something that you should expect, just like when you run 2 AV's or 2 behavior blockers, it's asking for trouble.

 

Hi erikloman

Many thanks to all the team at SurfRight.
Build 131 RC working without problems here.

Take Care
TheQuest

 

Well, I'm running build 131 right now with WSA with no obvious problems It's a good idea after updating to check through WSA and make sure HMPA is being "allowed" everywhere and not denied or monitored.

 

Why is the "Check for update" button grey even though I have 129 and 131 is out already? I want to always check for an update with that button and get an answer wether there is an update or not :/

Thanks

 

Another person speaking as if those tools are somehow equivalent, when that's not always the case: https://www.wilderssecurity.com/threads/emet-mbae-and-hmp-a.370363/

It's like questioning why we layer security programs.

 

Erik,

Does it has to be specifically i3, i5 or i7 or are processors of same familly (e.g. ivvy bridge or haswell) with virtualization instruction set enabed processors also capable of running CFI?

I think it is noble of you to adopt HPMA to run with MBAE, but I think it may be wiser to say don't run two simular programs at the same time (when they are not mutaully excluding protecting different software)?

 

Just upgraded from previous build and all seems to be fine.
Win 8.1 Update 1 x64, Google Chrome x64 stable.

 

You misunderstood me. I'm not saying that you shouldn't combine them, I'm saying: don't be surprised if they will start to malfunction at some point, or become incompatible after some update. And to clarify, I'm speaking specifically about HMPA's "exploit protection" and "safe browsing" features. If these 2 are turned off, HMPA should in theory not interfere with MBAE. But I believe that HMPA always injects code into monitored processes whether these features are turned on or not, which may cause problems.

 

They offer roughly the same mitigation capabilities. Although EMETs EAF+ is king in killing memory leaks, but EMET is also slow as hell...
But in general I think that HMPA is more user friendly, is better understandable and has the most useful features.

 

@Rasheed187: Safe browsing interferes with MBAE and EMET? How?

@regenpijp: Yes, but the free version doesn't offer similar mitigation capabilities.

 

Being on par with EMET is good, but it sounds like being on par with HMP.A for Intel would be better. Is there some other security I should add to make up the difference, or does what's in my signature have me covered?

I'm having a problem with the Taskbar sliding open on mouse-over at the edge of the screen when Chrome is full-screen. It happens whenever the green border is showing for a few seconds, but sometimes even when the border isn't showing. Then I have to move the window from full-screen to get to the Taskbar.

 

Does the check for updates work?I hit check for updates and it does nothing but grays out and says no update available?Still on 129

 

Thanks Mark!

 

Why? I restored my machine from a backup. Why would I ask if I knew?

I really don't understand why you are so concerned about this. Why do these companies even offer a free version then?

 

I'm quite certain that attitude will get you customers.

Thank goodness the Loman brothers and MBAM know better and are doing well because of that.

 

Build 31 up and running nicely on one machine so far.

Great work guys!

 

I concur, it's really exciting seeing all these new technologies bear fruit.

 

Erik & Mark,

I think I've found a way to avoid having Firefox not opening but showing in Task Manager.

Before anyone points the finger at MBAE, I have had this happen even with MBAE disabled.

https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-121#post-2435668

What seems to help is if I hover over the Firefox icon in the Task Bar and wait until the words "Mozilla Firefox" appear before clicking the icon to open FF, Firefox does open (so far anyway). If I am too quick and click on the Firefox icon on the Task Bar sometimes FF will not open but shows it is running in the Task Manager. I have noticed it more often when my machine has been idol.

PS: The very early issue of HMP.A not showing the green border around Firefox while Norton Security v22 beta was installed has been resolved, thank you.

Edit: Just to confirm, I am using HMP.A 3 RC Build 131 unactivated (so free version). This has not happened using HMP.A 2.

 

Added System Explorer 6.1 (SE) to template OTHER (build 131/W7 64 bits). When I minimize SE to the traybar the blue border remains active. See picture of desktop.