Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Thanks for the quick response. We have some fine tuning to do.
As above, I tried that with Windows Media Player but still got a ROP alert.
How was the .bat file produced? Via what application? Does that application have Application Lockdown enabled?
I know. Media Player is an actual ROP issue. Will have a look at it, as well as the IAF issue.
Do both issues go away when you try build 131?
With build 131 the Media Player still had the ROP issue but no problem with Windows Live Mail or Adobe Reader.
I sent you the ROP details by PM back on Boxing day my time.
I am running XP. So, is that general advice, and I should stick with v3.0.22 build 12RC for the time being?
No problems with latest Sandboxie beta 4.15.8 and build 137 (W7 64 bits).
Yes I did it, but it does not work, even though the HMPA dll file is loaded into Firefox and Opera.
This only works when exploit mitigations are active, I suppose? I wanted to add a browser to the "safe browsing" protection, but didn't find a way to do it.
Yes, I said it in a wrong way. What I meant was that with a "true" installer, there will also be an "uninstaller", that should take care of disabling the GUI/service/driver and deleting those files. Now all of this must be done manually, not a big problem, but this means that malicious software can also easily disable HMPA. But I read that HMPA v3 final will offer this.
Like I said, it should work out of the box with any or at least the most popular apps, to get it on the same level as KeyScrambler, SpyShelter and Zemana.
I am not sure I see an issue with the installer. It installs fine. If you need to uninstall you can easily to from the control panel as you do with any other app. I don't see anything lacking.
My bad, I must have missed that, for some reason MyUninstaller doesn't pick it up. And I also did not see any uninstaller in HMPA's folder. But self protection is still an issue.
May not work with MyUninstaller, but it works with windows uninstaller. Reason you didn't see one, is there isn't one there. As to self protection, to me that can be a bit overrated. With adequate security on the system, something mostly likely can't uninstall it anyway.
It picks it up as expected.
Have HMPA up and running again and is working. Thanks for the fix Erik. Will continue testing and report back if any other issue developes.
I want to see browsing function with which I can choose any executable on my system as well as directly specifying name and path. In current implementation, I have to run a program before I add it to protection, but assume I want to add dozens of programs at once, but some of them I rarely need to run or even currently not on the disk. I often temporary install programs in sandbox or in virutualized desktop.
You don't have to run the application you want to add, afaik, in addition to the Running Applications button, there is also another one that let's you browse for a file. I'm not sure though if that allows you to add multiple programs at once.
Maybe I'm blind, but: Where ??
Hmm, it looks like it's gone, I'm pretty sure I added an application that way in an older build.
I have been digging into this bug and can conclude that it is unrelated to HitmanPro.Alert.
Sorry about any confusion it may have caused.
I have found that my CAPI2 error are due to a conflict caused by the Microsoft December 2014 updates.
Some permissions has been changed and this CAPI2 error are thrown each time I have scheduled backup or maintenance on this pc.
System is blocking itself during access to a specific driver that this Desktop PC has.
The reason I first believed it was due to HitmanPro.Alert is that I started testing .Alert on this desktop PC in early December.
I started seeing these CAPI 2 error shortly thereafter on this desktop PC.
I took a look in Windows Event Viewer on my laptops, that also run Windows 8.1 Pro x64 - none of those have CAPI2 errors.
I also took a look in Windows Event Viewer on a shared laptop I have here, that runs Windows 10 Technical Preview - it does not have CAPI2 errors either.
I had begun testing .Alert right after Patch Tuesday - but since .Alert was the newly introduced program on this pc, then naturally it took the spotlight as "probable cause".
Also since frequent installs/uninstalls of .Alert looked to match pretty well with when errors appeared in Event Viewer, I didn´t see the connection between the backup/maintenance I have scheduled and the CAPI2 errors.
I have now wiped harddrive in Desktop PC and installed Windows 10 Technical Preview on this to accompany the Win10 test-laptop, and confirmed that the Microsoft December 2014 updates caused the issue.
Clean Win10+drivers = No errors.
Clean Win10+drivers+December updates = CAPI2 errors.
Will alter the affected permissions before proceeding with testing .Alert
Hope you didn´t waste to much time investigating on this.
No problem. Thank you very much for the update!
Yes, apparently you have to choose "show x64 installations", so my mistake. But since I'm now on a fast machine, I will use Windows own tool in the future.
My bad, I forgot you need to add it to all sandboxes, not just the default-box. BTW, what about the license-key? My old one does not work anymore.
Im running build137 and when i open ie 11 with homepage bing.com i get the hmpa warning attack interceted?Didnt happen wth previous build.
Add it to [Globalsettings] for all sandboxes.
If it hasn't been asked already just wondering why HMPA needs to check for updates every 120 minutes?
Build 137 is once again turning keyboard input into gibberish in KeePass ( 2.28 ).
In fact, one in every few characters also becomes something else than entered in Firefox ( 35.0 ).