Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
@erikloman The latest RC also doesn't fix the false positive issue with AIMP3.exe and ROP mitigation
AIMP3 is actually performing a ROP. Wait for the next build where it is fixed. I might contact you via PM to test the new build as it is not yet ready for a bigger audience due to a new feature.
Thank you erikloman
Thank you. I had not tried a Reset. However, upon setting them up, still no fix. I had previously used Browser for QuiteRSS Portable (it's a browser) but tried Other this time. I use that RSS client 100% on my every day desktop, checking for news for almost 100 feeds every 20 minutes. The QtWeb Portable browser is rarely used but thought it was a good candidate for your RC. Something in b140 blew these two into a Not Protected limbo. Both are built with QtWebKit and from the developers' sites.
HKLM: Both listed.
Note that in my #3648 screenshot, Chrome was found as Browser in previous HMPA versions, but after the reset it is absent. It was accepted for protection OK when I set it up manually as Browser. It's v39.0.217199 64-bit Haller's PortableApps in a folder in C:\Portables.
Unrelated & BTW, I've been wanting to mention HMPA found Cyberfox64 Portable for Browser and a pre-release 64-bit version of SumatraPDF as Office, each in its own folder in C:\Portables. Not bad.
Any news about HitmanPro.Alert blocking the newly discovered in-the-wild Flash 0day?
I haven't yet been able to access the landing page, but if it's blocked by MBAE, then it should also be blocked by HMPA and EMET.
HMPA should offer the same level of protection as MBAE/EMET + some additional mitigations/features.
I just updated to the latest version of Flash since they found a zero-day vulnerability, and i'm experiencing some really strange behavior. Flash Player only plays about 10% of some videos on youtube, and then it skips to the next video on it's own. It keeps doing this over, and over again. It just skipped to the next video about 10 times in a roll. Is anyone else experiencing this? I'm using the latest build of HMPA, and just trying to eliminate the possibility of HMPA being the cause.
Yes, Alert blocks the new exploit.
While the vulnerability is brand new, the exploit uses a good old stack pivot to abuse the vulnerability. Stack pivot is very easy to detect.
Hope this helps.
Can you temporarily disable Exploit Mitigations on the blue tile? Then restart your browser (btw, what browser are you using)?
Plugin Container is already added (default) in HMPA so Flash is protected since it is listed in browser plugins
when installed. Is this correct?
Since Flash v11.3, Flash for Firefox is no longer running in plugin-container.exe, but in it's own process; FlashPlayerPlugin_*version number*.exe
Here a video of HitmanPro.Alert 3 blocking the exploit abusing CVE-2015-0311:
More info on the exploit here:
HitmanPro.Alert 3.0.24 Build 141 Release Candidate
Improved CallerCheck mitigation.
Improved BadUSB mitigation.
Improved ROP mitigation.
Improved Software Radar.
Fixed AIMP3 false positive.
Added Plugins mitigation category.
Please let me know how this version runs on your computer
This is what I said in some other thread, it doesn't matter if an exploit is zero day, it depends on the exploitation method, and that is most of the time a "known" one.
No problems updating to build 141 (from build 140).
About Added Plugins mitigation category. Java plugin 8u31 is not added when I play chess on www.chess.com (Firefox 35/W7 64 bits/build 141). On purpose?
Updated to build 141 and everything seems to be working fine here so far.
Running very nicely here. Great job guys.
Yes. Java has its own category.
Has someone tested the build 141 with MBAE?
The previous version was still incompatible causing chrome to not show websites like if there is no internet connection.
Its not doing it now. I will try that if it starts happening again. I wanted to do that when the problem occurred, but did not know how. I would recommend adding a right click function on the taskbar icon to disable protection.
Previous and current 141 are compatible with MBAE. I run both myself to test compatibility because (1) to see if running both does not burn down the house and (2) because I know you guys like to run tools on top of eachother.
That said, I do not recommend running multiple anti-exploit tools concurrently because it just does not make sense.
If it does not work on your end you most likely run a third component. What other tools are you running?
Still running build 140.
Lots of gibberish when inputting text today (a.o. in Firefox, Sublime Text, and KeePass). Seems to be worse when I type faster?
Disable Keystroke Encryption at the moment.
Sorry if I asked before, what version of Windows and which security products are you running?