HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    :thumb: Ah, thanks!
     
  2. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    @erikloman The latest RC also doesn't fix the false positive issue with AIMP3.exe and ROP mitigation:rolleyes:
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    AIMP3 is actually performing a ROP. Wait for the next build where it is fixed. I might contact you via PM to test the new build as it is not yet ready for a bigger audience due to a new feature.
     
  4. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    Thank you erikloman:thumb:
     
  5. FOXP2

    FOXP2 Guest

    Thank you. I had not tried a Reset. However, upon setting them up, still no fix. I had previously used Browser for QuiteRSS Portable (it's a browser) but tried Other this time. I use that RSS client 100% on my every day desktop, checking for news for almost 100 feeds every 20 minutes. The QtWeb Portable browser is rarely used but thought it was a good candidate for your RC. Something in b140 blew these two into a Not Protected limbo. Both are built with QtWebKit and from the developers' sites.

    HKLM: Both listed.

    Note that in my #3648 screenshot, Chrome was found as Browser in previous HMPA versions, but after the reset it is absent. It was accepted for protection OK when I set it up manually as Browser. It's v39.0.217199 64-bit Haller's PortableApps in a folder in C:\Portables.

    Unrelated & BTW, I've been wanting to mention HMPA found Cyberfox64 Portable for Browser and a pre-release 64-bit version of SumatraPDF as Office, each in its own folder in C:\Portables. Not bad.

    HMPAqt2.jpg
     
  6. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
  7. guest

    guest Guest

    I haven't yet been able to access the landing page, but if it's blocked by MBAE, then it should also be blocked by HMPA and EMET.
    HMPA should offer the same level of protection as MBAE/EMET + some additional mitigations/features.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I just updated to the latest version of Flash since they found a zero-day vulnerability, and i'm experiencing some really strange behavior. Flash Player only plays about 10% of some videos on youtube, and then it skips to the next video on it's own. It keeps doing this over, and over again. It just skipped to the next video about 10 times in a roll. Is anyone else experiencing this? I'm using the latest build of HMPA, and just trying to eliminate the possibility of HMPA being the cause.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes, Alert blocks the new exploit.

    While the vulnerability is brand new, the exploit uses a good old stack pivot to abuse the vulnerability. Stack pivot is very easy to detect.

    Hope this helps.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you temporarily disable Exploit Mitigations on the blue tile? Then restart your browser (btw, what browser are you using)?
     
  11. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,240
    Plugin Container is already added (default) in HMPA so Flash is protected since it is listed in browser plugins
    when installed. Is this correct?
     
  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,595
    Location:
    Outer space
    Since Flash v11.3, Flash for Firefox is no longer running in plugin-container.exe, but in it's own process; FlashPlayerPlugin_*version number*.exe
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.0.24 Build 141 Release Candidate

    Changelog
    • Improved CallerCheck mitigation.
    • Improved BadUSB mitigation.
    • Improved ROP mitigation.
    • Improved Software Radar.
    • Fixed AIMP3 false positive.
    • Added Plugins mitigation category.
    Download
    http://test.hitmanpro.com/hmpalert3b141.exe

    Please let me know how this version runs on your computer :thumb:
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    This is what I said in some other thread, it doesn't matter if an exploit is zero day, it depends on the exploitation method, and that is most of the time a "known" one.
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,024
    No problems updating to build 141 (from build 140).
     
  17. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,024
    About Added Plugins mitigation category. Java plugin 8u31 is not added when I play chess on www.chess.com (Firefox 35/W7 64 bits/build 141). On purpose?
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    Updated to build 141 and everything seems to be working fine here so far. :)
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Running very nicely here. Great job guys.
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes. Java has its own category.
     
  21. guest

    guest Guest

    Has someone tested the build 141 with MBAE?
    The previous version was still incompatible causing chrome to not show websites like if there is no internet connection.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Its not doing it now. I will try that if it starts happening again. I wanted to do that when the problem occurred, but did not know how. I would recommend adding a right click function on the taskbar icon to disable protection.
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Previous and current 141 are compatible with MBAE. I run both myself to test compatibility because (1) to see if running both does not burn down the house and (2) because I know you guys like to run tools on top of eachother.

    That said, I do not recommend running multiple anti-exploit tools concurrently because it just does not make sense.

    If it does not work on your end you most likely run a third component. What other tools are you running?
     
  24. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,109
    Still running build 140.

    Lots of gibberish when inputting text today (a.o. in Firefox, Sublime Text, and KeePass). Seems to be worse when I type faster?
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Disable Keystroke Encryption at the moment.

    Sorry if I asked before, what version of Windows and which security products are you running?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.