HitmanPro.ALERT Support and Discussion Thread

You can add any application to Alert via the blue tile > Running Applications > click the application listed. Done.

 

Not any, only applications that have an (active) window. So a "search for exe" function would be a very nice addition.

 

Scary how the attack allows the url to remain unchanged after it redirects to a different site. The article states Microsoft is already working to fix IE. I wonder if other browsers are vulnerable? Is this something that HMPA can catch?

 

Salutations,

"You can add any application to Alert via the blue tile ..."
"Not any, only applications that have an (active) window. So a "search for exe" function would be a very nice addition."

Nice to know!

Moose's World

 

@erikloman @markloman None of my autohotkey shortcuts are working in my browser. I have several shortcuts for text expansions and none of them are working inside the browser protected by HMPA.

EDIT: I just found that keyboard encryption was causing the problem. After I disabled keyboard encryption, they work perfectly. Is there any option to exclude a program from keyboard encryption ?

 

No,
https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-155#post-2455677

 

Yeah, I googl'd after posting ... << The best way to protect a computer from a remote code execution vulnerability is to fix holes that allow an attacker to gain access. Microsoft often releases security patches addressing remote code execution vulnerabilities in its monthly Patch Tuesday fixes. >>
Good info ~~ Thanks

 

Is it good to protect Cat Control Center CCC.EXE when Malware has been known to use CCC.EXE

 

Yeah, had to google CCC Thanks

 

Hi Erik,

I just experienced another black screen after booting. I sent you the Winlogon dump and log.

 

I suppose that enabling exploit mitigations for ccc.exe will not prevent malware from taking advantage of it. Although you still have hardening functions like Active Vaccination and Process Protection that might form an additional layer of protection.

 

Yeah, I've had the black screen...didn't know it's related to Alert

 

That's why I asked in a previous post, but nobody answered. I suspect it has to do with HMPA since it happens on different laptops running HMPA. It may well be unrelated, but Erik seemed interested to look into it, so I am sending him the crashes until he no longer needs the information.

 

Sorry, must have missed. What path in Event Viewer. What Event ID | OK ~ I've reviewed #3857. I'll check ~ Sorry, I missed your post. Event ID will be under Application or Administration ? How do you get from black screen to desktop ?

 

Not a problem. I'm glad I'm not the only one having this problem. Once you get the black screen, you can no longer get to the desktop. You have to hold down the power button until the PC shuts itself off. Once you get a good boot, you can then check the Administration event log.

 

Um...Event 1000 for me are all ISCTAgent and ApplicationError pointing to chrome ~ I'll keep looking.

 

If the black screen you experienced did not happen recently, the event may already have been overwritten. If it happens again, you now know what to check.

 

Got them. Im analyzing them. Hopefully something turns up.

 

Thank you. That is probably why I did not see the applications I wanted to add. (Seems I wasn't the only one.) So, I would thoroughly agree with you that being able to search for an EXE would be a good addition.

 

Just installed RC 143. This is a really nice-looking application. Still getting interference with EMET though. I only mention this as an aside; I don't intend to keep EMET.

 

Three quick questions if I may:

1) I've got the latest b143 installed & I ran the exploit tool & all the exploits were correctly stopped etc... but when I clicked to "Run a scan with Hitman Pro" it started up HMP 3.7.9 build 234 & did the scan correctly, but I've never installed HMP itself...only the HMP Alert?

2) If I purchased HMP, would I get a seperate application to run a scan manually with updated signatures etc... as per MBAM?

3) I've got two live test machines both running 24/7 which are purely for testing & often get re-imaged etc.....if I purchased a 1 PC licence, could I use that on both test machines simultaneously?

 

1. It will automatically download HMP in the background.
2. HMP heavily depends on the scancloud for signatures and/or detection, but you can always download HMPA from the Surfright website.
3. You'll run into issues if you perform regular imaging using the same license. A license can only be activated twice (good for one re-installation), you might want to contact Mark or Erik to correct this. iirc they have helped people before with the same issue.

Regards,
regenpijp

 

Turns out you can't add services to exploit protection. I have one service I'd like to add. It's an atomic clock sync service that hits ntp.org, so I'm probably overdoing it on that one...

 

What's wrong with Plugin. Or, is that normal. 296 looked like Flash Icon afaik. Also, does Flash for Chrome show as running app so, I may add mitigation. I have NPAPI and PPAPI .305 installed and ran Chrome Flash (active window). All that shows while running Chrome Flash is Chrome. Is Chrome Flash embedded in Chrome. 305's in pic are syswow64 and system32. What am I missing ? Thanks

 

Flash is embedded in Chrome sandbox.
Both flash from system32 and syswow64 are listed.