HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,480
    Location:
    The Netherlands
    Yes, this has been explained in the past, although a bit vaguely, or perhaps I forgot about it. But the question still is why other similar tools, which offer just as strong protection, don't need to do this. Like I said, if HMPA worked differently, then I could have chosen to apply exploit mitigations to all vulnerable apps besides "sandboxed" browsers, for example. But now I had to uninstall. But I didn't test if removing the "OpenPipePath=\Device\NamedPipe\hmpalert" line would have also solved the problem.
     
  2. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    887
    Location:
    Baden Germany
    My point is, that all of you guys are using a to redundant setup, that does the conflicts.

    That's your hobby, to find out, what goes together.

    My request is to bring HMP.Alert to final, so that I can roll it out to the average Joe , that needs an extra protection, that other solutions don't offer.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,507
    Location:
    Among the gum trees
    I am sure that when Erik and Mark consider HMP.A final it will be released but it isn't quite there yet. Would you have them release an unfinished product?
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    I'm still waiting for an answer to this, especially regarding the final product.
     
  5. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    887
    Location:
    Baden Germany
    No, certainly not, but I don't want them to compromise to much, to make every constellation work, that is rare in the wild.
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    with 143 Bad Pool Header ~ need to restart pc
    Is it best to clean install 153 or over install 143 with 153 will satisfy ?
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,507
    Location:
    Among the gum trees
    I don't think it matters. Personally, I only uninstall if I'm going back to an older build.
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    OK ~~ R U still seeing FF issue with 153 ?
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,507
    Location:
    Among the gum trees
    Only sometimes FF won't open but I've sent Erik a .DMP and he has found the issue and advised a fix will be here shortly. It only happens once in a whiile so I would suggest you go for it. You can always keep a copy of 143 if it does bother you.
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Thanks ~ !!!
     
  11. hjlbx

    hjlbx Guest

    Hello,

    Installed HMPA 3 RC.

    After a few minutes it causes IE11 to hang/freeze; uninstall HMPA and IE11 works.

    W8.1 x86-64 (OEM) Toshiba
    IE 11
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Which build of HitmanPro.Alert?

    Build 153 is the latest:
    http://test.hitmanpro.com/hmpalert3b153.exe

    Are you running any other security software (e.g. antivirus)?
     
  13. hjlbx

    hjlbx Guest

    Hello Erik,

    I grabbed the 143 off the site.

    I will try 153 and post here should anything arises.

    Other security software: Emsisoft Internet Security - never any issues with HMPA nor IE

    If there's an app crash or hang do you want mem dumps?

    Do you have the symbol file for IE in case it freezes again?

    Thanks.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes memdumps would be great. I have symbols files so I can dig up the problem quite quickly.
     
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    823
    Since build 153 no more problems with Firefox 35.0.1 (W7 64 bits, Sandboxie beta 4.15.12 and NIS 2014).
     
  16. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,944
    I think you misunderstand what HMPA does. It doesn't detect or block vulnerability, but it blocks exploit. They are different.
     
  17. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,202
    Erik, another CrashDump for v153 after coming out of suspend (W7-x86) on its way.
    v153.jpg
     
  18. AlertBetaTester

    AlertBetaTester Registered Member

    Joined:
    Dec 14, 2014
    Posts:
    9
    Good point, I think the terms can be easily confused by the novice. I understand the difference between a vulnerability, a mitigation, and an exploit, but thanks for pointing this out because we all should be use precise language and terms to communicate accurately in a technical forum. Point well taken.

    Now then, I completed a paid upgrade to CyberLink PowerDVD 14 Ultra and then reinstalled HMPA RC 153. HMPA RC 153 no longer detects an IAT Filtering "Exploit" but does detect a Control Flow Integrity ROP Attack "Exploit". When I turn off the ROP mitigation, PowerDVD 14 works perfectly.

    My new question is, is this a "false positive" by HMPA RC 153? Or, is there a real ROP exploit being detected/mitigated by HMPA? Please advise.

    See attached.
     

    Attached Files:

  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is a false positive. Though it is a real ROP used in a legitimate way.
     
  20. Eric Nemchik

    Eric Nemchik Registered Member

    Joined:
    Oct 3, 2014
    Posts:
    3
    So i just downloaded the beta (or RC, build 153) for HMPA and saw that cryptoguard is now a paid feature where it was previously free in version 2.x.

    I'm all for you guys getting paid by people who want to use the hitman pro program, but why are you making a previously free feature into a paid feature? that's a real good way to lose users and end up with version fragmentation on your platform (people will just keep the old version and not bother with the upgrade unless you're planning to silently force the upgrade on 2.x users).
     
  21. 93036

    93036 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    104
    Has anyone installed build 153 on a Windows 10 CTP machine? A few versions back, it worked great!
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,995
    Location:
    USA
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Victek, have you tried the latest version without a license? I already brought up the issue a while back, but was mostly ignored.
     
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,995
    Location:
    USA
    No I haven't tried it without a license; sorry, I didn't know there was an issue. Hopefully it will be sorted in the final release.
     
  25. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    551
    Location:
    Hengelo
    I have installed PowerDVD 14 but don't see any ROP alerts. I'd like to reproduce your situation. What antivirus or other security software do you have running?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.