Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
From an end-user's perspective, I am very much impressed with the capabilities of HMPA 3 and happy to see you express a longer-term view with your roadmap plans over the next few years. Cheers.
@mark, in the past i was having problems between HP.A and Prey; does anyone know if it was fixed?.
Yes, but CryptoGuard was improved in version 3.
HitmanPro.Alert 3.0.30 build 155 RC running fine with Sandboxie 4.16 on my Windows 7 x64 machine.
To cover all sandboxes I've put "OpenPipePath=\Device\NamedPipe\hmpalert" 3rd line down under "[GlobalSettings]", right above "[DefaultBox]". Is that where it should go? With Sandboxed Chrome, I am getting the HMP.A message sliding out from the right, and a green border that appears and fades in a couple of seconds when the cursor goes to the top of the window, so I'm guessing things are set up correctly. With this build there's no longer the problem I was having with the taskbar not sliding out from the left when the window is full-screen.
It's been speculated on Wilders that adding "OpenPipePath=\Device\NamedPipe\hmpalert" to Sandboxie might interfere with its protection. There are a couple of similar listings under [GlobalSettings], so I doubt it's a problem, but would like to know if it is since I'm currently running the 2 programs as my main lines of defense.
In Alert 2 there is CryptoGuard v1 - blocks Cryptolocker, CryptoDefense and CryptoWall 1 and variants.
In Alert 3 there is CryptoGuard v2 - blocks CryptoWall 2 + 3 and CTB-Locker and variants.
So with Alert 2, you are not protected against the newer crypto-ransomware.
Hope this helps.
Have WordPad showing up twice in HMPA exploit mitigation under Office. Doesn't matter which version
of HMPA 3 I'm using. Could be from recently removing MS Office Word, but not sure. When I remove one
of the WordPad shown and open Wordpad I'll see the blue protection flyout so everything looks correct.
If I wait sometime then I'll see a black flyout appear and WordPad will then reappear in exploit mitigation
under Office and back to seeing 2 instances of WordPad.
I might have to get Alert 3 so that i don't have to worry about getting Crypto.
I'm currently one of the few people who is having problems with the HMPA + SBIE combo. It's a bit difficult to troubleshoot, because I'm not seeing it all of the time. What happens is that SBIE is giving error messages upon starting or closing sandboxed apps, no matter if those apps are protected (by HMPA) or not. With as result that SBIE can't isolate these apps correctly. When HMPA is removed, these problems disappear.
More info would be welcome. Can you explain against what it protects exactly? So let's say you will get hit by some exploit (HMPA Free does not stop exploits) how does it come in play?
Yes correct, but the reason why I brought this up again, is because of the problems with SBIE. Like I said, other tools like MBAE and G Data BankGuard work differently. But now that you told me that "system wide injection" is also needed for the "risk reduction" features, I understand it better.
I installed it only to check out the GUI, of course it won't work inside the sandbox. But strangely enough, HMPA v3 seems to trigger loading of the "hmpalert.dll" file that's related to HMPA v2, it's probably because of "dll search order" or something? I don't get it.
Either it's a windows 8.1 thing or a unique system problem. I am running SBIE and HMPA v3 together with no issues at all.
I think it might be related to Win 8, I hope that SurfRight can figure out what is causing the problems. I will also upgrade to SBIE 4.16, perhaps that will somehow solve it. But other than this, I must say that HMPA seems to work just fine, the GUI also looks very nice, and it offers quite a lot of protection features, so all in all they did a great job.
No, no problems on Win 8.1. here. At least not with browsers like Rasheed (sometimes with my thunderbird sandbox, and there also only periodically)
@Rasheed187: I think to trigger the problem better it would be good to try if it also occurs in a default sandbox without any further restrictions.
Sandboxie thing. If a dll is also in sandboxed location that one is used.
I've been following this thread for ages & have been trying most of the builds.
I'm pleased to say I've not had any issues that other people haven't already mentioned before I had a chance to myself!
b155 works great.
Personally, I would say that Build 155 is so 'quiet' that it is a good thing that one has the notification & browser surrounds to let you know that it is there. Even the glitches I was suffering with the encryption facility now seems to have disappeared.
Looks like it is set for the prime time very shortly.
No problems with Sandboxie 4.16 (W7 64 bits/build 155).
Running W7-x64 with licensed HitmanPro.alert build 155 and HitmanPro build 238:
'Issues' I found after 3 day's use:
1. The already reported 'NullPage' mitigation error in MediaPlayerClassic-x64-1.7.8 and the 'ROP' mitigation error in Soft Organizer 3.51.(false positives?)
2. Sometimes, after closing a protected application, the empty colored border frame remains on the display screen for 1-2sec.
All is runing fine with build 155 (windows7x64, appguard and EIS).
So far everything looks great. I am having an issue with the scan getting stuck at classifying 99% but that is a HitmanPro issue with my system it seems and not necessarily a HitmanPro.Alert issue.
Testing latest release candidate. So far so good.
To ease user's experience: at the moment, selecting Risk Reduction allows me to switch on a single item at a time. I would like some option to select all at once.
Is there a Browser test file I can use to test HMPA?
I haven't been checking in much lately, hence the late response. The RC phase sits between the general beta phase and RTM. But there's really nothing wrong with considering an RC part of the beta phase, so I spoke out of turn. Discussing semantics is pointless though, as I was fully aware that I was running software that was not considered RTM. Apologies for my own stupidity.
In any event, I hate EMET and just can't live with it, so I'm going to reinstall HMPA.
Only have 1 more day on Trial 155 RC
running well thank you 155 RC
Separate names with a comma.