HitmanPro.ALERT Support and Discussion Thread

Hi erikloman

Apologies for asking this, as I think that you have advised on the subject before, but are there any plans to protect portable versions of browsers in the same way as the installed versions? I run all my browsers as portables (except for IE, of course) and would dearly love to see then afforded the same level of protection as those installed. And if there is then just let me know when as I have a bank of these just waiting to be subjects of a beta test...

Many thanks in anticipation of your reply.

Regards, Baldrick

 

Just run your portable browser. Then in Alert 3, click on the blue tile and choose Running Applications, click on your browser, choose template Browsers. Done.

 

Ah, I read it wrong. I see now on your screenshot that it's the same folder, but one path is showing the old 8.3 character limit - interesting!

 

Cool, thanks for the speedy reply.

One other question...I see that in terms of exploit mitigation Thunderbird is coming up as not protected. If I want/need to protect it which template should I use...I have searched but cannot find one that looks like it fits an email client...which leaves me wondering if such protection is required?

Regards, Baldrick

 

I was running (paid) HMP and HMPA 2 with MBAE Free on Windows 8.1 and had no problems with FF, IE and Chrome (all software latest versions).

Yesterday I decided to try HMPA 3 and all seemed fine, but frustratingly, it seems Chrome is impacted by the move to HMPA 3 in that tabs don't load i.e. become unresponsive. FF and IE are fine.
I tried disabling all mitigations for Chrome, and disabling MBAE Free, disabling hardware acceleration, but none had any effect. Reverted to HMPA 2 and the problem disappears. Upgrading back to HMPA 3 and the problem reappears.

Must be something unique to my setup but any suggestions? I would really like to get HMPA 3 to work as it looks excellent.

 

I sometimes had the same tab loading problems with Chrome when using MBAE with or without HMPA also running. I deactivated Chrome in MBAE and now use HMPA 3 RC for Exploit Mitigations on Chrome and now have no more tab loading problems with Chrome.

 

I updated Pale Moon and then I couldn't restart it -- HMP.A claimed to have intercepted an attack and terminated it "to prevent execution of malicious code." Had to disable the mitigations so that it could complete the updating process and restart.

To re-enable the mitigations, I had to restart the browser again, but the tabs that were open did not come back and only the home page was loaded. (Unlike when I had to restart the browser to apply the update, when the open tabs did come back.)

First it was a Java update that got blocked, then it was editing a PDF file, now it's updating a browser. I'm wondering if HMP.A in its current state is simply too aggressive to be practical. (YMMV) Not every user is going to be knowledgeable or interested enough to keep going in to disable and then re-enable mitigations in order to carry out basic operations on their computer.

 

The free version of MBAE doesn't allow selective deactivation for Chrome but uninstalling MBAE Free makes no difference. Interestingly an earlier post mentions problems with Chrome and WSA and HMPA 3. I am using WSA, and if I disable it, Chrome loads OK with HMPA 3. So it is some compatibility issue between HMPA 3 and WSA? Should I set up some sort of exclusion rule in WSA?

 

I agree. One bug is being chopped away and another one returns. But I'm still fan of the idea of integrating multiple security solutions like exploit mitigations, cryptoguard, active vaccination, etc into one piece of software. Although everything is still better than the lag that EMET 5 causes...

 

I used to have more of a problem with WSA causing tab loading problems and Extension Icons that would get locked up and had to be turned off and back on again. I still get locked up ext icons sometimes but no more tab loading problems. Bottom line is that WSA seemed to have problems working along with chrome and still looks like it does. Using MBAE with chrome seemed to cause some kind of error message when chrome was just launched sometimes so i stopped using MBAE with chrome and started using HMPA 3 with chrome and don't get that message anymore.

 

I use HMPA v3 along with WSA without problems, but it is necessary to go into the WSA UI after every HMPA update and make sure it is "allowed" in PC Security Block/Allow Files, Identity Protection/Application Protection and Utilities/System Control/Start/Active Processes.

 

Have been running build 167RC for the last 8 hours, and these still occur as previously mentioned in earlier posts in this thread...

Spoiler: screenshots

 

Did you update from the browser or from the Java Config tool?

Can you send me the message you got when updating Palemoon? It should be in the Windows Event Log.

Alert 3 is in Release Candidate state. We rely to some extend on you guys to iron out the bugs before we can release. So the more info you can share, the sooner we can release. Thanks

 

What AV are you running? Any other security tools?

 

Choose Office for Thunderbird.

 

Yup, I was trying a manual update of Java via their applet in the Windows Control Panel.

I'm sending you the event logs via email.

Thanks again for being so interested in ironing things out. I'm getting much more satisfaction out of this (orignally unintended) participation in the HMP.A RC testing, than I am from beta testing Windows 10.

 

Hi erikloman

I am running Webroot Secure Anywhere (WSA). Other security software: Besides HMP and MBAE Free - CryptoPrevent, MBAM Premium and Voodoo Shield. All up-to-date.

Following Victek's post #4461 (thanks Victek!), I was able to select, but WSA would not add hmpalert.exe to the 'Allowed' list, in PC Security Block/Allow Files, Identity Protection/Application Protection - and hmpalert.exe is already 'Allowed' under Utilities/System Control/Start/Active Processes.

However, I then changed to 'Allowed' (from 'Protected') c:\users\....\appdata\local\google\chrome\application\old_chrome.exe under Identity Protection/Application Protection and voila!, Chrome loads normally. (Don't know why old_chrome.exe; chrome.exe is not shown). I was able to achieve the same with Portableapps.com Chrome Portable by 'allowing' c:\portableapps.com\portableapps\googlechromeportable\app\chrome_bin\chrome.exe. I guess I have opened up a 'hole' in WSA with regard to Chrome, which is hopefully mitigated by HMPA 3?

So I believe it is some contention with WSA in this area that is the culprit ... in my case only Chrome is affected, not FF or IE.

Thanks - Paul

 

As can been seen, it hasn't been misbehaving since the reboot. ...running now for over 16 hours.

Spoiler: screenshot

 

Done...thanks.

 

Have just spotted that there is a recurrent entry (Warning) in the Event Viewer that states "Check for update has failed. Trying again in 120 minutes." with Event Id: 214 & Category: Installer. Not sure if that has beenr eported before and if so what the outcome was...but I can find no option in HMP.A to control or modify the happening of this.

Has anyone got any views, thoughts or experience of this happening on their systems?

Thanks, Baldrick

 

This is normal for rc builds as there is no update yet.

 

One more kink to iron out: wife sent me a link to a YouTube video. Because I keep Flash disabled, I had to enable it in IE8 to watch the video. As soon as I did that, though, HMP.A stepped in, saying it had intercepted an attack. Once again the workaround was to disable mitigations, then reload the browser. Re-enabled the mitigations afterward. But now that I have enabled Flash on YouTube, with mitigations enabled I cannot get to their website at all.

The solution was as follows:

1) Disable the IE mitigations yet again. If I try Step 2 below without doing this, IE crashes when I try to open the add-ons manager.
2) Go into the IE settings to Manage Add-ons and remove YouTube from the list of websites approved to run Flash. Actually, I had to do this for all sites as I don't have an option to pick and choose sites.

At this point I have a choice: I can either leave the mitigations disabled and watch YouTube, or I can enable the mitigations and forget about YouTube.

Strangely enough, none of this happened on Firefox 36. I was able to tell FF to "Allow" Flash on YouTube (didn't try the "Allow and Remember" option) and then played a video without problems even though FF mitigations are enabled.

Maybe the real solution is to ditch IE (IE8?). That would be a shame because I find the IE8 interface to be both more attractive and more informative than newer versions of IE, but if it comes to that...

 

I have the saved and zipped 'Windows 7 x64 Event log files (.evtx)' from several hpa 3rc build 167 mitigation events.

Is there any interest in this log file? If yes, how do I send it.

I have not (yet) figured out how to sent a PM + attached file to ErikLoman. Is there an email address I can use?

 

Many thanks...that is good to know.

Regards, Baldrick

 

More troubles with HitmanPro.Alert on my system:

* IE11 crashes
* iTunes sync does not work

No problems after I uninstalled HitmanPro.Alert...

I hope all these problems are caused by 1 single bug/incompatibility!