HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    In the Gdata feature list I see Bank Guard, Keylogger and Exploit Protection under Browser/App Protection.

    https://www.gdatasoftware.com/onlineshop/g-data-internetsecurity (screenshots)

    Can these be toggled off temporarily to see if it effects the key scrambling issue with HMPA?
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    Yes, these can be toggled off temporarily, but with HMPA Keystroke Encryption enabled, the scrambling in the PDF-XChange Viewer browser add-on search box is unchanged (Vista IE9, Win7 IE11), so I suppose G Data's BankGuard, Keylogger protection and Exploit protection are not related to the scrambling issue.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Thanks for giving that a try. Do you only see the issue in the PDF-XChange search box?
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    As I reported yesterday (1) (2), at some moments there was also some effect in the Wilders Security Forums reply box ("More Options", "Use BB Code Editor"), and in the Searchpage.com search box. And additionally, also I noticed some effect in the Security.nl reply box. (All Vista x86 IE9 and/or Win7 x64 IE11.)
    But unlike the effect in the PDF-XChange Viewer browser add-on search box, which is very clearly related to HMPA Keystroke Encryption, those other mentioned effects were off and on, and very hard to reproduce, I haven't found out how to trigger those effects.
    In other situations I haven't yet seen the issue, but if I do, I will report, of course.
     
    Last edited: May 30, 2015
  5. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i think victek found the problem, a conflict between gdata's exploit-protection and HMPA's exploit-protection..

    if you want to test it, try uninstalling the gdata av-program..

    p.s. it is possible that the gdata av-program has the option of uninistalling the program's exploit-protection while still using the program's antivirus-protection.. to do that you would run a "modify-install" and, when running the "modify-install", untick the options for installing the exploit-protections so the exploit-protection-features will be uninstalled while leaving the program's av-protection installed..
     
    Last edited: May 30, 2015
  6. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i added "passwordsafe" to HMPA's protected "applications" but the encryption-protection didn't apply to the "passwordsafe" program.. i tried with both the "other" and the "browser" templates..
     
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    To my knowledge there is not an option to install the G Data software without the exploit protection module,
    but as you could have read in my reply to Victek, there is the option to disable G Data's exploit protection module (and BankGuard, and G Data Keylogger protection), but as I said, that doesn't make any difference to the reported (1) (2) (3) (4) (5) scrambling issue.
    So, no, I do not think there is a conflict between G Data's exploit protection and HMPA's exploit protection.
    I hope Mark and Erik can have a look at this issue.
     
    Last edited: May 30, 2015
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Browser Add-ons usually run in the process of the browser, thus keystrokes are encrypted.
    I think the problem is that the keys aren't decrypted in PDF-XChange Viewer?
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    Yes, that seems to be the problem, thanks for clarifying.
    When I type in the PDF-XChange Viewer browser add-on search box, the keys aren't decrypted.
    And just now, I tested the PDF-XChange Viewer browser add-on's ability to make annotations and such, and I see the keys aren't decrypted in that case as well.
    I hope there's an easy way to fix this issue.

    The other part of my previous reports is less clear, the issue more elusive, so I'm afraid it's harder do diagnose, where I mentioned also some effect in the Wilders Security Forums reply box ("More Options", "Use BB Code Editor"), and in the Searchpage.com search box, and in the Security.nl reply box. Every now and then, one, or a couple, or a range of keys are not decrypted. (All Vista x86 IE9 and/or Win7 x64 IE11.)
    As I said, unlike the effect in the PDF-XChange Viewer browser add-on, which is very clearly related to HMPA Keystroke Encryption, those other mentioned effects are off and on, and very hard to reproduce, I haven't found out how to trigger those effects.
     
    Last edited: May 30, 2015
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Well, I've lost all Keystroke Encryption '3 Browsers' and '1 Other'.
    I went from 188 sans all encryption. To 189 where I regained all encryption except Firefox.
    Now, 189 lost all encryption. Bizarre.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    Running HMPA 190. I haven't seen the orange keystroke encryption box in Firefox (Chrome, IE not tested) for some time / last several versions. I thought this could be due to it being disabled by the presence of WSA Identity Protection which has keylogger protection. Though I did used to see it before, not sure which version last. So not sure if thisis working as it should be or not.

    Not very helpful I know :(
     
  12. Mirjalovic

    Mirjalovic Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    44
    Location:
    In Your Heart
    yes. so i can't run them together ?
     
  13. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    you should install HMPA 190 and see if you have issues with it..

    here is the link for downloading HMPA 190:

    http://dl.surfright.nl/hmpalert3.exe

    https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-238#post-2494529

    as has been pointed out, several times, if HMPA detects that your keystrokes are being encrypted by another program, it automatically disables its own encryption, so that could be an issue..

    my experience was, with HMPA 189, i wasn't seeing an indication that my keystrokes were being encrypted when i would type stuff in "firefox".. after installing HMPA 190, i began seeing an indication that my keystrokes were being encrypted when i would type stuff in "firefox"..
     
    Last edited: May 31, 2015
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    The most recent time Erik said something about that, was April 17,
    So, if nothing changed since April 17, using HMPA together with EMET 5.1 or older should be OK, but not HMPA together with EMET 5.2.
     
  15. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    you should ever avoid overlapping!
    Keep it simple!
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    If you are referring to using both HMPA3 and EMET, you are right, of course. There is no need using both.
    However, if someone uses only HMPA3's free features, and not it's exploit mitigation, combining with EMET 5.1 or older can be an option, that is what Erik's April 17 reply was about.
     
  17. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    right
    it's not a matter of usefulness but harmfulness of that practice...


    PS: Is the italian language admitted in this board? Nobody that could help me in translating in proper english?? :isay:
     
  18. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    @erikloman

    The / character is scrambled as . (dot) when typed using the numpad on Windows 7 Ultimate SP1 64-bit.

    Input language: Turkish Q
     
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    Is that in the browser? And if so, in which browser, and in which situations? In reply boxes, or browser add-on like PDF-reader, or otherwise?
    Or if it is not in the browser - in which other application(s)?
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    190 is a patch for XP. So, makes sense. 190 helped your XP.
     
  21. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    It's not an application specific issue. It happens with keystroke encryption enabled profiles (browser and other) all the time. Also happens on Windows 8 (VM).
     
  22. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,334
    Location:
    the Netherlands
    Thanks very much!
    I hope that extra information can be helpful to Erik and Mark.

    By the way, although I have other kinds of issues associated with HMPA Keystroke Encryption (see this, this, and earlier), I don't experience the issue that you reported, the / character scrambled as . (dot).
     
  23. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    Thanks, I hope so too.
    It could be language related issue. (Turkish)
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Well, Keystroke Encryption is back again w 189. Had it, lost it, have it. :confused:
    Only constant is no encrypting in Firefox.
     
    Last edited: May 31, 2015
  25. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    HMPA's Encryption-Feedback

    on my computer, the only place where i see any encryption being done, by HMPA (build 190), is when i am typing stuff in "firefox", like when i am typing a post, or when i am typing something, when using google-search..

    my "passwordsafe" program, a password-manager, was not automatically added to HMPA's list of protected programs and so there was no encryption being used, there.. i manually added "passwordsafe" to the list of HMPA's protected programs, but i still didn't see any encryption being used when typing stuff in the "passwordsafe" program, like when i would enter the master-password, to unlock the password-database, or when i would type data in the program, like when adding an entry to the password-database..

    another thing.. when i would copy a password, in "passwordsafe", saving it to windows "clipboard", and, then, when i would paste the copied password in a dialog-box, in "firefox", to log in to an account, i didn't see that any encryption was being used, there.. in other words, it seems that data that has been copied in the clipboard, when it is being pasted in "firefox", is not encrypted as it is being transferred from the clipboard to "firefox"..

    maybe the data was being encrypted as it was being transferred from "clipboard" to "firefox", but i didn't see any indication that my passwords were being encrpted as they were being transferred from "clipboard" to "firefox"..

    for me, the only place where i really need the encryption is when i am entering my master-password in to my "passwordsafe" password-manager, and when i am copying a password to "clipboard", and then pasting it in "firefox", when i am logging in to an account, and i am not getting either of those, as far as i can tell, with HMPA's encryption.. so, for me, it is useless..

    i will say that i can think of certain situations where HMPA's encrytion could be beneficial, like when typing sensitive information, like a credit card number, or a bank account number.. those are things that i would type, as opposed to copying them to "clipboard" and then pasting them, so HMPA's encryption could be useful in those two cases.. however, it is rare for me to type my bank account number or my credit card number..

    i will say that HMPA's encryption, like when i would be typing a post, didn't seem to cause any lag in my typing, which was good..

    for the time being, i have disabled HMPA's encrytion since it seems to be pretty useless, for me.. in the rare case where i need to type my bank account number, or my credit card number, i can temporarily enable HMPA's encrytion..

    if possible, i wish that surfright would try to get HMPA to encrypt data (passwords) that is transferred from windows "clipboard" to "firefox", like when pasting a password from "clipboard" to "firefox"..

    i also would like for surfright to add "passwordsafe" to the list of programs that are protected by HMPA, doing whatever can be done to help to make "passwordsafe" more secure, for example, maybe protecting a keylogger from logging the master-password, or from being able to capture any other data from the passwordsafe program.. (or protecting the passwords that are copied to "clipboard" and then are pasted in "firefox" )..
     
    Last edited: Jun 1, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.