HitmanPro.ALERT Support and Discussion Thread

Sorry for double posting - just to be clear, Firefox, Skype and Word all work with no issues if I uncheck the Enforce DEP option.

 

Do you have an Intel or AMD processor?

 

Intel i5 3570K

And fwiw, I have no plugins in FF.

And one more thing - as I mentioned, I also have MBAE installed and while it's running, IE 11 crashes as soon as I open it, with "fault module name mbae64.dll" somewhere in the error message (with or without Enforce DEP checked). When I deactivate MBAE, IE is fine. This does not apply for the other apps I previously mentioned, which are stopped as soon as I open them, with or without MBAE active. Food for thought

Cheers!

 

Can you uncheck LoadLib and leave DEP enabled.

 

Hey @erikloman, have you had the chance to look at the WSA Identity Shield compatibility issue?
https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-238#post-2494399
https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-235#post-2492166

 

This seems to work. With all reported software - Firefox, Skype, MS Word and BS Player (v. 2.69) (the latter only started to display this behavior recently (last couple of hours), as it didn't have this issue until now). As a side note (in regards to BS Player starting to act up) - VLC doesn't seem to be affected.

The IE issue (possible conflict with MBAE) persists, with or without DEP or LoadLib.

Cheers!

 

i wouldn't expect HMPA to work well together with MBAE, or to work well together with microsoft's EMET.. in other words, in my opinion, you should only use one or the other, not both..

 

I hope not because I have reported several v2 to v3 update failures on win 7 64 bit. After the update hmpa service is not running and can't start. The average user will not know and their protection will be gone.

I always have to Uninstall v2 reboot then install v3

 

HMPA does not conflict with MBAE Free (can't speak for Premium) or EMET 5.1 or below, but both the latter would appear to be almost entirely redundant, based on other posts.
@marian1: I have HMPA running with MBAE Free, and have no issues with FF, Skype, MS Office 10, IE11 with standard mitigations (Enforce DEP enabled). Win 7 and Win 8.1, Intel I7 processors.

 

Can you say more about how WSA Identity Shield is a factor?

 

The alert doesn't show when ID shield is disabled. Also had a similar alert in the past with the ID shield.
EDIT: btw, the process from HMP alert is on Allow in WSA's Active Process view and nothing is on Deny in ID shields Application Protection view.

 

As far as I know, running multiple mitigation tools alongside each other does not decrease your level of protection, but it can certainly cause compatibility issues.

 

There probably isn't a need to use both MBAE premium and HMP.A paid (MBAE and HMP.A free could be fine). But if you look in the SurfRight website, it says the following:
"Hardware-assisted Control-Flow Integrity
HitmanPro.Alert 3 is the first and only commercially available exploit mitigation software capable of leveraging MSR hardware registers in your existing Intel® microprocessor to assist Alert's Control-Flow Integrity (CFI) analysis. And where other security software struggle with application compatibility, HitmanPro.Alert is compatible with other security solutions, including exploit mitigation software.

Regardless if one already has a license for HitmanPro.Alert, then I would recommend sticking with it. If not, then perhaps using both HitmanPro.Alert free and MBAE would be a good alternative since HitmanPro.Alert free doesn't have Exploit Mitigations. Unless, of course, if someone here knows if those two programs can conflict in any other way.

 

Erik has said before that HMP.A is OK with EMET 5.1, but not 5.2, but I do not run EMET as it has caused problems for me before, even standalone, especially with IE11. But I have been running MBAE Free with HMP.A with no problems, though you're right, I haven't tested a real attack. I am sure MBAE Free is superfluous to HMP.A, so I will follow your advice and remove it.

Edit: And Erik's advice.

 

Second time this week I got this with Firefox 38.0.5:

Code:

Mitigation  DEP

Platform  6.1.7601/x64 06_17*
PID  3580
Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description  Firefox 38.0.5

EIP = 1C7B6400, State = 0x1000, Type = 0x20000, Protect = 0x4


Process Trace
1  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [3580]
2  C:\Windows\explorer.exe [1772]
3  C:\Windows\System32\userinit.exe [1668]

HitmanPro scan finds nothing (nor do EIS and MBAM).

 

I wonder why,
people are complaining, that use double, triple , and even more protection-software, causing trouble....

My setup, see signature, is running fine.

 

Um, I've noticed after running setup version update installer that does not ask for reboot. That I'll lose all Encrypting. And reboot brings encrypting back....anyone see similar.

 

I agree, my setup is simple (perhaps too simple?) but I did not have any serious problems in the last 3 years,
only a few malware issues that were easily taken care off by either Adwcleaner or HitmanPro.

 

I did a version update (not a clean reinstall, which I normally do) from b187 to b190.
As far as I remember a reboot was forced upon me and all is working fine.

 

Three times last night, HMP.A put a halt to proceedings when I tried to scan my PC with the ESET Online Scanner, something I do regularly as a second-opinion check.

The interception took place when I clicked on the green button in their pop-up window to "Start" the scan. DEP mitigation.

HitmanPro's suggested scan didn't turn up anything nefarious.

This didn't happen during last week's ESET scan; IIRC I was still on the previous build (forget which one, sorry).

I took a screenshot of HMP.A's message and can post it here if needed.

Build 187, Vista Home Premium x64, IE8.

 

...does not ask for reboot... excludes Alert. eg: I ran SBIE beta installer that does not prompt reboot. After SBIE beta install... no encrypting. Reboot returned encrypting. My bad. I was not clear...

 

Unfortunately that folder is empty.

 

typically the result from using garbage, like CCleaner...

 

Mitigation DEP
Platform 6.3.9600/x64 06_45
PID 9932
Application C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Description Google Chrome 43
____________________________________
Update: never mind figured out what prompted DEP