HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,240
    Even if I add the line for HMPA in Sandboxie settings before installing HMPA I still receive software compatibility
    popup window. In the future, don't check software compatibility box is unchecked.
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    Is this issue only with Chrome? i.e. not Firefox?
    The default settings in my SBIE (5.01.8 ) are as follows: HitManPro is checked by default under software compatibility, and under Defaultbox>Sandbox Settings>Resource Access>File Access>Full Access (All Programs) I have [\Device\NamedPipe\hmpalert] ...
    Is any other tweak required e.g. for Chrome, or should I include "OpenPipePath=\Device\NamedPipe\hmpalert" under Global Settings? I really only use Firefox in the DefaultBox at the moment and haven't noticed an issue, but would like to preclude any problems.
    @bo elam - you can chime in too?
     
    Last edited: Aug 19, 2015
  3. shogun_r

    shogun_r Registered Member

    Joined:
    Aug 17, 2013
    Posts:
    22
    Location:
    Sweden
    By unchecking "software compability" in Sandboxie for HMPA it's works fine for me to use firefox and surf safely. Suppose it's no security issue either because Sandboxie should be safe in it's own (I guess).
     
  4. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    I have tried to reproduce this issue but so far no luck. But what I did found is that you might need to reboot the machine before Trend Micro Worry-Free Business Security is aware of HitmanPro.Alert. If you don't, the system might be unresponsive.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Paul

    On both Win 7 x64 and Win 10 x64, I am using Firefox 40.03, Sbie 5.01.8 and HMPA with no issues at all. I have the OpenPipePath statement in my individual Sandboxes.

    Pete
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Mark and Erik

    When you get a chance could you take a look at Cyberlinks PowerDVD15. Free trial is available. I have had some many alerts, that I just disabled HMPA totally for that app. Would appreciate it.

    Pete
     
  7. molhopicante

    molhopicante Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    135
    Surfright staff are on holiday this/last week?

    I just ask because i don't have a reply from support since 6 days ago.

    It is normal if there are on holiday.

    Otherwise i think it is not normal.
     
    Last edited: Aug 19, 2015
  8. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Hi, our support responds within 1 day during office hours. What is your question about? I cannot find any emails under your nickname in our support database. Maybe it got filtered but I look forward helping you! Thank you!
     
  9. molhopicante

    molhopicante Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    135
    Hi.

    Thank You for your answer.

    If i'm not wrong my ID is id15890.

    I sent an eMail 12/08 (17h40) and got the answer from support 13/08 (12h43), asked for a clarification.

    I answered 13/08 (14h06), and since then i did not have any information.
     
  10. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    THX Mark,
    that was fast and helpful.
    Shame on me, that I didn't find out myself.
    Perhaps the installer should ask for a reboot, like most security software does.

    BTW:
    Today I registered our company as reseller.
     
    Last edited: Aug 19, 2015
  11. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Hi, found it! It got filtered. You have a reply in your e-mail. Sorry for the inconvenience!
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Normally a reboot is not necessary but apparently some business endpoint security solutions are behaving differently compared to their consumer counterparts. We'll take a look in to it. Thanks!
     
  13. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    80
    Location:
    Kissimmee, FL
    Just wanted to say Thanks to Erik for logging into this computer to take a look. He was able to fix the problem with the HMPA driver on 32 bit computers and said it will be fixed in the next update.
     
  14. molhopicante

    molhopicante Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    135
    All OK now.

    Thanks.
     
  15. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    Does anyone have experience of using hitmanpro.alert3 together with Webroot SA? I have a recent install where I WRSA is running and then a few days later I added HMPA3. Whenever I go to view a Youtube video on FF of IE11, any video, I receive a ROP attack alert and the browser is closed down by HMPA3.

    I then changed the WRSA identity / application protection for various FF .exe's highlighted to be "allow" rather than "protect". That resolved the ROP attack alert, but now my https financial sessions cannot be protected by WRSA. I also have Bitdefender Safepay installed, it's a bit cluncky, but I am now having to use it for banking and other sensitive transactions.

    Any clues on how to get WRSA and HMPA3 to co-esist would be nice. I've already tried to set them to ignore each other, but whatever I've done is not sufficient.

    I guess I could also disable the ROP attack alerts for FF, but then I am possibly open to another attack vector, although WRSA might cope with such attacks?

    The thought has also occured to me that there could be significant overlap between these two, so I am open to the suggestion of disabling one of them. To my knowledge WRSA does not mitigate exploits as such, it's there to monitor and pounce on threats, however they get in, but not block the holes in applications?

    Thanks.
     
    Last edited: Aug 22, 2015
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    In the WSA UI go into PC Security, Identity Protection, and Utilities/System Control/Active Process and make sure that HMPA is not being monitored, protected or blocked. I run WSA and HMPA together and have Firefox protected in the WSA Identity Protection section without issues.
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    I was going to say - @Victek is your man! Similarly, I applied his advice and have no problems - with FF, anyway.
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Would it work from HMP.A side by Exclude WSA...?
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
  20. m0unds

    m0unds Guest

  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,736
    Location:
    USA
    Those are quite an impressive test results, m0unds. Thanks for posting... I missed it back when.

    As for Rasheed187's question about HMPA passing MRG Effitas Online Banking / Browser Security Q2 2015 test, it looks like the March 2015 results m0unds posted speak to that.

     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    I have set that but I don't think it is necessary.
     
  23. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    Thanks. Hmpalert.exe is already set to "allow" under PC Security / Advanced Settings. Despite that, I was getting the ROP attack alert using FF until I also allowed FF under Identity Protection / Appliction Protection. I don't know why I would get these issues and no one else. I am also running MSE in real-time, but there I have exluded or allowed the various .exe processes, and vice-versa in Webroot.
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Ah, so from WSA side works okay/best. Thanks. I'm leaning towards a good faith WSA trial. Gathering breadcrumbs before I trial. Thanks again.
     
    Last edited: Aug 23, 2015
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Sounds like you have the settings right. If you search the thread you will find that others have had the ROP alert with the same combination of software; probably something the developers will have to look at.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.