HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. solhuebner

    solhuebner Registered Member

    Joined:
    Oct 9, 2013
    Posts:
    7
    Location:
    Malta
    Hi,

    I am currently testing HitmanPro.Alert as an addition for Emsisoft Internet Security.

    I updated to the latest BETA version and tried out their hmpalert-test.exe (Exploit Test Tool) from http://www.surfright.nl/en/downloads/

    But as soon as I renamed the file to just test.exe it was no longer working at all besides the Webcam and Anti Keylogger protection.

    Now I am a bit afraid that the protection is weaker than EMET as I can not add any programs besides the ones they support out of the box...

    Why is there no way to add a program to the protection in the Advanced Interface?

    Kind regards
     
  2. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    488
    Location:
    italy
    hmpalert-test.exe is a simple test tool and it is protected out of the box so, if you rename it, you have to manually add it to protected apps (advanced interface→Exploit mitigation tab→running applications→ ...) otherwise you can only check how Alert reacts to detonating exploit tests in other applications (eg, IE 11...) but not in its own process since it is not 'protected'...
     
    Last edited: Nov 24, 2015
  3. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    554
    Location:
    sweden
    Hi

    Anyone knows about any black friday discount somewhere for HMP Alert ?
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,991
    Location:
    USA
    On the Advanced UI click in the blue Exploit Mitigation square. You should then see "Applications" and "Running Applications" near the bottom. Make sure the application that you want to add is running first and then click on "running applications". There you will be able to add that application to HMPA. There are different templates for different types of applications. If you're not sure which to use list your apps.
     
  5. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    In the advanced interface click on "Exploit mitigation" followed by "Running applications". From there on you're able to add a protection template a currently unprotected program.
    Please keep in mind that software like installation programs or programs that will never be exploited (like CPU temperature meters) should not be protected as this will raise the likelihood of having compatibility issues.

    By default HMP Alert, MB Anti-Exploit and EMET protect most applications that have a chance of being exploited.
     
  6. solhuebner

    solhuebner Registered Member

    Joined:
    Oct 9, 2013
    Posts:
    7
    Location:
    Malta
    Makes sense. Thanks!
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
    @erikloman and @Triple Helix: I have raised the issue with Webroot Customer support, and they replied: 'We are most certainly interested in compatibility and to do so we'll need to work with our development team. This will require that we first reproduce the issue internally and have clear easy to understand instructions to pass to development. If possible, please reply with step by step instructions on how to reproduce, including any downloads and software that may be required, and expected result versus the actual result.'
    I have replied with the required info, so that they can replicate this.
    It's a small issue really (if the encryption itself still works as stated earlier), but it would be nice if they can provide a fix for the encryption indicator.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.0 users are now automatically updated to Alert 3.1 build 340.

    Changelog (compared to 3.0):
    • Added full support for Windows 10, including TH2.
    • Added support for Microsoft Edge browser.
    • Added Exploit Mitigation support for Windows Apps (Metro applications).
    • Added Anti-Ransomware install mode.
      This mode supports Windows Server 2008 R2 (or newer) environments. Requires Server license.
    • Added support for 6th generation Intel® Core™ processors (codename Skylake).
    • Added SysCall mitigation.
    • Added WoW64 mitigation.
    • Added untrusted font mitigation for computers running Windows 10.
    • Added VTable Hijack mitigation on Adobe Flash.
    • Added new Colored Window Border implementation to support Windows Apps (Metro applications).
    • Added new Keystroke Encryption implementation.
    • Added GUI access to alert logs in Windows Event Viewer (on Windows Vista and newer).
    • Added Control Flow Guard support.
      All binaries of HitmanPro.Alert have been compiled with Control Flow Guard (CFG).
    • Improved DEP mitigation.
    • Improved ROP mitigation.
    • Improved Heap Spray mitigation.
    • Improved Stack Exec mitigation.
    • Improved Stack Pivot mitigation.
    • Improved Safe Browsing intruder detection.
    • Improved USB keyboard handling.
    • Improved Installer/uninstaller.
    • Added Arabic language.
    • Added Danish language.
    • Added Indonesian language.
    Reference: http://www.surfright.nl/en/whatsnewalert
     
    Last edited: Nov 25, 2015
  9. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    554
    Location:
    sweden

    Hi Erik

    Do you guys have any black friday deal/discount going on somewhere ?
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
    Will build 209 still be available for download so Webroot can see how the Encryption Indicator is meant to work (see my post above)?
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The auto-update is enabled so 209 will be upgraded to 340.
    If you want to block the upgrade procedure, write the following registry key:
    HKLM\Software\HitmanPro.Alert\AutoUpdate REG_DWORD 0
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
    I have already upgraded (and the Keystroke Encryption indicator is now gone, due to the WSA issue).
    But I was thinking more of Webroot being able to download 209, so they can see how the indicator should work ...
     
  13. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
    HMPA 3.0.59.209 is still available for download through the link in Erik's signature.
    However, I don't know for how long.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
    I saw that. I have downloaded it in case - I suppose I can always zip it to Webroot if they need it ...
     
  15. Sven Keizer

    Sven Keizer Registered Member

    Joined:
    Oct 13, 2015
    Posts:
    2
    Location:
    The Netherlands
    Erik, Can you explain the Server license? We are currently using a licensed hitmanpro alert, but due to problems we never installed it on any server(in particulair w2k8 r2 terminal server due to problems with our roaming profiles being corrupted wich seemingly was solved the moment we removed hitman pro alert.

    So we just run it local on the desktops.
     
  16. Dark Lord

    Dark Lord Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    120
  17. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    65
    Location:
    Poland
    Hi! I have black screen with cursor on boot up after update. Everything back to normal when HitmanPro.Alert service is disabled.
    My Real-time sec. config: Outpost Firewall Pro, Sandboxie.
     
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,991
    Location:
    USA
    Not yet that I'm aware of, but perhaps sometime this weekend or "Cyber Monday". I missed the last sale so I'm keeping an eye out too :)
     
    Last edited: Nov 25, 2015
  19. pb1

    pb1 Registered Member

    Joined:
    Apr 4, 2014
    Posts:
    554
    Location:
    sweden

    Ok, so anyone of us who finds it first posts it :thumb: .
     
  20. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    109
    I reported it long time ago, but they haven't fixed it yet.

    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-278#post-2528951
    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-280#post-2530879
    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-281#post-2532459
    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-287#post-2536668
    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-292#post-2539075
     
  21. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,892
    Location:
    Hollow Earth - Telos
    When i saw the auto update notice after boot i uninstalled 209 and restarted the computer and then downloaded and installed 340. This seems to work better than installing over the top sometimes based on past experience..lmao
     
  22. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    551
    Location:
    Hengelo
    You are free to perform the update in any way you see fit, but the problem you are probably referring to was found and addressed by our team a few weeks ago. Just give it a try next time!
    And thanks for using our solution, hope you like it! And we're already working on new features, so stay tuned :)
     
  23. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,892
    Location:
    Hollow Earth - Telos
    Does Cryptoguard work if i use Chrome but don't have Chrome protected with exploit mitigation. It looks like cryptoguard does not work on the browser level.
     
  24. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Why would CryptoGuard work on the browser level?
    It should simply prevent any executable from overwriting files at a crazy rate.
     
  25. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    65
    Location:
    Poland
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.