HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    485
    I installed build 351 manually on Monday and everything's working great so far. :thumb:

    Vista Home Premium SP2, x64
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    Indeed Tracker Update is PDF-Xchange's own update mechanism. I tried turning off Application Lockdown, which asks one to restart the application (PDF-Xchange Editor in this case), but the problem still occurred. Also with disabling all mitigations.
    I am assuming temporarily disabling mitigations doesn't require a Windows restart as well.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I felt the same, because obviously I was placed on an 'inferred' ignore list [from my perspective], because I got no replies to my posts in this thread from the developers [subsequent sale to Sophos], recently.

    Just the way the cookie crumbles, I guess. ;) - http://idioms.thefreedictionary.com/That's the way the cookie crumbles
     
  4. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    I decided to trial this software, I installed it on a windows 10 machine which has defenitly never ever used hitman pro alert before but when trying to activate the trial license I get a prompt telling me that "this computer has already had a free trial".
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,331
    Location:
    the Netherlands
    @Tarnak
    As I mentioned, January 1,
    Also to consider:
    With your avatar, you're giving everyone the finger.
    That may not be very helpful.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,288
    Location:
    Among the gum trees
    Have you ever activated HitmanPro on that machine? Until this year both HMP and HMP.A shared a single licence.
     
  7. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    never

    I brought a paid license now anyway (1 year).

    Already found holes in the tool.

    The failed test is using an old DEP exploit test, the tester runs an overflow.exe process to test DEP exploits, which hitman pro alert is failing.

    If I add overflow.exe to EMET and tick the DEP box its mitigated. but there is no way to manually add executables to hit man pro alert I am aware off, it can only let you add currently running processes which seems extremely limited considering its premium price.

    It also shows that just protecting the master process does not protect processes launched by that master process.

    I also noticed plugin-container.exe launched by firefox browsers is also not protected.
     

    Attached Files:

  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    With all due respect, I am not giving the finger to anyone. That happens to be Jackson Browne, giving the finger to someone [in the audience] that is probably yelling something to him, when he was performing on stage at one of the many concerts he has given over the years. :)
     
  9. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    I now managed to add overflow.exe by getting it to show up in the running apps list using a trick and when overflow.exe is added its protected.

    But I am curious why hitman pro alert 3 does not have a manual add button (like the manual exclude button) and why it has an exclude button when binaries are not protected by default.

    Given it doesnt inherit memory restrictions to launched processes, how does it protect e.g. a payload been run from an exploited browser? (emet and mbae also have this problem of course). I would like to see an option to use whitelisting instead of blacklisting so by default all binaries have mitigations applied, and one has to whitelist to exclude.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,331
    Location:
    the Netherlands
    I understand, and although using that image for your avatar can be considered as funny,
    others may find it annoying, or even offensive, and that could be less than helpful if you want anyone's help.
    I'm just saying.
     
  11. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    Well, I guess that is a problem for them. I certainly don't mean to offend, and if offence is taken that is unfortunate.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    The avatar doesn't offend me, but I am curious why you would use it given that it might have a negative impact on you? In any case I'm glad to learn that it's Jackson Brown in the picture and not yourself :)
     
    Last edited: Jan 20, 2016
  13. OnlySomeWhatSavvy

    OnlySomeWhatSavvy Registered Member

    Joined:
    Nov 13, 2015
    Posts:
    13
    01/20/16
    Stupendous Man , paulderdash
    ,
    RE: TrackerUpdater (Using PDF-Xchange Editor pd version)
    I have had no issues during the last two TrackerUpdater updates and HMP & HMPA. But noticed during TU update, HMPA shows it as not protected, however, when launching PDFXchange Editor, PDFXchange Editor is protected. I was wondering about adding it (the updater) to protection list and if so under which template "Other"?.
    Comodo free, Avast free, NoScript and Adblock plus in FF
    PDF-Xchange Editor pd version
    Sbxi pd
    HMP & HMPA pd
    W7 Ult SP1 x64
    Also: HMPA shows Exploit protection Assisted by Hardware
    All above are current versions as of today.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    Yes I have also had no issues previously either with Tracker Updater (used by Tracker Software PDF-XChange Editor, Viewer, etc.).
    Maybe next time there is an update, it may be worth trying adding it to the protection list, template 'Other' (?) though I suspect it won't help ...
     
  15. OnlySomeWhatSavvy

    OnlySomeWhatSavvy Registered Member

    Joined:
    Nov 13, 2015
    Posts:
    13
    01/20/16
    Separate question to
    markloman or all.
    If using VPN software, is it safe/useful/or a good idea, to add it to the protection list?

    HMP & HMPA pd
     
  16. JayKatai

    JayKatai Registered Member

    Joined:
    Dec 16, 2015
    Posts:
    23
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
  18. plat1098

    plat1098 Guest

    Yes, I will do this as replacements may be needed. I uninstalled a LOT already. Sorry if being obtuse, but again, the ROP issue and Lenovo's software? Can I contact Surfright or no? I know about the bloatware, yes!, but some stuff is still useful and convenient. Please reply.

    plat1098
     
  19. plat1098

    plat1098 Guest

    Hi, there!!!
     
  20. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    I hold hand up I guessed on plugin container :p firefox isnt used on my win10 rig.

    I now installed hitman pro alert on my main rig and indeed plugin container is listed.

    However I have noticed that many processes are not detected by hitman alert pro, everything in my system tray is not detected such as proximitron and pidgin, two internet facing apps. Also seems no way to harden system processes like svchost.exe, so I have kept EMET to harden processes hitman pro alert doesnt support. But everything hitman supports I have removed from the EMET apps list so is no conflict. MBAE has been uninstalled.

    Various apps it detects but doesnt protect by default such as steam I protected as well using hitman.

    Regarding the normal hitman pro software, thats a on demand scanner like malwarebytes right, and if I understand right I can also use my license on that? It wont conflict with nod32 a./v as its on demand only? :)

    Thanks

    --edit--

    Noticed when I launch steam I get 2 popups, one for steam.exe and another for the steamwebhelper (the web helper is probably the more important process).
    However in hitman pro alert interface there is no visibility of steamwebhelper.exe either in the configured app section or in the running process section, this doesnt give confidence things are working right so is it possible to make this show up as expected?
     
    Last edited: Jan 20, 2016
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,824
    Location:
    The Netherlands
    Yes I understand, but it's no surprise to me that HMPA now makes the Comodo sandbox malfunction. That is the risk that you take with injecting code into all processes. I'm sure that for the anti-exploit and risk mitigation features, you don't need system wide injection, but Mark and Erik think differently, it's the way they have programmed HMPA, so changing this will be probably difficult.

    Mark, I'm still waiting for a reply to my PM?
     
  22. JayKatai

    JayKatai Registered Member

    Joined:
    Dec 16, 2015
    Posts:
    23
    You can protect any process even processes in the system tray, you just need to bring the app to the front for it to show up in the HMPA process list.

    http://s17.postimg.org/44mn2u18v/hmpa_protect_list.jpg

    Here is a list of my processes, most reside in the system tray, such as OneDrive, Intel Rapid Storage, AutoHotkey, etc and won't show up in HMPA until I bring them to the front, then I can add them to HMPA manually if I'm feeling paranoid about a specific app just by clicking on it and choosing a profile.
     

    Attached Files:

  23. hitman_user

    hitman_user Registered Member

    Joined:
    Nov 25, 2015
    Posts:
    18
    in my opinion you should NOT protect av-software like ESET (shown in your protect-list). they are protected by themselves.
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Sure you can. I believe it's support@surfright.nl
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Rasheed.

    Remember the dll injection into every process has nothing to do with exploit mitigation. It has to do with the browser protection. Also I don't have any problem on my system with what I run either on Win 7 or Win 10, so either it's win 8.1 or another conflict on your system
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.