HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. JayKatai

    JayKatai Registered Member

    Joined:
    Dec 16, 2015
    Posts:
    23
    Definitely, just showing HMPA can detect tray processes as long as you bring them to the front, as you can see ESET is in the non protected list because I opened the GUI from the tray.
     
  2. hitman_user

    hitman_user Registered Member

    Joined:
    Nov 25, 2015
    Posts:
    18
    oh sorry :( you are right, i overlooked it!
     
  3. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    977
    Location:
    UK
    ahh thanks, so I guess it does its detection via detecting an app window or something.

    any idea for windows system processes like svchost?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Don't add system processes. That is not what is designed for an if you do, soon you will be wondering why your system is a mess.
     
  5. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    494
    Location:
    italy
    :thumb:





    What about generic Microsoft processes?
    “System and network services are also out-of-scope for EMET. Although it is technically possible to protect these services by using EMET, we do not advise you to do this.”
    [source] (
    the same precept obviously applies to Alert3)


    Furthermore, keep in mind these remarks:

     
  6. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    977
    Location:
    UK
    yeah I havent protected security software, but why the advise to not harden svchost? is that process immune to exploitation?
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,614
    Location:
    DC Metro Area
    Hi :)

    Does the HitMan Pro/HitMan Alert license auto-renew?
     
  8. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,577
    Fortunately, it does not auto-renew.:thumb:
     
  9. plat1098

    plat1098 Guest

    You are correct. The notice, in this case, was triggered by an unsigned installer, according to HMP-A Support. Thanks to all who contributed to this issue.

    plat1098
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi plat1098

    Glad you got it sorted out.

    Pete
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If something should trigger a false positive, down goes your system
     
  12. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    977
    Location:
    UK
    That may be but I thought this was a serious security tool not one that holds your hand too much.

    Another issue is that the keyboard encryption only works on apps added to the protection list, this means the windows search bar, as an example doesn't have encrypted key presses.

    The lack of ability to add any process puts the marketing claim of fine gain control equal to emet into question, that's all really.

    Since no rep's are here I will email support and see what they say.
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Why would need encryption on the windows search bar.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You can add any application to keystroke encryption by adding it to the Other template.
     
  15. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    494
    Location:
    italy
    o_O
    :rolleyes:
    o_O


    i really hope that someone who is native English speakers will be able to explain to you what alert3 is because, frankly, i don't think you have it very clear...

    Se vuoi invece che te lo spieghi in italiano, allora...
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    svchost is used by tons of different services. You could add svchost.exe (via registry) but be prepared that all services relying on it are all mitigated.

    Unlike EMET, we focus with Alert on the average computer user. So we chose to first implement the ability to easily add desktop applications via GUI (with icons and such). If a mitigation is triggered, the application simply closes.

    If you add the ability to easily add services (which can be quite useful) or processes like winlogon.exe then when a mitigation is triggered it might cause unexpected behavior. Note: this also applies to EMET.

    So you can add ANY process to be mitigated through registry editing. Easy adding via GUI is currently only for desktop applications. In the near future we will add adding via a picklist or browse for exe.

    @test is right in his post above https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-338#post-2557972

    Hope this helps.
     
    Last edited: Jan 21, 2016
  17. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Just a thought, maybe not worth it in practice, but perhaps being able to set only services to Silent Audit would help here? That way desktop applications are still terminated while you also get alerts (?) of services but they aren't terminated.
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    A per-process audit. Certainly do-able. I will discuss with the team.
     
  19. hjlbx

    hjlbx Guest

    @erikloman
    @markloman

    Windows 8.1 x86-64 Clean Install
    HMP.A 3.1.1 build 351

    BSOD APC_INDEX_MISMATCH
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you send me the dump located in C:\Windows\Minidump\ ? Send to erik(at}surfright.com
     
  21. hjlbx

    hjlbx Guest

    @erikloman

    Heading your way...
     
  22. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    344
  23. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    I would appreciate if you could check my message too. Thank you!
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We will re-download before the release. Thank you!
     
  25. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    Finally, thanks! Please check your inbox for the download links as I have sent them in case you lost them.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.