HitmanPro.ALERT Support and Discussion Thread

I cant add windows system processes to any template tho.

 

As Peter and test have said previously, I think you'll be giving yourself problems if you could add system processes to this list. You may end up with unexpected behaviours if and when mitigations occur, especially if the issue turns out to be a false positive.

The advice is NOT to add system processes.

 

Did you run the HitmanPro.alert install.exe as administrator?

 

Another user had this problem, which he mentioned in post #2190 of this thread. Eric provided a solution in post #2091. Just give it try. If this isn't the solution to your problem, you should get in touch with the SurfRight support team.
https://www.wilderssecurity.com/thre...discussion-thread.324841/page-88#post-2405635

 

Like I said, it's technically possible to do the same without system wide injection, think of Trusteer Rapport and G Data BankGuard. Actually, I believe that Mark has explained that it's not just related to safe browsing, but also to anti-exploit and anti-ransomware, and this approach also has big advantages. But anyway, I don't think that Mark and Erik will change this, so perhaps there's no point to bring it up again. The only reason I did, was because of the new Comodo sandbox conflict that was reported, which reminded me of my SBIE problem.

Thanks for the PM Mark, I appreciate it, especially because I know you're very busy.

 

better a crash than been exploited.

I am sure HMPA dev's can test to see if is stable, then if it is then allow the function.

explorer,svchost can both be safely mitigated with EMET.

 

@chrcol : Do what You like...

But don't ask for support, if Your system crashes, or behaves strange.

HMP.A is a very well designed piece of software, designed to use as it is.

If You like to add Your own migations, it's up to You, to deal with issues.

 

As said by Erik, you can add any process through the registry:
https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-338#post-2558065

 

Is that supposed to be a reason why they cant test for stability themselves and allowing the option (even with a disclaimer).

We should all strive for improvements in software and always keep developers on their toes rather than saying your product is perfect you can all sit back and relax.

Given the claims on hitman pro's website that is has equal configuration capability to EMET I would say its up to them to make it clear the suite is only able to protect foreground user processes, rather than down to me.

Issues are just as likely in user apps such as browsers as is with explorer anyway, you talk as if one is safer than the other and there is somehow 100% chance of issues because you say so.

Also what makes you think I would ask for support if a mitigation causes a crash? I am obviously aware that not all executables will be compatiable with mitigations techniques in which case I would diagnose and disable the mitigations that cause the instability.

e.g. I noticed the "process protection" feature in risk reduction settings was causing wmiprvse.exe (before you ask that process is not mitigated by anything ) to start using heavy cpu usage, I dont know specifically why but I disabled the feature and thats that. Although I might ask what type of attacks that specific protection is aimed at so I am aware of the risks of keeping it turned off.

 

Eric did say in his reply (here) that you could add system processes, like svchost.exe, via the registry bearing in mind all services relying on it will all be mitigated hence the issues that may ensue. Eric also said test was correct in what he/she said (here) that whilst it's possible to protect Microsoft processes by using EMET or HitmanPro.Alert, it is generally advised not to do so with either product.

Having said all that, if you're comfortable with editing the registry and are aware of the potential issues, you do this at your own risk.

 

is that person a rep?

I wont be hacking those in via the registry, for now I will just keep them mitigated via EMET.

Thanks to the earlier tips tho I have managed to mitigate my system tray stuff now via HMPA

 

what a pity, it is under these circumstances that i regret not knowing English language

All this talk about system processes....and i bet you still use XP or, at best, 7


In italiano sono evidentemente pronto a discutere le minchiate emerse in questi ultimi post...


For ex, if you are truly concerned on security, Window 10 (or at least 8.1) is mandatory! (there are too many reasons that explain this verdict [1, 2, 3 and so on])...

Alert, then, has the role of protecting legacy applications and to provide Anti-ROP protection for 3rd party software but cannot compensate for weakness of ancient OS (i mean weakness in the core of OS itself).



Again, if you find someone that is able to translate italian→english, i'm happy to assist you in undertanding because ATM you are truly confused

 

If you're referring to @erikloman, he is one of the developers of HitmanPro.Alert.

 

You are right. I am confused. What are you talking about?

 

I'm getting a blue screen with an error message (w7 x64)

http://naplestech.com/images/bad-pool-header-error-screenshot.jpg

http://s2.postimg.org/qxst1hiax/Untitled.jpg

 

@erikloman

Did the BSOD dump reveal anything ?

 

No sadly it did not. Nothing in the dump that points to HMPA. If it happens again, let me know.

 

You should set "Write debugging information" to other than (none). This way a dump is written and you can send it to someone to figure out the source of the problem.

 

Well, no definitive answer is not always a bad thing... LOL.

 

NIS blocked the thread discussion mentioned within link #2 above:

 

Is it safe to use a volume encryption program such as VeraCrypt or an archiving program with file encryption such as 7-zip with HMPA and Cryptoguard feature enabled ?

In my case I use both VeraCrypt and 7-zip to store sensitive data. I have HMPA installed with the Cryptoguard feature enabled. I even added 7-zip (file manager and GUI) and VeraCrypt to the "Other" Exploit mitigation category so that it makes more difficult for an eventual keyloger or spyware to steal my encryption passwords.

Is is a safe setup ?

Or should I disable Cryptoguard when I use encryption ?

I don't want HMPA to stop 7-zip or VeraCrypt and damage my precious sensitive data.

Thanks

 

Had the same issue and what I do now is to temporarily disable the CryptoGuard feature under the Risk Reduction section of the HMP.A features. Once I have encrypted or decrypted I just re-enable the feature...et voila.

Regards, Baldrick

 

I certainly dont use XP which is EOL but it is reasonable as a user of windows 7 which is not EOL (also wouldnt class it as ancient either) to expect microsoft to patch exploits given they have a support contract with the end user for many years yet, so that UAC document serves to point out they are failing in that contract.
I will be moving many of my machines to windows 8.1 in the upcoming weeks but wont be using windows 10 outside a test machine due to the high amount of bugs, the oppressive update behaviour and the rapid development model.

However your post has only served to strengthen my argument which is one should not solely rely on the software (os vendor) for security mitigation.

Even tho we have all these claims that there is no reason for hitman pro to provide higher coverage of protection it simply seems to be covering up lazyness on the developer's part to do this.

I think for sure there is no excuse for microsoft not backporting security fixes from 10 to 8.1 given they have almost equal feature set's.

So basically what you have just told me because microsoft have left security holes in software they still officially support it is a good idea for security tools to not protect microsoft software, ok.