HitmanPro.ALERT Support and Discussion Thread

Yes.
Best regards.

 

Tested with the latest version of Chrome and the version 369 HPA. The continuous the incidence.
Best regards.

 

Hello Mark, i upgraded to version 369; bad result as you will see : http://sendvid.com/xj6br8ci
I give up

 

For two nights in a row Firefox 46.0 crashed with a low memory warning on my PC (with HMP.A 368/369).

I have no idea whether this is HMP.A related or a memory leak in FF. Anyone else experiencing this as well?

 

I upgraded to the prerelease and everything is back to working perfectly in Win 10 64.
There was high CPU usage as Hitman alert was trying to run all the time and CPU temps were higher than normal as a result.
Firefox 46 was also very slow and crashed at times.

Thanks for the quick upgrade.

 

Well Erik and Mark, I thank you again. Build 369 fixed the problems I was having that I reported last week. Thankfully I hadn't reinstalled Windows 7 yet.

 

Build 369 fixed an issue with PdfForge converter, that stopped convert from docx to pdf. (WIN8.1-64)

 

I switched to Firefox 64-bit build 46 due to the crashes caused by HitmanPro.Alert. As of now, Running FF 46 with HMP.A 3.1.9 build 369 (installed on top of previous build to Update) lets Firefox 46 (x64) work better. Still slow rendering but crashing is minimal. On Windows 10 Home 64-bit Machine with ESET Smart Security v9.0.375.0. HitmanPro.Alert Modules are added as exclusions in the Advanced settings here.

I have noticed some increased key scrambling (gibberish) instead of what is typed. Keystroke Encryption is enabled.

 

I'm using Cyberfox 46 x64 and it is still running slow. Probably not as slow as before but not as quick as it should.

Alert build 369.

Edit: And the longer I have Cyberfox x64 open the slower it gets.

 

It was discovered some time ago that WSA Identity Shield interfered with HMPA keystroke encryption indicator. Is that the problem you're seeing?

 

What is it about the GUI that needs to be improved?

 

With build 369: Firefox 46.0 (32 bits) feels and renders slower while opening a new webpage (via a new tab).

 

You have to be aware that the latest version of Alert will always be unknown to Webroot's cloud, hence it will be monitored and WSA will prevent it from interacting with the browser, which Alert is heavily dependent upon to do its job. You could always check under "control active processes" (right click WSA taskbar icon) if Alert is monitored. You should change it to allow.

 

Also with the safe navigation and mitigating exploits. I have to disable the protection of identity to use Chrome.
Best regards.

 

given that my opinion is subjective, i believe that there are room for improvement for eg:

[1] we don't have the ability to identify apps that do not have all mitigations active directly from the main GUI (if in advanced mode; ATM, infact, user can only check 'on the fly' if a specific App in the list has mitigations on/off)
[2] the field that shows shielded apps is limited to 16 entries (could be extended at least to 24)...
[3] if i buy Alert, i already know its advantages (/benefits?) so i'll replace this field with more informative part, for eg is Alert in Terminate or in Audit mode?
[4] i'd like to change (at least global) settings only with consent...
....

 

369 definitely was an improvement over 368, but I am experiencing the same with FF46 x64 on Win 8.1 x64, as well as a greater lag with typing sometimes.
Would have to uninstall to see if this is due to HMP.A though.

 

Apparently the Colored Window Border is not working on Nitro PDF - its window is drawn differently compared to the other applications on your machine.
But no worries, the application is properly protected though. If you change the setting of Safety notification from Once per logon session to At application start you will see that Nitro PDF is protected when you start it (a notification flies onto the screen in the top right corner). Its protection status is also visible in the Running applications overview when Nitro PDF is running.
We'll take a look at it, why the border is not drawn. It's just a cosmetic issue. Thanks!

 

I will modify the settings to see if I get the security warning with NitroPro.
I'm not worried .... i just wish everything was working properly.
Thanks, Mark.

 

I must respectfully disagree that the incompatibility has to do with HMPA builds being unknown to Webroot's cloud. I used WSA for a long time along with stable builds of HMPA and making sure that WSA was not monitoring or protecting HMPA didn't make a difference. HMPA's keystroke encryption indicator would not work with WSA Identity Shield enabled. It was also not clear whether or not the actual keystroke encryption was disabled as well. More important to me was the fact that Webroot was not really interested in troubleshooting the issue; I moved on.

 

Erik, did you miss my earlier post?

Please reply regarding the following.

1 - Some apps (such as securecrt) dont show the encrypted typing border when they are encrypted.
2 - Are you still planning to allow the end user to configure a custom temp folder in HMPA?, as using %temp% breaks many security setups.

 

I've just checked things with an evaluation version of Secure CRT 8.0. The live keystroke encryption works as expected though:

Make sure you have enabled Show live keystroke encryption in colored window border under Safety notification.
Also make sure the window is wide enough so the colored window border can draw the live keystroke elements. If it is too narrow, the border won't show.

Regarding your other question, what is the exact problem with %temp%? Would love to change things but I need some examples why %temp% is a problem. Thanks!!!

 

I block executables in %temp% meaning whenever there is an update for HMPA it will initially fail (it even uninstalled itself once) and then I have to manually allow %temp% to get it updated. It really is a bad security practice for windows to have installers using that folder. This is also a problem when running a scan as for some reason you guys generate an exe in %temp% when a scan is run.

Surely its trivial to add a config option to allow a directory of the admin's choosing? even if you make it only a registry key.

Also some good news, after a reboot chrome and flash seems fine, and HMPA is still enabled, I have disabled some of the protections based on chrome dev rccomendations, but will reenable those later to see if the performance stays good or not.

The keystrokes border is enabled as e.g. I see it on chrome. Just not securecrt.

 

I am still seeing random crashes in W7-32bit in modules that have been injected by HMPA. This usually happens when booting after the desktop appears. This is not specific to one version of HMPA. In the earllier stages of HMPA, this happened frequently. It doesn't happen often now, but it still happens. There are always 2 crashes and 2 .dmp files for the same module. It appears the injection process does not always function correctly. I mentioned the problem before, here. The crashes occur both in trial mode and in trial expired mode. I do not see these kind of crashes when HMPA is not installed.

 

I have %temp% located on a ramdisk, so HMPA never updates automatically.

As it`s the only program I`ve ever had trouble with due to the Temp folder being "off-disk", the option to redirect would be useful.

 

Ah, now I know why they always fail on my PC as well...