HitmanPro.ALERT Support and Discussion Thread

Unfortunetly my auto update still doesn´t work, i´m on 364 and on the trayicon it shows no update available.

 

There seems to be a conflict between HMPA and BitDefender free edition when trying to download. You have to disable protection in real time from BitDefender to download normally.

 

Win8x64 / HMP.A Build 369
Settings: Show Colored Window border (Audo-Hide is disabled)
Google Chrome is not maximized = Colored Border is always shown (expected)
But if the Chrome-Window is Maximized =
a) After a mouseclick within a website somewhere = Colored Border disappears
b) Type in something = it appears, but after a single click somewhere within a website = it disappears again

Al other protected programs have this colored border all the time, except Chrome.

 

Kaspersky and HMP.A may be conflicting with each other under the hood. I feel uneasy with these:

"The emulator doesn’t scan files using the usual antivirus signatures – it actually executes them. It does this in an artificial environment that emulates a real operating system. This environment contains its own virtual memory, hard drive, registry, network, processes, all possible subsystems… everything needed to make a file ‘think’ it has been executed by a real user on a real computer (not an emulator)."
- https://eugene.kaspersky.com/2012/03/07/emulation-a-headache-to-develop-but-oh-so-worth-it/​

"Disguises the computer as that of a virus researcher, making sandbox-aware self-terminate."
- HMP.A's Vaccination​

In other words:
Kaspersky wants files to think they're running under a real environment when in fact it operates them in an emulated environment.
HMP.A wants files to think they're running under a virtualized environment when in fact it operates them in a real environment.
@erikloman @markloman

 

Could you explain what exactly was probably 32 bit only?
You mentioned Windows 7 x64 machines. On my Windows 7 x64 machines build 369 seemed to fix the issue that I previously reported, with no side effects on 32 bit processes, or so it seemed.

 

Thanks very much.
Interestingly, build 369 doesn't seem to affect the 32 bit software on my system, see my Wednesday 27 screenshots.

 

Also latest Norton Security beta offers this option:

Sandboxing, or isolating potential threats

Cybercriminals attempt to trick security solutions by “packing-up” malware (often-times within legitimate software files) to prevent it from being identified. Norton is extremely proud to announce a new high-performance emulator that uses these cybercriminals' tricks against them. Norton Security will run and analyze unknown and suspicious files in an isolated protected virtual environment to see how they act before allowing the file to be run on the user's device. This helps to ensure the file is safe before it takes up residence and wreaks havoc on a user's device.

Source: https://manage.norton.com/beta

 

I have a question. I noticed that most of my running .exe's have been injected with hmpalert.dll, regardless of whether they are "protected" applications. They remain that way, even with all of the protections in HitmanPro.Alert disabled. I have confirmed this with Process Explorer, using the Ctrl+F to find DLL.

The reason I am asking, is there a way to rule out HitmanPro.Alert if an unprotected application is having issues? I mean short of uninstalling HMP.Alert? Does HMP.Alert automatically do this at install time to all .exe's?

 

I don't think so. The only way to prevent the injecting of hmpalert.dll is to deinstall HMP.A temporarily

 

Firefox 46 64-bit is running dog slow for me too. I saw my memory utilization climb to over 4Gigs. I then re-enabled the utility Firemin which I haven't been running for months (since the 64-bit versions of Firefox went mainline). It seems to be helping a little and is keeping the memory utilization under control, but the slowness is still bad. I haven't checked any Firefox related forums, but these symptoms appear to me to be Firefox-related and not HMP.A-related. I am running HMP.A 3.1.9b369.

 

OK, thanks!

 

I installed HMP.A on a brand-new Windows 10 Pro x64 PC. A visit to the settings showed that the Cryptoguard protection was set to Disabled. Oddly, clicking on Enable doesn't do anything -- Disabled stays checked.

Any ideas? This is HMP.A Build 368.

 

Hi JEAM, is the license active? What color is the license icon? Red, green or black?

 

What antivirus software are you running?

FYI: the slowness is caused by Firefox 46 brand new W^X engine that continously changes memory areas from RW to RX through VirtualProtect. Since many security software performs some memory inspections when VirtualProtect is called (e.g. check for malicious code or exploit behavior), Firefox 46+ runs slower than previous versions and other browsers. The W^X engine is an attempt to beef up security of Firefox as it doesn't have a sandbox like e.g. Chrome, Edge or Opera.

 

So the W^X engine is causing slowness. Thanks Mark for explaining.

 

Mark,

Does that mean we with have to get used to a slow Firefox?

Thanks.

 

i guess so, one reason i ditched FF long time ago in favor of chrome was because its security was weaker; if now it became slower , what is the point of using it

 

Well, I'm not a big fan of Chrome, IE or Edge for various reasons.

 

HitmanPro.Alert injects its DLL into every process so it can determine who's injecting code into your other applications (Safe Browsing), when process hollowing or replacement is taking place (Process Protection), thwart some kernel-level exploits (Process Protection), disrupt unpack routines of some malicious packers (Process Protection), make some sandbox-aware malware think it runs inside a sandbox (Active Vaccination), etc.

But you can add a rule in HitmanPro.Alert so it doesn't inject into (exclude) a particular program. Follow these steps:

1. Open HitmanPro.Alert
2. Click on the gear icon in the top right corner and select Advanced interface
3. Click on the blue tile called Exploit mitigation
4. Select Applications
5. Scroll to the far right and click on Add exclusion
6. Browse to the application you want to exclude

Just out of curiosity, what program do you want to exclude?

 

Well, depends. We were aware of this new engine for a while and we've been optimizing our checks on Firefox, so you won't notice any slowness running Firefox 46+ on a system with HitmanPro.Alert. These improvements were made in HitmanPro.Alert 3.5. But due to other tasks and the complex tests of new features in 3.5 (which take longer than expected), back-porting these improvements to the Alert 3.1 branch was necessary. Hence build 368.

That said, for some of you Firefox 46 still feels slow. If you'd only run HitmanPro.Alert build 368+ and Windows Defender, Firefox 46 is really fast. But if you also have other security software. like e.g. Malwarebytes Anti-Malware Premium and Emsisoft Anti-Malware, on the same system, Firefox could again feel slow. I am currently working with some colleagues to see if we can do some magic for the other solutions too.

 

Cool!

 

I just disabled MBAM Premiuim and FF does seem quicker.

 

that is obvious, MBAM Prem. has its web filter which may slow browsing.