HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Unfortunetly my auto update still doesn´t work, i´m on 364 and on the trayicon it shows no update available.
     
  2. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    169
    There seems to be a conflict between HMPA and BitDefender free edition when trying to download. You have to disable protection in real time from BitDefender to download normally.
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,428
    Win8x64 / HMP.A Build 369
    Settings: Show Colored Window border (Audo-Hide is disabled)
    Google Chrome is not maximized = Colored Border is always shown (expected)
    But if the Chrome-Window is Maximized =
    a) After a mouseclick within a website somewhere = Colored Border disappears
    b) Type in something = it appears, but after a single click somewhere within a website = it disappears again

    Al other protected programs have this colored border all the time, except Chrome.
     
  4. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Kaspersky and HMP.A may be conflicting with each other under the hood. I feel uneasy with these:

    "The emulator doesn’t scan files using the usual antivirus signatures – it actually executes them. It does this in an artificial environment that emulates a real operating system. This environment contains its own virtual memory, hard drive, registry, network, processes, all possible subsystems… everything needed to make a file ‘think’ it has been executed by a real user on a real computer (not an emulator)."
    - https://eugene.kaspersky.com/2012/03/07/emulation-a-headache-to-develop-but-oh-so-worth-it/

    "Disguises the computer as that of a virus researcher, making sandbox-aware self-terminate."
    - HMP.A's Vaccination​

    In other words:
    Kaspersky wants files to think they're running under a real environment when in fact it operates them in an emulated environment.
    HMP.A wants files to think they're running under a virtualized environment when in fact it operates them in a real environment.
    @erikloman @markloman
     
    Last edited: May 1, 2016
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Just as an update "Da Man" is working on it. Turns out it was probably 32 bit only. Support is sure top drawer
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,211
    Location:
    the Netherlands
    Could you explain what exactly was probably 32 bit only?
    You mentioned Windows 7 x64 machines. On my Windows 7 x64 machines build 369 seemed to fix the issue that I previously reported, with no side effects on 32 bit processes, or so it seemed.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Only effected 32 bit software, such as FF, Adobe, and several others.
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,211
    Location:
    the Netherlands
    Thanks very much.
    Interestingly, build 369 doesn't seem to affect the 32 bit software on my system, see my Wednesday 27 screenshots.
     
  9. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    938
    Also latest Norton Security beta offers this option:

    Sandboxing, or isolating potential threats

    Cybercriminals attempt to trick security solutions by “packing-up” malware (often-times within legitimate software files) to prevent it from being identified. Norton is extremely proud to announce a new high-performance emulator that uses these cybercriminals' tricks against them. Norton Security will run and analyze unknown and suspicious files in an isolated protected virtual environment to see how they act before allowing the file to be run on the user's device. This helps to ensure the file is safe before it takes up residence and wreaks havoc on a user's device.

    Source: https://manage.norton.com/beta
     
    Last edited: May 2, 2016
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    847
    Location:
    USA
    I have a question. I noticed that most of my running .exe's have been injected with hmpalert.dll, regardless of whether they are "protected" applications. They remain that way, even with all of the protections in HitmanPro.Alert disabled. I have confirmed this with Process Explorer, using the Ctrl+F to find DLL.

    The reason I am asking, is there a way to rule out HitmanPro.Alert if an unprotected application is having issues? I mean short of uninstalling HMP.Alert? Does HMP.Alert automatically do this at install time to all .exe's?
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,428
    I don't think so. The only way to prevent the injecting of hmpalert.dll is to deinstall HMP.A temporarily
     
  12. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    188
    Location:
    Canada
    Firefox 46 64-bit is running dog slow for me too. I saw my memory utilization climb to over 4Gigs. I then re-enabled the utility Firemin which I haven't been running for months (since the 64-bit versions of Firefox went mainline). It seems to be helping a little and is keeping the memory utilization under control, but the slowness is still bad. I haven't checked any Firefox related forums, but these symptoms appear to me to be Firefox-related and not HMP.A-related. I am running HMP.A 3.1.9b369.
     
  13. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    847
    Location:
    USA
    OK, thanks!
     
  14. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    466
    I installed HMP.A on a brand-new Windows 10 Pro x64 PC. A visit to the settings showed that the Cryptoguard protection was set to Disabled. Oddly, clicking on Enable doesn't do anything -- Disabled stays checked. o_O

    Any ideas? This is HMP.A Build 368.
     
  15. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    561
    Location:
    Hengelo
    Hi JEAM, is the license active? What color is the license icon? Red, green or black?
     
  16. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    561
    Location:
    Hengelo
    What antivirus software are you running?

    FYI: the slowness is caused by Firefox 46 brand new W^X engine that continously changes memory areas from RW to RX through VirtualProtect. Since many security software performs some memory inspections when VirtualProtect is called (e.g. check for malicious code or exploit behavior), Firefox 46+ runs slower than previous versions and other browsers. The W^X engine is an attempt to beef up security of Firefox as it doesn't have a sandbox like e.g. Chrome, Edge or Opera.
     
    Last edited: May 2, 2016
  17. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    938
    So the W^X engine is causing slowness. Thanks Mark for explaining.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,556
    Location:
    Among the gum trees
    Mark,

    Does that mean we with have to get used to a slow Firefox?

    Thanks.
     
  19. guest

    guest Guest

    i guess so, one reason i ditched FF long time ago in favor of chrome was because its security was weaker; if now it became slower , what is the point of using it :D
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,556
    Location:
    Among the gum trees
    Well, I'm not a big fan of Chrome, IE or Edge for various reasons. ;)
     
  21. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    561
    Location:
    Hengelo
    HitmanPro.Alert injects its DLL into every process so it can determine who's injecting code into your other applications (Safe Browsing), when process hollowing or replacement is taking place (Process Protection), thwart some kernel-level exploits (Process Protection), disrupt unpack routines of some malicious packers (Process Protection), make some sandbox-aware malware think it runs inside a sandbox (Active Vaccination), etc.

    But you can add a rule in HitmanPro.Alert so it doesn't inject into (exclude) a particular program. Follow these steps:
    1. Open HitmanPro.Alert
    2. Click on the gear icon in the top right corner and select Advanced interface
    3. Click on the blue tile called Exploit mitigation
    4. Select Applications
    5. Scroll to the far right and click on Add exclusion
    6. Browse to the application you want to exclude
    Just out of curiosity, what program do you want to exclude?
     
  22. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    561
    Location:
    Hengelo
    Well, depends. We were aware of this new engine for a while and we've been optimizing our checks on Firefox, so you won't notice any slowness running Firefox 46+ on a system with HitmanPro.Alert. These improvements were made in HitmanPro.Alert 3.5. But due to other tasks and the complex tests of new features in 3.5 (which take longer than expected), back-porting these improvements to the Alert 3.1 branch was necessary. Hence build 368.

    That said, for some of you Firefox 46 still feels slow. If you'd only run HitmanPro.Alert build 368+ and Windows Defender, Firefox 46 is really fast. But if you also have other security software. like e.g. Malwarebytes Anti-Malware Premium and Emsisoft Anti-Malware, on the same system, Firefox could again feel slow. I am currently working with some colleagues to see if we can do some magic for the other solutions too.
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,556
    Location:
    Among the gum trees
    Cool! :)
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,556
    Location:
    Among the gum trees
    I just disabled MBAM Premiuim and FF does seem quicker.
     
  25. guest

    guest Guest

    that is obvious, MBAM Prem. has its web filter which may slow browsing.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.