HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    254
    Unfortunately, it is not between mitigation programs the ESET Banking & Payment protection (browser).
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,335
    Location:
    the Netherlands
    Another option could be to ad the ESET Banking & Payment protection browser as an exclusion to HMP.A.
    To do so, you need to know (or look for) the exe for the ESET Banking & Payment protection browser.
    Then open the HMP.A user interface,
    in settings, choose Advanced interface,
    click the blue Exploit mitigation tile, and then Applications,
    scroll to the right, and under Exclude, choose Add exclusion, navigate to the ESET Banking & Payment protection browser exe, and add it as exclusion.
     
  3. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    254
    Unfortunately not, because It is not independent programs ("C:\Program Files\ESET\ESET Smart Security\ecmd.exe" /startprotectedbrowser), it is my default web browser. If I stop hitmanpro.alert thus:

    Snap4.png Snap3.png

    it is also not running the ESET Banking & Payment protection browser.

    I'm sorry, if I have not written clearly.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    The problem is the ESET Banking & Payment browser is actually the default browser, eg IE, Firefox or Chrome, uniquely configured; excluding the default browser wouldn't be a good solution even if it works.
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,335
    Location:
    the Netherlands
    Thanks, I misunderstood.

    But now I'm not sure if you, feerf56, understood Peter2150's suggestion.
    Peter did not mean you'd disable safe browsing and all Firefox mitigations, but only the mitigation that is mentioned in the HMP.A report. You might only need to disable one mitigation.

    However, as I don't use ESET myself, I suppose I may not be the best help.
    Perhaps someone else - someone using ESET - may know exactly what to do.
     
  6. plat1098

    plat1098 Guest

    Well, I gave it the college try....

    la.PNG
    stack o hmpa threads.PNG
    I like the 64 bit Firefox version better though, it runs better than the 32 bit. Now if only SurfRight would re-activate my license key, already asked twice via email. They must be very busy.
     
  7. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    ESET's banking protection tries to isolate the browser from other applications, so these other applications cannot interfere with the browser. Alert digs deeply into the browser in order to look for intruders and provide exploit protection. Alert does exactly what ESET tries to stop. I suggest disabling ESET's secure browsing function, because it cannot coexist with Alert.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What version of Alert are you running? Any other AVs?
    Send me a PM, I'll fix your key. Support is currently understaffed and new personel is getting up to steam and doing their best. Others are finishing up Sophos integration. New build will arrive early next week!
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is accurate :thumb:
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I'm back from vacation. Mailbox flooded but I worked through most of it now.

    I want to thank everybody for their patience and also for their work here in this thread answering questions. Great community work!

    I will do my best again to help out when community is unable to answer tough questions!

    Cheers,
    Erik
     
  11. plat1098

    plat1098 Guest

    Hi, Erik Loman!
    Only Windows Defender/firewall, that's it. Windows 10 v. 14393.105/Firefox 64 bit v.48.02 w/uBlock Origin add-on, plug ins are the Cisco and Google Widevine modules, Adobe module is disabled. That's all. Crash happens when gmail bookmark is clicked. All mitigations, including DEP, are enabled in HMPA's interface. Because it's just Windows AV, I don't wish to disable anything in HMPA's interface. HMPA is build 3.5.1, version 552 beta.

    It's nice another build is coming up.
     
  12. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    254
    Maybe I did not understand, but I thought that if I disable all of them function (see above in the images), it should work, but It will not work (ESET Banking & Payment browser). Therefore, if you disable the cause of the problem is not going to work.

    FleischmannTV + erikloman: I understand you. Could It be solved, to be compatible with the browser of ESET?
     
    Last edited: Sep 2, 2016
  13. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    It would probably need a feature to exclude protections for child processes based on the parent program starting the process
    ie: exclude firefox when started by eset securebrowser

    I believe there is a feature to enforce protections on child processes already, not sure if there is one to exclude protections for child processes

     
    Last edited: Sep 3, 2016
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,335
    Location:
    the Netherlands
    Thank you, feerf56.
    Based on Peter2150's suggestion, you were right to think that disabling all mitigations should work.
    I misunderstood the part where you said "it is also not running the ESET Banking & Payment protection browser." I got confused.

    However, as FleischmannTV said, and as Erik confirmed:
    So, for now, disabling ESET's secure browsing function seems to be the only option available.
    I hope there can be found another solution, but if I understand FleischmannTV's post correctly, disabling ESET's secure browsing function is the only option available, for now.
     
  15. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118

    It's great to have you back. :)
     
  16. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    + 1, uncle Erik! :D
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    My first nephew and he's awesome :cool:
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,291
    Location:
    Among the gum trees
    :thumb: My belated congrats, Mark and family. :)
     
  19. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    Need help with Privazer when I use the delete function(Privazer) cryptoguard kick-in preventing Privazer from doing its thing, I even unblocked it, still the same.. any advice?!
     
  20. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    Congrats...
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,335
    Location:
    the Netherlands
    What exactly do you mean you unblocked it?
    I suppose you have two options:
    if such option is available in Privazer, you can set it to only delete, without overwrite,
    or before using Privazer you can temporarily disable CryptoGuard, and re-enable it after using Privazer.
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This can currently not be helped as Privazer is overwriting the files with random data (looks like encryption).

    We are looking into ways to exclude these tools.

    Note: Secure delete is a bit nonsense, especially on SSD because overwriting a file does NOT overwrite the same blocks on your SSD. The SSD uses wear-leveling making sure it is not writing to same location. So if you are overwriting the original file with random info (secure delete), the original blocks are just marked as free and new blocks are written. If authorities gets hands on an SSD, even if you use secure delete, they will be able to get a lot of data back from the freed blocks.
     
  23. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Thank you for this very useful addition!
     
  24. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    Congratulations from me as well :)
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    To be clear CryptoGuard is not application specific and so excluding applications is not a solution. CryptoGuard responds to the file encryption process and secure deletion mimics that process. Currently the way to handle this is to temporarily disable CryptoGuard while you're deleting files, and then turn it back on when you're done.
     
    Last edited: Sep 3, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.