HitmanPro.ALERT Support and Discussion Thread

Good luck Surfright at RSAC.

 

Does keyboard encryption in HitmanPro.Alert 3 work like KeyScrambler? Will it be available in the free version?

 

Shifting from monitoring currently known (and static set of) addresses being targeted by most exploits, to monitoring "stuffing patterns" or looking at the "eggs being planted" to take over code execution logic, would it be fair to conclude that the "currently known" and "most exploits" limitations of EMET are history when using Alert 3.0?

Regarding HMP alert datasheet: there are a few things in the data sheet, which are flawed in regard to MBAE and Trusteer. Protection can be achieved through different techniques, using another techniques does not imply the competition does not provide the same protection. Please search on Why, How, What and hopefully Simon Sinek is able to inspire you to drop this 1980-ties marketing approach.

 

hi, *loman:
can i ask you what you mean for per-file-extention mitigation?

 

This means that when you install a PDF, DOC or XLS (etc) reader it will automatically be added to the corresponding mitigation profile.

 

Yes in the free version.

 

Interesting for HMP.Alert development, all protections in EMET 4.1 bypassed:
http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/

 

All recommendations from Bromium's paper are already in Alert 3, including deep-hooks-only (NtProtectVirtualMemory) and full 64-bit ROP detection. See for example this 64-bit screenshot from last week announcement:
https://www.wilderssecurity.com/attachment.php?attachmentid=241470&d=1392813417

 

hitmanpro alert looks very very nice and it is very informative well done erik and mark lodman

 

Anybody getting event viewer code 214, check for update has failed. Trying again in 3 minutes. Seeing many instances of this error. And I don't see a feature to manually update.

 

Ah I see. Thanks my friend.

I like the idea that you put.

 

that's why I have both running in real time

 

erikloman, can you look into this? It's really annoying! If anyone uses any website regularly that uses Silverlight, you'll eventually end up with as many agcp.exe processes running as you've visited a website that utilizes silverlight.

 

I must say that HitmanPro.Alert v3 is looking quite impressive.

To be honest, v2 was causing problems on my WinXP system, I wonder how stable v3 will be.

 

The problem website I use is www.freestockcharts.com which utilizes silverlight; Hitman Pro Alert is completely locking up this website using Firefox. I don't know if other websites that us silverlight are having this problem. When you try and delete all the agcp.exe instances, it seems to leave mutiple svchost.exe's running and they start consuming like 50% cpu and it just locks Firefox up.

 

Will have a look. Keep an eye on this thread.

 

Awesome, thanks! Have a look at this; this is how I confirmed it's Hitmanpro Alert conflicting with Silverlight:

http://support.microsoft.com/kb/2648047

 

Website works for me with Chrome and HPA.

 

yes, it works initially, but when you close your browser and then open it again and go to that website, agcp.exe reloads and the initial instance never closes, so in the span of a week or so, if you end up going to it multiple times, you'll end up with 1 instance of agcp.exe for everytime you close your browser and reopen it to go back to it. Plus, if you try and end those multiple instances of agcp.exe, I think (could be wrong) it leaves instances of svchost running at high cpu, and using some functions on that website crash Firefox.

 

Confirmed. Will see what is the cause and try to provide a fix.

 

Excellent, thanks. Is that problem happening on other websites that use Silverlight?

 

Oww.. That's bad.. Alert v3 is not compatible with KIS 2014

Hey "erikloman" can you provide a time frame when will a fix with KIS 2014 compatibility can be released
I hope it can be release sooner and quicker

Regards
Dark Lord

 

The conference is nearly over. How did it go? Any good articles about the presentation of HitmanPro.Alert 3 at the conference?

 

We will have it compatible with KIS before beta release.

 

The lingering agcp.exe process has been fixed and tucked into source control.

What other problem?