HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,234
    Location:
    USA
    Well I be da.. Lol I have not used Windows 8 yet. To someone that has never used Windows 8 it just looks like it is cut off. I'm using Windows 7X64 Ultimate. I have 8 machine, but none of them have Windows 8. I just can't afford to throw out the cash for Window 8 right now. I'm a student again, and students are poor. I think it will be best to wait for Windows 9 anyways. Thanks!
     
  2. fmon

    fmon formerly: Impet

    Joined:
    May 5, 2013
    Posts:
    1,114
    Sometimes I think HitmanPro.Alert decreases browser performance. What do you think? :doubt:
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What browser are you using? Which part of the browser experience is slowing down?

    Keep in mind that the CTPs are development builds and do not reflect the features and performance of a released product.
     
  4. I did some testing, but all dll injecting security programs delay .2 to .3 secs in browser launch (tested both IE and Chrome), delay in rich content execution could not be reliable tested because it was minimal. Maybe some incompatibility, ask developers to analyze the logs.
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,402
    You are not alone...I got caught out too. I hardly ever use the scroll button on my mouse.

    P.S. I have to use OSK to capture first, then I can copy and past into paint, otherwise when I use my screenshot capture program via a 'hotkey', the browser window, disappears.

    Once, it is open in paint then I select how much to save using my Gadwin Printscreen program. Still haven't figured out why this is happening, now. It never used to need to open OSK, before.

    ScreenShot_HMPA_didn't know about using the scroll button to see more_01.gif
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3 Build 79 CTP3

    With each Community Technology Preview (CTP) of HitmanPro.Alert 3 we introduce new features for compatibility testing. CTP1 was our first development release of HitmanPro.Alert 3 wherein we introduced our hardware-assisted exploit mitigations. A few weeks later, with CTP2, we added the ability for users to add and protect custom applications through an easy-to-use Running Applications interface.

    Now, for CTP3 we enabled our network inspection driver and Java lockdown, while we also expanded support to all Intel Core i3, i5 and i7 processors for our hardware-assisted mitigations.

    HMPA3CTP3.PNG

    As before, this preview is released here at Wilders Security Forum only. A CTP is not to be used in production environments and for extra clarity we also added the "Not for review" phrase to this build. This as not all features are fully implemented yet.

    Release notes
    • Improved hardware-assisted control-flow integrity (CFI) for detection of sophisticated ROP attacks.
      CFI now supports all Intel Core i3, i5 and i7 processors from November 2008 and later, including codenames Nehalem, Westmere, Sandy Bridge, Ivy Bridge and Haswell.
    • Improved stack-based ROP mitigation for legacy Windows XP in virtual environments.
    • Improved repetition-based detection of attack code that starts via the heap (Dynamic Heap Spray).
    • Improved recognition of attacker-executed processes.
    • Improved compatibility with local Java applications and games.
    • Improved Restart Application handling when altering exploit mitigations of in-use applications.
    • Improved malware scan after installation.
    • Improved detection of Java runtime and added more media file types to the Software Radar.
    • Enabled network inspection layer to analyze and log attack pages.
    • Enabled the Java Lockdown security feature to block communication channels from malicious Java applications in the browser.
    • Enabled the alert counters on the main window.
    • Fixed BSOD on legacy Windows XP running on physical machine with Intel Core processor from 2011 or newer.
    • Fixed prolonged “Please wait” during boot on some computers.
    • Fixed compatibility issue with video streaming on e.g. Magine.com, which employs Digital Rights Management (DRM).
    • Fixed compatibility issue with the Microsoft MPEG2 audio and video plug-in.
    • Fixed compatibility issue with iTunes for Windows.
    • Fixed a memory leak in internal message handling.
    • Fixed event ID 6281 that caused audit failures.
    • Removed "New Process" and "Deny New Process" from Exploit Mitigations as they are now automatic and integrated into other mitigations.
    • Updated the Exploit Test Tool with two additional return-oriented programming exploit techniques: “ROP – system() in msvcrt” and “ROP – WinExec() via anti-detour”.
    • Updated the Exploit Test Tool Manual with an important note (in paragraph 2.5.1) on testing in virtual environments, advantage of our hardware-assisted technology (paragraph 2.5) over software stack-based approaches and background information on the two new ROP tests.
    Remarks and known issues
    • Webcam Notifier works with webcams that use the Windows usbvideo.sys driver. Webcams using vendor specific drivers are currently not supported.
    • AutoIt applications like AdwCleaner show a warning when started. Temporarily disabling ‘Active vaccination’ in HitmanPro.Alert allows the AutoIt application to run.
    • The checkbox 'Show border around applications' under 'Safety notification' is currently checked and locked on purpose.
    • HitmanPro.Alert 3 is currently not compatible with Sandboxie on Windows Vista.
    • Sandboxie and Norton (Internet) Security can interfere with the drawing of the notification border around protected applications.
    • Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
    • The Export Address Table Access Filtering (EAF) module of Microsoft EMET 5.0 is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible.
      Microsoft EMET 4.1 Update 1 is fully compatible with HitmanPro.Alert 3.
    • Malwarebytes Anti-Exploit is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible
    • Wuala web access may trigger a BlockedProcess mitigation.
    Download
    http://test.hitmanpro.com/hmpalert3ctp3.zip

    Please uninstall previous versions of Alert before installing CTP3.

    Reporting issues
    Please report issues via PM or via email: erik@surfright.com.

    Please send me a PM if you need a product key for testing purposes.

    I want to thank the many Wilders forum members for testing the pre-release of CTP3. Without them this release would not be possible!

    Looking forward to hearing from you how this build runs on your computer :thumb:
     
    Last edited: Sep 3, 2014
  7. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    746
    CTP3 working flawlessly here, no complaints so far. :) How many more CTPs will there be before the final release?
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There will be a CTP4 and an RC (release candidate) before the release.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I've updated the CTP3 to build 79 due to a SoftwareRadar issue failing to detect QuickTime Player on some systems. Other than that nothing has changed.
     
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    645
    Erik, problem with Java 8.0 build 20 (Attack intercepted) and build 79. Sent you a mail with eventlog.
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I don't have it yet.
     
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    645
    Still no mail?
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    YES gottit!
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    645
    Confirmed?
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Not yet. Wuala works with Java 7 and not with Java 8 it seems. I am unsure how Java 8 and Wuala are related...
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    645
    Uninstalled build 79 and Wuala webaccess works fine with Java 8.0 build 20. System Explorer 5.9.3.xxx says its Java 8.0 build 20 (when opening Wuala webaccess).

    Edit: W7 64 bits and using IE11 to open Wuala webaccess.
     

    Attached Files:

    Last edited: Sep 2, 2014
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Oh I was using the Wuala desktop application (that needs Java 7). I was not aware of the web based version.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,234
    Location:
    USA
    I saw some of the same behavior with CPT3 as I did with CPT2. Immediately after installing CPT3 it started to scan my computer since I checked that option during installation. It then said the scan was cancelled. The scan had not canceled though because HMP continued with the scan, and completed the scan despite HMPA saying that the scan had been cancelled. Is this expected behavior?
     
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikoman

    Build 3.0.12.93 CPT3 working with no problems here.:thumb:
    Many thanks.

    Take Care
    TheQuest :cool:
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,234
    Location:
    USA
    I unburied the taskbar icon, and after rebooting it was buried once again. I had the same issue with CTP2.
     
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,234
    Location:
    USA
    I just disabled HMPA's safe browsing protection, and Exploit mitigation protection for Firefox. When I launch Firefox HMPA still reports that Firefox is being protected. I have to assume this would have to be a bug. The reason I was disabling protection for FF is because I just installed a browser plugin call Flash video Downloader, and after the plugin installs it gives the user a configuration window to configure the plugin to how the user likes. When I had HMPA enabled the plugin configuration window kept freezing so the plugin would never work. Maybe this was just coincidence, but after I disabled HMPA's protection for FF the plugin configuration window worked fine. I was then able to use the plugin. Also I have one question for you about browser protection. What is the difference in safe browsing protection, and application exploit mitigation protection. Firefox, and IE are list under both. I disabled FF protection under both, but HMPA still reports FF is being protected.
     
  22. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,850
    Quick question regarding licenses for HMP and HMP.Alert: If you uninstall the program, or reinstall Windows, will it allow you to use the same license, minus the time already used, or will it not allow you to use the license at all?
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,234
    Location:
    USA
    I can't answer your full question, but I just rolled my computer back to a time before I ever installed HMPA. After I installed it again on the same computer the trial license just left off with the time I had remaining before rolling my computer back. I guess that's good to know.
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I will try to reproduce. What version of Windows and Firefox are you using?
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes you can. Just re-enter the license.
     
Loading...