Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Indeed, only browsers are monitored for modification.
Can I delete the files/folders in HMPA's folder in windows directory?
Yes you may delete them.
Is this the only directory where malicious files are kept? or does hmpa delete them?
Grrrrrrrr I am trying to shred them and I get this...
I had to disable hmpa to finish deleting the files
Shredding encrypts the shredded files first before deleting. If you want to shred, temporary disable cryptoguard.
I did that, thanks
Yes I know, but what I mean is: only the browser is scanned for malicious API hooks. HMPA does not care about API hooks in other processes. So you would think that hmpalert.dll only needs to be injected into browsers and apps with exploit protection.
But if I understand correctly, the only way to know which process (malicious or not) has modified the API hooks in the browser, is to check all injected code system wide, and you can only do that with the hmpalert.dll file, that needs to be injected into all processes.
The only reason why I brought this up is because I believe injecting hmpalert.dll into non-protected processes will cause problems sooner or later, but I may be wrong.
I forgot to ask, but is the "Hollow process" attack method only available for Win 32 bit systems? It's not possible to do this on Win 64 bit I assume?
Hi Rasheed, I sent you a PM regarding these and some other questions you asked via PM. Cheers, Mark
Thanks for the feedback.
Quick summary for other members:
1 Yes the "Hollow process" attack method is also available on Win 64 bit systems.
2 The hmpalert.dll file needs to be injected into ALL processes (instead of only in protected/monitored processes) because it gives HMPA a better chance to identify which app modified the API hooks in the browser. API hooks inside browsers are used by for example: AV, ad blockers and of course banking trojans.
Hi erikloman and markloman
Just starting getting this Expired pop-out on both IE and FF for some reason, can you shed any light on it please?
Thank you in advance.
I am seeing the same thing.
ah not just me then, i thought a new release must have have come out so they blocked this one, no announcement though.
Same here. Patience
May be HMPA v3 -CTP4 is on its way
We hear you guys.
The red flyout does not affect the mitigations.
CTP4 will be out very soon.
Many thanks for getting back .
The Alert has a Technical Details link. This will reveal the code in your browser.
This is a known issue with with CTP3. This should be fixed in CTP4 (will be out this week).
Can you send me the minidump?
Thanks for the report
when I tried to install hitmanpro alert from the installer that is in your signature it gives me an error
it isays application fail to install error 0.
There is [still] slowness in the loading of a webpage as indicated by the elements.
Please delete the C:\Program files (x86)\HitmanPro.Alert folder
How much slower? You should not see any slowdown with Alert.
Quite a bit!
Separate names with a comma.