HitmanPro.Alert 3 version 3.x

[Erik Loman]

Can you also use it with Malwarebytes Anti-Exploit?

Alert 3 does run together with MBAE. Both it does not make sense to run both. Either use EMET, MBAE or Alert 3 for exploit mitigations. Running a combination of these is not recommended as protection would be redundant and harming performance.

 

[Tony Cole]

Today I have tried to install Kaspersky Internet Security 2015 MR2 on to my new work laptop. I have the current version of HitmanPro.Alert installed before I installed Kaspersky. Kaspersky will NOT update it's databases, however, remove HitmanPro.Alert and it will. I have once again contacted Kaspersky tech support on UK number 0871 7891631 and they have stated, your product is not compatible with their software.

 

[Erik Loman]

HitmanPro.Alert 3 build 172 Release Candidate

Changelog

• Improved CryptoGuard mitigation
• Improved ROP mitigation
• Improved HeapSpray mitigation
• Improved Hardware-Assisted Exploit Mitigations
• Improved compatibility with EMET 5.1
• Improved compatibility with Sandboxie 4.16
• Fixed BSOD on some systems
• Various small internal fixes

Download
http://test.hitmanpro.com/hmpalert3b172.exe

Please let me know how this version runs on your computer :thumb:

 

[hjlbx]

Yes it was HitmanPro.Alert - Kaspersky would not load, nor update. I sent a GSI report to their tech team for an analysis, they got back to me and said HitmanPro.Alert was blocking Kaspersky, and said it was not compatible with their software.

Today I have tried to install Kaspersky Internet Security 2015 MR2 on to my new work laptop. I have the current version of HitmanPro.Alert installed before I installed Kaspersky. Kaspersky will NOT update it's databases, however, remove HitmanPro.Alert and it will. I have once again contacted Kaspersky tech support on UK number 0871 7891631 and they have stated, your product is not compatible with their software.

Yes. Kaspersky and HitmanPro.Alert are not compatible at this time according to Kaspersky engineering support.

Just because the problem arises when HMPA is installed, does not necessarily mean that HMPA is the real problem.

It could be entirely due to Kaspersky, but the engineer's are probably not inclined to investigate the issue any further than to just state "Not Compatible."

For example, if I try to use Emsisoft Internet Security with Oracle's Virtual Box it causes a BSOD due to the Virtual Box bridge network. The bridged network is entirely an Oracle issue over which Emsisoft has no control or work-around. Until Oracle changes the bridged network driver its no dice. I don't think Oracle will fix it. So what is Emsisoft to do except advise users of the conflict?

Same type of scenario is possible between Kaspersky and SurfRight.

It's an incredible challenge getting the average software to work well with everything, let alone something as complex HMPA. From what I can tell it's quite a piece of software engineering.

 

[Alexstrasza]

For example, if I try to use Emsisoft Internet Security with Oracle's Virtual Box it causes a BSOD due to the Virtual Box bridge network. The bridged network is entirely an Oracle issue over which Emsisoft has no control or work-around. Until Oracle changes the bridged network driver its no dice. I don't think Oracle will fix it. So what is Emsisoft to do except advise users of the conflict?

There is a workaround for that - install EIS first, then during the installation of VirtualBox select Custom Installation and deselect the Bridged Networking option. I installed VirtualBox that way, no problem at all.

Sadly there isn't any for the Kaspersky/HitmanPro.Alert issue though.

 

[Erik Loman]

There is a workaround for that - install EIS first, then during the installation of VirtualBox select Custom Installation and deselect the Bridged Networking option. I installed VirtualBox that way, no problem at all.

Sadly there isn't any for the Kaspersky/HitmanPro.Alert issue though.

If someone can let us have a remote look then we can investigate. In our labs we are unable to reproduce. Tried 3 different machines. All update just fine to latest definitions.

Maybe there is a third component?

 

[Alexstrasza]

Wish I can help you Erik, but my Kaspersky days are over. I used Kaspersky Endpoint Security (the enterprise product) though, so it might be different.

 

[hjlbx]

If someone can let us have a remote look then we can investigate. In our labs we are unable to reproduce. Tried 3 different machines. All update just fine to latest definitions.

Maybe there is a third component?

Hello Erik,

I suggest sending a PM to Tony Cole. I know him from the boards...and I know he'd really like to get the two softs to work together.

If there's no response I have Kaspersky installed on my system. I'll give HMPA a spin and see if I can replicate the issue.

If I can reliably replicate the quirk I will PM you via Wilders.

 

[Tony Cole]

May be it's me, when I installed the latest MR2 on to my old laptop, the virus definitions would not update, kept failing, then I had to click to start again. When I removed HMPA rebooted it updated. I have installed this new version as I really like HMPA and think it's an excellent product and all is fine. I did have Malwarebytes Anti-Exploit and CryptoPrevent installed, could that be why? Also sometimes, when I click scan (I have HitmanPro installed before I installed HMPA/have year license key for it) it get's to 99% and goes no further?

 

[Erik Loman]

Good to hear it is working now with Kaspersky. If it doesn't let me know.

How long does HitmanPro stick at 99%? How long did you wait? or cancel it?

 

[Tony Cole]

It get's stuck on WWLan.API.dll and after 10 or so minutes I cancelled the scan, but HitmanPro I had to close with task manager

 

[Tony Cole]

Is CryptoPrevent okay to use with HMPA, or do they do the same thing i.e., CryptoGuard? CryptoPrevent is good, but all the windows updates I tried to install failed.

 

[Tony Cole]

Also another question, how do I get HMPA to work with Sandboxie 4.16? I have been following all your posts on Wilders Security, but all that tech stuff goes over my head

 

[hjlbx]

May be it's me, when I installed the latest MR2 on to my old laptop, the virus definitions would not update, kept failing, then I had to click to start again. When I removed HMPA rebooted it updated. I have installed this new version as I really like HMPA and think it's an excellent product and all is fine. I did have Malwarebytes Anti-Exploit and CryptoPrevent installed, could that be why? Also sometimes, when I click scan (I have HitmanPro installed before I installed HMPA/have year license key for it) it get's to 99% and goes no further?

This is just a suggestion...

Even though I think MBAE and HMPA are now compatible, I would stick with one. Plus, CryptoPrevent could potentially be throwing too much into the mix.

Have you tried uninstalling MBAE and CryptoPrevent and using only HMPA?

 

[Tony Cole]

Yes I have removed both, CryptoPrevent made Windows updates fail and all is working okay, I think.....

 

[hjlbx]

I do not know too much about FoolishIT's products, but I think CryptoPrevent uses Windows software restriction policies + some malware definitions. It essentially "locks-down" parts of the system. AppGuard does the same and prevents Windows Updates also.

 

[Alexstrasza]

I do not know too much about FoolishIT's products, but I think CryptoPrevent uses Windows software restriction policies + some malware definitions. It essentially "locks-down" parts of the system. AppGuard does the same and prevents Windows Updates also.

Depends on which option you use - the beta maximum protection option is the one you're referring to. The free version only does a policy lockdown, no signatures.

 

[Erik Loman]

Also another question, how do I get HMPA to work with Sandboxie 4.16? I have been following all your posts on Wilders Security, but all that tech stuff goes over my head

Sandboxie users must add \Device\NamedPipe\hmpalert to Full Access.

We've contacted Sandboxie last year, haven't heard from them since. Maybe you guys can try contacting them so they can add automatic rules when Alert is installed.

 

[soccer97]

Good to hear it is working now with Kaspersky. If it doesn't let me know.

How long does HitmanPro stick at 99%? How long did you wait? or cancel it?

This is better news. If anyone is having issues with Kaspersky products, you basically have to run traces (it is very verbose logging), and you reproduce the issue wait 30 seconds, then stop traces. Submit a support request through My Kaspersky Account, and be sure to include your valid license key with the request. Steps to run traces are available in their KB articles. Note that you must reply to their auto generated initial email to get a human to respond to the support ticket. Attach the traces with the support request. It may be helpful to also use the Live Chat feature to get it assigned to a technician. Sadly, Kaspersky's support has decreased over the past few years. Maybe if the incident is directly related to Hitman Pro, then you could PM Erik with the request # but that is his decision, not mine. (Erik: If you want this post edited let me know).

 

[Tony Cole]

My friend tried HMPA along with Emsisoft Internet Security 9, after giving it a try he removed HMPA and got a BSOD with this message from BlueScreenViewer: IRQL_NOT_LESS_OR_EQUAL This was probably caused by the following module: ntoskrnl.exe. After reboot all was fine, and he removed the HMPA drivers from System32. Is this normal, or due to Emsisoft?