HitmanPro.Alert 3 version 3.x

[Tony Cole]

I have spoken with Kaspersky tech support 4-5 times in the UK, it's free and they are very helpful. Remote connection to solve one issue and GSI logs for a Blue Screen. When I spoke with Kaspersky tech support they explained the following: with regards to HMPA, unless Kaspersky test(s) the product and verify 1) it's safe and 2) it works/is fully compatible with all their products, then and only then will they certify it as compatible.

 

[Alexstrasza]

My friend tried HMPA along with Emsisoft Internet Security 9, after giving it a try he removed HMPA and got a BSOD with this message from BlueScreenViewer: IRQL_NOT_LESS_OR_EQUAL This was probably caused by the following module: ntoskrnl.exe. After reboot all was fine, and he removed the HMPA drivers from System32. Is this normal, or due to Emsisoft?

Probably not Emsisoft, because I installed and removed HMP.A 3 RC and did not get anything.

Which version of HMP.A did your friend use?

 

[soccer97]

My friend tried HMPA along with Emsisoft Internet Security 9, after giving it a try he removed HMPA and got a BSOD with this message from BlueScreenViewer: IRQL_NOT_LESS_OR_EQUAL This was probably caused by the following module: ntoskrnl.exe. After reboot all was fine, and he removed the HMPA drivers from System32. Is this normal, or due to Emsisoft?

I believe that this BSOD was the one that I received back when I used Kaspersky Pure 3.0. If it wasn't that, it was a memory or graphics error. Sorry I can't be more specific, it was 3 months ago.

 

[Tony Cole]

It was the latest version downloaded from Wilders Security forum. His laptop was fine until he unistalled HMPA, but he never rebooted he paused it. Could that be a factor?

 

[Alexstrasza]

Ask if your friend has the hotfix that EIS requires installed.

 

[Tony Cole]

Yes, I was looking at this, he is using Windows 8.1 and Emsisoft state it's not needed for Windows 8?

 

[CWEric]

For me there is a conflict when using Hitman Pro Alert and Kaspersky. On Chrome Kaspersky Web Anti-Scanner does not seem to work with Hitman Pro Alert active. It won't show the clean/infected icon next to the links on search results. Disabling the SEHOP on Hitman Pro Alert exploit migration controls for Chrome fixes it though. Kaspersky Web Anti-Scanner works fine with Internet Explorer and Firefox with Hitman Pro Alert fully active. Hoping this is a good place to bring this issue to Hitman Pro Alert developer team.

 

[soccer97]

My friend tried HMPA along with Emsisoft Internet Security 9, after giving it a try he removed HMPA and got a BSOD with this message from BlueScreenViewer: IRQL_NOT_LESS_OR_EQUAL This was probably caused by the following module: ntoskrnl.exe. After reboot all was fine, and he removed the HMPA drivers from System32. Is this normal, or due to Emsisoft?

This may or may not be useful for you, but if nothing else it provides more information about that error message from Microsoft:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff560129(v=vs.85).aspx

Hope it helps.

 

[Erik Loman]

For me there is a conflict when using Hitman Pro Alert and Kaspersky. On Chrome Kaspersky Web Anti-Scanner does not seem to work with Hitman Pro Alert active. It won't show the clean/infected icon next to the links on search results. Disabling the SEHOP on Hitman Pro Alert exploit migration controls for Chrome fixes it though. Kaspersky Web Anti-Scanner works fine with Internet Explorer and Firefox with Hitman Pro Alert fully active. Hoping this is a good place to bring this issue to Hitman Pro Alert developer team.

Where can this "Kaspersky Web Anti-Scanner" be accessed (url)?

 

[soccer97]

Where can this "Kaspersky Web Anti-Scanner" be accessed (url)?

I think he means Anti-Banner. It is basically an Ad-Blocking Software for Internet Browsers (Similar to AdBlock Plus for Firefox or Google Chrome Browser). The purpose is to prevent ads from displaying, and reduce ad exposure thereby avoiding malicious iframes and redirected ads, etc. Here's a link to the KB Article: http://support.kaspersky.com/search?query=Anti-Banner&sec=SupportHome

Did you ever get my PM about the incompatibilities by the way?

Random question, but out of curiosity and before I install it, has anyone tested it with Microsoft's EMET 5.2?

Link: https://www.microsoft.com/en-us/download/details.aspx?id=46366

 

[Erik Loman]

I think he means Anti-Banner. It is basically an Ad-Blocking Software for Internet Browsers (Similar to AdBlock Plus for Firefox or Google Chrome Browser). The purpose is to prevent ads from displaying, and reduce ad exposure thereby avoiding malicious iframes and redirected ads, etc. Here's a link to the KB Article: http://support.kaspersky.com/search?query=Anti-Banner&sec=SupportHome

Did you ever get my PM about the incompatibilities by the way?

Random question, but out of curiosity and before I install it, has anyone tested it with Microsoft's EMET 5.2?

Link: https://www.microsoft.com/en-us/download/details.aspx?id=46366

Thanks for clarification.

EMET 5.2 + Alert 3 are currently incompatible. EMET 5.1 or older is compatible with Alert 3.

 

[Tony Cole]

Just to verify that HitmanPro.Alert works okay with Kaspersky Internet Security 2015 MR2 (a) Anti-Banner, on my machine it's running great. One question, when a new beta is released do I have to uninstall the old version first?

 

[CWEric]

I guess its call Kaspersky URL advisor. http://support.kaspersky.com/6318 (I have Internet Security 2015).

Edit: Appears to be working fine now. Not sure if its a restart that did it.

 

[david8]

I got an alert when installing Flash Player. Very likely a false postive

Mitigation Lockdown

Platform 6.3.9600/x64 06_45
PID 7064
Application D:\Stažené\install_flashplayer17x32_mssd_aaa_aih(1).exe
Description Adobe Installation Helper 2.0.2

Filename C:\Users\David\AppData\Local\Adobe\AIH.ebcab9cc14101c580c25511660b8e1d7906930db\gtbcheck.exe

Command line:
"C:\Users\David\AppData\Local\Adobe\AIH.ebcab9cc14101c580c25511660b8e1d7906930db\gtbcheck.exe"

More info: App was put in exploit mitigations with no template. I activated and deactivated exploit protection for FP installer and it was working.

 

[david8]

Now it blocked MBAM

Mitigation Lockdown

Platform 6.3.9600/x64 06_45
PID 1248
Application D:\Stažené\mbam-setup-2.1.4.1018(1).exe
Description Malwarebytes Anti-Malware 2.1.4

Filename C:\Users\David\AppData\Local\Temp\is-HOM2H.tmp\mbam-setup-2.1.4.1018(1).tmp

Command line:
"C:\Users\David\AppData\Local\Temp\is-HOM2H.tmp\mbam-setup-2.1.4.1018(1).tmp" /SL5="$40A70,21102078,56832,D:\Stažené\mbam-setup-2.1.4.1018(1).exe"

 

[Erik Loman]

HitmanPro.Alert 3 build 178 Release Candidate

Changelog (compared to build 155)

• Improved Lockdown mitigation to enforce safe execution of VBScript.
  This mitigates the exploitation technique known as "VBScript God Mode".
• Improved Load Library mitigation to detect shellcode.
• Improved Load Library mitigation to detect reflective loaded libraries.
• Improved branch-based hardware-assisted ROP mitigation (part of Control-Flow Integrity).
• Improved software-based ROP mitigation (part of Control-Flow Integrity).
• Improved IAT Filtering.
• Improved Dynamic Heap Spray mitigation.
• Improved CryptoGuard mitigation, specifically protection of connected network drives.
• Improved BadUSB mitigation.
• Improved Enforce DEP mitigation.
• Improved Safe Browsing intruder alert, which now also shows the correct technical details.
• Improved Software Radar.
• Improved compatibility with EMET 5.1.
• Improved compatibility with Sandboxie 4.16.
• Fixed upgrade from HitmanPro.Alert version 2 to version 3. In previous builds, the upgrade could affect the functionality of the existing connected keyboard.

Known Issues
Alert 3 is currently incompatible with EMET 5.2.
Alert 3 is compatible with EMET 5.1 or older.

Download
http://test.hitmanpro.com/hmpalert3b178.exe

Please let me know how this version runs on your computer :thumb:

 

[Erik Loman]

Now it blocked MBAM

Mitigation Lockdown

Platform 6.3.9600/x64 06_45
PID 1248
Application D:\Stažené\mbam-setup-2.1.4.1018(1).exe
Description Malwarebytes Anti-Malware 2.1.4

Filename C:\Users\David\AppData\Local\Temp\is-HOM2H.tmp\mbam-setup-2.1.4.1018(1).tmp

Command line:
"C:\Users\David\AppData\Local\Temp\is-HOM2H.tmp\mbam-setup-2.1.4.1018(1).tmp" /SL5="$40A70,21102078,56832,D:\Stažené\mbam-setup-2.1.4.1018(1).exe"

With what program did you download the binary? If that program is in Application Lockdown (and not under Browsers) then it is suppose to block. Application Lockdown should only be set on application that DO NOT produce executables (like Word, Excel, Adobe Reader, etc). Browsers are treated special.

Please let me know which program you are downloading the executables with and wether it is listed under Browsers or other template.

 

[david8]

Wiht what program did you download the binary? If that program is in Application Lockdown (and not under Browsers) then it is suppose to block. Application Lockdown should only be set on application that DO NOT produce executables (like Word, Excel, Adobe Reader, etc). Browsers are treated special.

Please let me know which program you are downloading the executables with and wether it is listed under Browsers or other template.

It was downloaded from website with my Firefox...

 

[Erik Loman]

It was downloaded from website with my Firefox...

Did you receive the link of the download via a chat session (Skype)?

 

[david8]

Did you receive the link of the download via a chat session (Skype)?

No, just visited their website from browser