Hitman Pro Alert

[chrlshlmn 36]

I am testing eset smart security 8 beta,I see that eset has a browser exploit.Do you think that I still should use hitman pro alert or just let eset take care of the browsers.I also use malwarebytes premium.Any suggestions or comments will be highly appreciated.Thank you very much.

[LabVIEW707 13]

MBAE is a lot better then HMP.Alert. MBAE actually got a perfect score of 100 during testing. You don't need MBAM Pro. Just disable MBAM Pro's real time and just use it as an on demand scanner.

[rugk 397]

MBAE is a lot better then HMP.Alert. MBAE actually got a perfect score of 100 during testing. You don't need MBAM Pro. Just disable MBAM Pro's real time and just use it as an on demand scanner.

If you claim something, please

1. provide a source

2.  

   a perfect score of 100

   what? 100 apples, bananas...?

[LabVIEW707 13]

Before you make such a reply I suggest you keep on your geek news. Hitman Pro.Alert is still very much in beta. They still have a stable version. But it only alerts you. Hence the name .alert. Malwarebytes Anti Exploit actually stops and prevents exploits in there tracks. 

 

hxxp://pcsl.r.worldssl.net/report/exploit/rce_mitigations_201408_en_malwarebytes.pdf

[rugk 397]

Thanks for the source.

And Malewarebytes Anti-Maleware got a score of 93.10 %, so it's not 100%.

 

And the Exploit Blocker was already there in v7. And for the browser protection I would at first ask the basically question what browsers are protected by ESET? (by MBAE it looks like it is only Internet Explorer)

[LabVIEW707 13]

MBAM got a perfect 100 in AV-Tests.org. Sorry not MBAM. MBAE covers ALL browsers. 

 

hxxp://www.av-test.org/en/news/news-single-view/17-software-packages-in-a-repair-performance-test-after-malware-attacks/

 

https://www.malwarebytes.org/antiexploit/

[SweX 871]

And the Exploit Blocker was already there in v7. And for the browser protection I would at first ask the basically question what browsers are protected by ESET?

Afaik all browsers, but the ESET Exploit Blocker does not only watch over our browsers though.

 

Exploit Blocker is an additional layer of protection that protects applications that are known as highly exploitable (e.g. browsers, mail clients, pdf readers). It is constantly gathering important information about interesting processes. On particular actions in the system performs check if exploit is executed. If so then HIPS blocks this operation to minimize the possibility of such exploits executing malicious activity.  

[rugk 397]

OK, but all browsers is a bit to much.

All major browser is OK, but it would be good if someone from ESET could confirm this.

[SweX 871]

Personally I still don't feel the need to run MBAM in realtime, or HMPA in any of my browsers at the moment.

 

As was mentioned above ESET's Exploit Blocker is also in V7, but it has been improved in V8 to be better against Java exploits. And If I remember correctly most of the missed ones in the PCSL test was just that, so V8 would probably have done a little bit better in that test.

[SweX 871]

OK, but all browsers is a bit to much.

All major browser is OK, but it would be good if someone from ESET could confirm this.

Too much? What do you mean 

 

Afaik it works independently of what browser, pdf reader, email client etc etc... you happen to use.

[LabVIEW707 13]

Nothing wrong with layered security. Hitman Pro.Alert as I said is very much still beta. And it only alerts. Does not remove or prevent. MBAM Pro is not really necessary when running Eset. But there is nothing wrong with MBAE. It is a very small program that just sits there and works effectively. 

[rugk 397]

Really? Independently?

I mean am exploit is AFAIK often caused by product specific bugs, so they can't create a all-in-one exploit protection. Every browser and other software will have different exploit "holes".

[SweX 871]

Really? Independently?

 Every browser and other software will have different exploit "holes".

I don't think that matters as it looks for behaviors and activities that are typical for exploits.

 

Exploit Blocker is designed to fortify application types on users’ systems that are often exploited, such as web browsers, PDF readers, email clients or MS Office components. It adds another layer of protection one step closer to attackers by using a technology that is completely different to techniques that focus on detection of malicious files themselves.

 

Instead, it monitors the behavior of processes and looks out for suspicious activities that are typical for exploits. When triggered, the behavior of the process is analyzed and, if considered suspicious, the threat may be blocked immediately on the machine, with further metadata about the attack being sent to our LiveGrid® cloud system. This information is further processed and correlated, which enables us to spot previously unknown threats, so called zero-day attacks, and provides our lab with valuable threat intelligence.

Edited August 29, 2014 by SweX

[Aryeh Goretsky 378]

Hello,

 

What exactly seems to be the problem?  Is an error reported?  If so, can you provide a screenshot, along with any other log files that ESET's engineers might look at?

 

Regards,

 

Aryeh Goretsky

[SweX 871]

Maybe i'm wrong, but I don't think the OP (Chris) has a problem, more of a general question if he should and can continue to use HMPA together with the V8 Beta, and if HMPA will work OK along the ESET Exploit Blocker. As they have worked fine for him when he used V7 Afaik.

[LabVIEW707 13]

You forgot that he is also using MBAM Pro. So he is wondering if all 3 will work together. But I suggest removing Hitman Pro.Alert and disabling MBAM Pro real time protection. Eset and MBAE play just fine together. My combo. 

[chrlshlmn 36]

Thanks to all for your suggestions and comments,SweX was correct I was asking which was more compatible hitman pro alert or malwarebytes anti exploit.If eset is more than enough I will remove hitman pro alert,or maybe use malwarebytes anti exploit.I don't have any issues or errors.Or do I need any browser protection other than eset.

Edited August 30, 2014 by chrlshlmn

[TomFace 539]

I have used Eset SS7, MBAM Pro and HMP Alert for sometime-I have not had any issues. Maybe it's overkill, but I believe in a layered set up and it works for me. Now if things will be very different in SS v8.0-I'll look at it.  

Edited August 30, 2014 by TomFace

[chrlshlmn 36]

Yes TomFace I use that setup also,my question was what about malwarebytes anti exploit  being added or just hmpa,which offer better protection or is eset browser exploit efficient enough.Thank you very much 

[SweX 871]

Concerning Malwarebytes anti-exploit. They have both a free and premium version, the MBAM website has a comparison chart of what the difference is between the two. The Free version covers only Browsers, Browser Addons, and Java.

In that sense the ESET Exploit Blocker covers more such as e-mail clients, pdf readers etc...

 

HMPA is not only for exploits. And HMPA V.3 will be more advanced.

If I remember correctly then I believe HitmanPro license holders will be able to use HMPA v3 for free when it is released. Included in the HMP license.

 

The ESET Exploit Blocker is not only for browser but covers more apps than that. Obviously you should keep the ESET Exploit Blocker enabled at all times. 

 

Between the Free MBAE and HMPA I would go with HMPA then I have V3 in mind. I think its worth to mention that it was MBAE premium that was included in the PCSL test not the free version. 

 

But if you/we really need MBAE and/or HMPA I think its best for each user to decide that. 

Edited August 30, 2014 by SweX

[TomFace 539]

Very well put SweX! The way I look at it, as long as there is no conflict, nor (major) system slow down, I sleep well at night.

[SweX 871]

 Yeah, seeing it from the big picture like you, I think that's a good summary of it.   Of course if a user sees an error message or maybe even get a system crash it's important to remember that you use more than one sec app, as one of the apps could have received an update that for some reason made it work less good with its companions in crime the security arsenal. And then start to troubleshoot to find the culprit.

Edited August 30, 2014 by SweX

[chrlshlmn 36]

Thank you SweX yes I do have hmpa  enabled and I always use Eset Exploit Blocker enabled.I wanted to see the pros and cons of each.Thank you very much.I will keep the configuration I am currently using without any issues,errors etc......Thanks.

[TomFace 539]

Besides nothing is 100%, and all these programs look at thing a little bit differently. So.....  CYA (I guess).

[Zeroday1 0]

Nothing wrong with layered security. Hitman Pro.Alert as I said is very much still beta. And it only alerts. Does not remove or prevent. MBAM Pro is not really necessary when running Eset. But there is nothing wrong with MBAE. It is a very small program that just sits there and works effectively. 

Hitman Pro Alert actually does prevent a lot of bad exploits from taking place on a system level as well as from within all installed browsers. In fact, HMPA does so well, that about less than a month ago, it was actually preventing the current version of my Comodo Ice Dragon Browser from even opening, citing a shell-code mitigation. I even submitted a ticket to the company about it since after attempting to contact Comodo, I didn't get very far with them. When I received a response back from SurfRight, they said that they were aware of it and were working on a fix in a new build. Yes they've had many beta builds. Everybody knows that, but the stable builds they've provided work and they work very well. And the exploit mitigations and application configurability are far more extensive than MalwareBytes AntiExploit---without question.

 

I'm not knocking MalwareBytes. I think MBAM is a great product and should be employed by every computer user as an integral part of keeping oneself secure, but as far as system hardening is concerned, the latest version of HitmanPro Alert has a vastly greater array of exploit mitigation options available and goes way above and beyond what MBAE has to currently offer.

 

Anyway, I'm not surprised that HitmanPro Alert 3 intercepted this shell-code attack when I attempted to open my Comodo Ice Dragon browser. Comodo has always traditionally used older versions for use in creating their Mozilla-based browser using the Firefox Open Source project. SurfRight wasn't very specific with me as to what caused HMPA to intercept the attack vector, but it certainly seems possible that it could have to do with an inherent flaw that plagued Comodo Ice Dragon at the time. It would seem more likely from my own investigation of the matter.

 

HitmanPro Alert doesn't just simply alert, it protects users from many things by for example using sand-boxing technology, anti-keylogging, it also prevents process hollowing and sandbox-aware malware and it even has a crypto-guard feature to prevent ransomware from infiltrating the OS. If you're still using a beta version which does not provide this functionality, then maybe that's the problem. EMET doesn't even come close to providing the protections that the latest version of HitmanPro Alert 3 does and MBAE also lags way behind HMPA 3.

 

My experience with Comodos Ice Dragon browser proves exactly what HitmanPro Alert claims it does----by locking down back-door access and preventing exploits and other various attacks. Its interception capabilities and stable operation for Windows is without equal as far as system-hardening is concerned. In all my testing, I have not even run into any compatibility issues with HitmanPro Alert either.

 

Of course, that's not to say that HMPA is the perfect answer to complete system security-------but if any software even comes close to such a concept, I'd say the engineers at SurfRight are about the closest any pc-owner is going to get, by providing this comprehensive exploit mitigation tool-------Think of it as the mortar between the security bricks that make up your system's firewall-------if these holes are not filled-------then one would certainly be leaving themselves open to attack.

 

In today's ever-increasing cyber landscape of APT's and Zeroday exploits, a lacadasical approach to system hardening simply flies in the face of the logial concept of applications-layering. It would be foolish to think one has enough security in place while at the same time still leaving gaping holes open to cyberspace.

Edited October 31, 2015 by Zeroday1