hjlbx

CLOSED HMP.A Breaks Emsisoft Behavior Blocker

Recommended Posts

  • EIS stable 7567
  • Windows 10 Pro Version 1703 OS Build 15063.413 64-bit

Frank, I have sent you a PM with the download link for the malware along with the password

Please take-down the video once you have grabbed it if you wish

Use the current stable or beta versions of HMP.A to replicate; all will give the same result = break the behavior blocker in this particular test scenario

The system after the second test after HMP.A has been installed alongside EIS is fully infected

I cut the video short before the launch of powershell and both it and wscript connecting out to the network

What the malware actually does is not important; HMP.A causing the behavior blocker not to react in this particular test is what is important

A demonstration of how piling other security softs on top of Emsisoft can negatively affect the behavior blocker; Emsisoft protected the system until another security soft - that was not needed - was added to the system

 

You have the sample and can fully replicate

Video removed by OP

 

 

 

Share this post


Link to post
Share on other sites

Hi ,

Well this clearly seems to be an incompatibility issue.

The problem is that HMP is messing up our exploit mitigation and we are most likely messing up HMP's exploit mitigation.

You have to exclude Winword in either EAM or HMP.A

Please let me know if that helps

cheers

 

 

Share this post


Link to post
Share on other sites
1 hour ago, Frank H said:

Hi ,

Well this clearly seems to be an incompatibility issue.

The problem is that HMP is messing up our exploit mitigation and we are most likely messing up HMP's exploit mitigation.

You have to exclude Winword in either EAM or HMP.A

Please let me know if that helps

cheers

 

 

Unfortunately, I made all the exclusions possible during that test and re-tests.

Co-excluding each product's folders in the other's results in the same behavior shown in the video.

Personally, I could care less about HMP.A as I don't use it, but I know many others here that do and like to combo it with Emsi.

 

 

Share this post


Link to post
Share on other sites

That is expected.

Co-Excluding both HMP.A and EIS makes no sense, you should exclude Winword. Did you do that ?

Being ccompatible with exploit mitigations is not something we advertise.

cheers

 

Share this post


Link to post
Share on other sites
21 minutes ago, Frank H said:

That is expected.

Co-Excluding both HMP.A and EIS makes no sense, you should exclude Winword. Did you do that ?

Being ccompatible with exploit mitigations is not something we advertise.

cheers

 

Excluding WinWord.exe in HMP.A fixes the behavior blocker; excluding WinWord.exe in Emsisoft does not fix HMP.A (stable or beta)

I am not saying there is a problem with Emsisoft; from what I see, HMP.A is the problem

 

I could care less about HMP.A - I don't use it - so  I am only submitting this issue to give you a heads-up

Users will have to test programs in a way to verify that HMP.A is not breaking Emsisoft's behavior blocker - and how many people are going to do that ?

Personally, I don't think people should combo anti-exploits with Emsisoft - but a lot of people do

 

Share this post


Link to post
Share on other sites

Thanks for your feedback.

Running multiple AV's concurrently is bad practice anyways. It will slow down your pc and might render it unstable.

This even is more valid for anti-exploit apps.

cheers

Share this post


Link to post
Share on other sites

FWIW:

HMPA Released Version and WIN 1067 64X play nicely with EMIS.

EMIS Behavior Blocker appears to be working fine.

I know of others, erudite on security, who are also using HMPA with EMAM.

Edit: oOps -- I didn't realize the subject was EMIS BETA when I posted.

Sorry

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.