hjlbx 2 Posted June 16, 2017 Report Share Posted June 16, 2017 EIS stable 7567 Windows 10 Pro Version 1703 OS Build 15063.413 64-bit Frank, I have sent you a PM with the download link for the malware along with the password Please take-down the video once you have grabbed it if you wish Use the current stable or beta versions of HMP.A to replicate; all will give the same result = break the behavior blocker in this particular test scenario The system after the second test after HMP.A has been installed alongside EIS is fully infected I cut the video short before the launch of powershell and both it and wscript connecting out to the network What the malware actually does is not important; HMP.A causing the behavior blocker not to react in this particular test is what is important A demonstration of how piling other security softs on top of Emsisoft can negatively affect the behavior blocker; Emsisoft protected the system until another security soft - that was not needed - was added to the system You have the sample and can fully replicate Video removed by OP Link to post Share on other sites
Frank H 108 Posted June 16, 2017 Report Share Posted June 16, 2017 Hi , Well this clearly seems to be an incompatibility issue. The problem is that HMP is messing up our exploit mitigation and we are most likely messing up HMP's exploit mitigation. You have to exclude Winword in either EAM or HMP.A Please let me know if that helps cheers Link to post Share on other sites
hjlbx 2 Posted June 16, 2017 Author Report Share Posted June 16, 2017 1 hour ago, Frank H said: Hi , Well this clearly seems to be an incompatibility issue. The problem is that HMP is messing up our exploit mitigation and we are most likely messing up HMP's exploit mitigation. You have to exclude Winword in either EAM or HMP.A Please let me know if that helps cheers Unfortunately, I made all the exclusions possible during that test and re-tests. Co-excluding each product's folders in the other's results in the same behavior shown in the video. Personally, I could care less about HMP.A as I don't use it, but I know many others here that do and like to combo it with Emsi. Link to post Share on other sites
Frank H 108 Posted June 16, 2017 Report Share Posted June 16, 2017 That is expected. Co-Excluding both HMP.A and EIS makes no sense, you should exclude Winword. Did you do that ? Being ccompatible with exploit mitigations is not something we advertise. cheers Link to post Share on other sites
hjlbx 2 Posted June 16, 2017 Author Report Share Posted June 16, 2017 21 minutes ago, Frank H said: That is expected. Co-Excluding both HMP.A and EIS makes no sense, you should exclude Winword. Did you do that ? Being ccompatible with exploit mitigations is not something we advertise. cheers Excluding WinWord.exe in HMP.A fixes the behavior blocker; excluding WinWord.exe in Emsisoft does not fix HMP.A (stable or beta) I am not saying there is a problem with Emsisoft; from what I see, HMP.A is the problem I could care less about HMP.A - I don't use it - so I am only submitting this issue to give you a heads-up Users will have to test programs in a way to verify that HMP.A is not breaking Emsisoft's behavior blocker - and how many people are going to do that ? Personally, I don't think people should combo anti-exploits with Emsisoft - but a lot of people do Link to post Share on other sites
Frank H 108 Posted June 16, 2017 Report Share Posted June 16, 2017 Thanks for your feedback. Running multiple AV's concurrently is bad practice anyways. It will slow down your pc and might render it unstable. This even is more valid for anti-exploit apps. cheers Link to post Share on other sites
HAWKI 7 Posted June 24, 2017 Report Share Posted June 24, 2017 FWIW: HMPA Released Version and WIN 1067 64X play nicely with EMIS. EMIS Behavior Blocker appears to be working fine. I know of others, erudite on security, who are also using HMPA with EMAM. Edit: oOps -- I didn't realize the subject was EMIS BETA when I posted. Sorry Link to post Share on other sites
Recommended Posts