HitmanPro.ALERT Support and Discussion Thread

Opening Windows Live Mail gave a Shell Code alert.

Erik, I will send you a PM with the details.

 

I get the same thing, every time I open WLM from IE11 I get a alert/crash, I had to uninstall!!

 

No need to uninstall, although you could go back to build 171 / 172. I've temporarily removed the mitigations on WLM until I hear from Erik.

 

Right im rolling back to 171

 

I got a similar BadUSB Alert with a wireless mouse receiver, so should be the same cause.

 

Also same thing here...

 

I had an alert about a new microsoft keyboard detected and shell code alert!

Win 8 x32

 

I've found just disabling Load Library mitigations stops the Shell Code alert when opening WLM.

 

The BadUSB got a different algorithm. So upgrading triggers the BadUSB alert. Fresh install does not. Just click Allow once and you are done. I will have a look to see if we can improve on this upgrade.

 

CryptoGuard is suppose to trigger because AxCrypt overwrites the file with random data which totally looks like encryption. If you use these tools, disable CryptoGuard temporarily.

 

The Shellcode mitigation is indeed under Load Library (as stated in the changelog). I was expecting several FPs because this is a new feature. I will push out an update today or tomorrow to address. Thanks for reporting

 

This is expected as CryptoGuard prevents mass file encryption. Using secure delete tools that first encrypt before deleting files triggers CryptoGuard. Temporary disable CryptoGuard before using tools that perform encryption before deletion like secure erasers.

 

Alert Windows Mail 2012 v16.4 with build 177/W7 64 bits.

.

 

Thanks for info Krusty

 

No encryption fly-out with an (un)sandboxed IE11 and build 177 (W7 64 bits). I see a green IE11 fly out.

Edit: no problems with the encryption fly-out with an (un)sandboxed Firefox 37.0.

 

HitmanPro.Alert 3.0.34 build 177 Release Candidate with DU Meter 6.40 (http://www.hageltech.com/dumeter/about) was alert. I doing disable IAT on DU Meter, did now not help.

 

HitmanPro.Alert 3.0.34 build 177 Release Candidate alert with wallmast.exe 4.0a

 

I would not know which one to target for hackers. This, I think nobody knows. Or do you?

 

I would now try to enable IAT filtering but disable Control Flow Integrity (ROP)

 

Thank you! Perfect!

 

Reporting on latest HitmanPro.Alert 3.0.30.177 RC :

1- At reboot after update from HitmanPro.Alert 3.0.30.172 and before login, HMP.Alert informed me that a new USB keyboard had been detected (there is no new USB keyboard and no new USB device whatever engaged). Of course I accepted.
2- Issue with xmplay.exe remains (Control-Flow Integrity), none when that mitigation only for xmplay.exe only, disabled.

 

Did you add a desktop wallpaper utility manually to HitmanPro.Alert? Why?
Do not randomly apply exploit mitigations to software that are not internet-facing. You can run into issues like this, especially with software that is built for Windows 98, NT, ME, 2000 and XP. You can disable Enforce DEP if you insist on running this software on your 64-bit Windows 7 machine.

 

Hey Mark,

Erik posted build 177 yet your signature has a link to build 176?

 

W7-x64, Uninstall hpa172 + clean install hpa177, hp240, IE11, FireFox 37.0, FireFox-nightly-x64 40.1a, Outlook-2003,.....

Running without problems, no BadUSB issues, I am not using Windows Live Mail (WLM).