HitmanPro.ALERT Support and Discussion Thread

Thank you, my mistake.

 

It had some concerns when I got the update notification, and after reading posts #5407 and #5411


When I saw the pathway of the executable after I had booted [2nd boot after the system became unresponsive] into my HMPA snapshot [after sixs day away from it], I thought something was up...Anyway, I went ahead with the upgrade, and it subsequently was fine after the reboot.

Spoiler: screenshots

 

1 machine, Trend Micro, the other one, nothing just to eliminate conflicts.

 

Hiltihome said: ↑
It does make no difference for me, whether HMP.A is excluded in MBAM, or not.
With HMP.A installed, there is no notification from MBAM and domain exclusions are not honored.

This happens on both machines, that have MBAM and HMP.A installed.
See my signature.

Glad to know.
Will there be a fix soon, or is there non, by design?

 

This is not by design. We are looking into the issue though we are understaffed at the moment (due to RSAC). Problem only occurs on Windows 8.

 

@erikloman

I had an issue in which VLC media player took 3:00 minutes to open.
Disabling HMPA 3.0.39.184 exploit mitigation for VLC media player didn't help.
Trying to add an exclusion for VLC media player didn't work.
So I decided to uninstall HMPA3 to diagnose the issue.
Uninstalling HMPA3 and rebooting solved the problem.
Next I reinstalled HMPA 3.0.39.184 and rebooted. The VLC media player issue is still gone. Great!
So the issue was not HMPA3 related, or it was some temporal issue of some kind, hard to determine what was the cause.

The good thing of temporarily uninstalling HMPA3 was that I was able to check two previously mentioned issues,
1. the print and print preferences delay when printing from Vista x86 IE9,
and 2. the issue not being able to download Realtek HD Audio 2.76 from the Realtek site using Vista x86 IE9.
Regarding that second issue, heikwith reported that issue did not seem to be HMP3 related.

With HMPA3 not installed I found out that G Data Internet Security's new version 25.0.1.0.3 Exploit Protection component is the cause of the the print and print preferences delay when printing from Vista x86 IE9.
This must've been introduced with G Data's recent new version 25.0.1.0.3, as before G Data's Exploit Protection did not delay print and print preferences when printing from Vista x86 IE9.
I reported to G Data.
One potential HMPA3 issue that can be crossed from the list.

And with HMPA3 not installed I took the opportunity to test the Realtek HD Audio 2.76 download.
That still doesn't work with my Vista x86 IE9, for some reason.
This confirms heikwith's report that this issue is not HMPA3 related.
So that's a second potential HMPA3 issue that can be crossed from the list (if not already).

 

The only issue (reproducible) I'm seeing with 3.0.39 184 is a crash in Outlook.exe if Load Library is enabled in Mitigations. It has to do with Outlook attempting to load a COM add-in called gSyncit that I use for calendar and contact sync. Disabling Load Library solves the problem; enabling all other mitigations for Outlook is fine.

From the event log:

Faulting application name: OUTLOOK.EXE, version: 14.0.7147.5001, time stamp: 0x5512c673
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3e0
Exception code: 0xc0000374
Fault offset: 0x000cea0b
Faulting process id: 0x2588
Faulting application start time: 0x01d07d7f1c36dae0
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 5d4c9100-e972-11e4-a0be-8474b48a0c84

 

I am not seeing Outlook in Exploit mitigation, I do see Excel, PP and Word. I am using Outlook 2013 (subscription for Office 365). I wonder if this is a know exclusion or do I need to change something to have it included?

 

Outlook is not added by default. I added it since its internet facing.

You can add Outlook easily by running it first, then go to the HMPA UI and click on Exploit Mitigations. There's a link for "running applications" on the next screen.

 

C0000374 means STATUS_HEAP_CORRUPTION. I will have a look if I can reproduce it by installing gSyncit as well.

 

Ah, thank you Victek, I did not know how to add an application. I am brand new to HMPA and am still learning functionality.

 

Please see this post from Eric Loman on this topic: https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-194#post-2478154

 

Well, I'm out of luck, I really wanted to buy HMPA, but v 184 still makes Sandboxie malfunction, I'm getting errors. I wonder what's so different about my machine that I'm getting these problems. Too bad that HMPA relies on injecting code in almost all processes, as you guys have seen, some apps just don't like this. BTW, I saw in some other thread that Kaspersky also has a feature that works exactly like CryptoGuard, I wonder who came up with this idea first.

 

Do you use Windows Vista? Sandboxie, Vista and hmp.alert 3 wont work...

 

Build 184 allows exlude. Just add the app to exclude. Problem is Vista + Sandboxie + Alert. If you upgrade Vista you can run both.

 

Actually, I tried to exclude stuff, but this feature didn't seem to work. Also, this wouldn't solve my problem anyway, because even when I turn off exploit protection, I still get those errors. For some reason, Sandboxie does not seem to like HMPA, at least on my system. I like the concept of HMPA, but sadly enough, for now I will have to look for another solution.

 

Logboeknaam: Application
Bron: Windows Error Reporting
Datum: 25-4-2015 7:54:55
Gebeurtenis-id:1001
Taakcategorie: Geen
Niveau: Informatie
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Foutbucket 50, type 5
Naam van gebeurtenis: BEX
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0

Handtekening van probleem:
P1: hmpalert.exe
P2: 3.0.39.184
P3: 55379a55
P4: unknown
P5: 0.0.0.0
P6: 00000000
P7: 00000000
P8: c0000005
P9: 00000008
P10:

Build 184/W7 64 bits.

 

Logboeknaam: Application
Bron: Windows Error Reporting
Datum: 24-4-2015 18:23:43
Gebeurtenis-id:1001
Taakcategorie: Geen
Niveau: Informatie
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Foutbucket , type 0
Naam van gebeurtenis: BEX
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0

Handtekening van probleem:
P1: hmpalert.exe
P2: 3.0.39.184
P3: 55379a55
P4: hmpalert.exe
P5: 3.0.39.184
P6: 55379a55
P7: 001f2c18
P8: c0000417
P9: 00000000
P10:

Build 184/W7 64 bits.

 

@ Peter2150

I'm afraid that doesn't work, it's the exact same problem that I always had with HMPA. For some reason, SBIE does not like it when HMPA injects code into its process, it's probably too difficult to figure out why I'm one of the few people who has this problem. The only other apps that I'm running are EXE Radar and Win Firewall Control 4. MBAE is also installed but not running, and it shouldn't interfere because it does not inject code into all processes.

 

Logboeknaam: Application
Bron: Windows Error Reporting
Datum: 26-4-2015 10:42:09
Gebeurtenis-id:1001
Taakcategorie: Geen
Niveau: Informatie
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Foutbucket , type 0
Naam van gebeurtenis: APPCRASH
Antwoord: Niet beschikbaar
Id van CAB-bestand: 0

Handtekening van probleem:
P1: hmpalert.exe
P2: 3.0.39.184
P3: 55379a55
P4: hmpalert.exe
P5: 3.0.39.184
P6: 55379a55
P7: 40000015
P8: 001edd23
P9:
P10:

Logboeknaam: Application
Bron: Application Error
Datum: 26-4-2015 10:42:03
Gebeurtenis-id:1000
Taakcategorie: (100)
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Naam van toepassing met fout: hmpalert.exe, versie: 3.0.39.184, tijdstempel: 0x55379a55
Naam van module met fout: hmpalert.exe, versie: 3.0.39.184, tijdstempel: 0x55379a55
Uitzonderingscode: 0x40000015
Foutoffset: 0x001edd23
Id van proces met fout: 0x310
Starttijd van toepassing met fout: 0x01d07ffc5af9c329
Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pad naar module met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

W7 64 bits/build 184/Norton Security with backup 2015.

 

Heb je ook een dump? Daar kan ik veel meer mee dan dit rapport. Thanks!

 

Check mail