HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Hi SM
    Yes, I C bogus encrypting flyout in WordPad. Bizarre. :confused:
    188 + W8.1 x64
     
    Last edited: May 27, 2015
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Confirmed for Windows WordPad on Windows Vista x86 as well as Windows 7 x64 with HMPA 3.0.42.188 beta.
     
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    Thanks to ll for confirming this issue. It seems it has nothing to do with SpyShelter and also is not limited to just LibreOffice but seems to apply to any app protected under the "office" template...
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    and apps under Browser n' Other templates for me...
     
  5. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    The curious issue, unless I am wrong (I could not find any documentation on this), is that as far as I know, keyboard encryption should not apply to the "office" template, only to the "browser" and "other" templates...
     
  6. haakon

    haakon Guest

    Erik or Mark explained templates back around post 4200, give or take a hundred or so.

    More recently it was posted up that documentation was still a few months away.
     
  7. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman
    Strange Name or Numbering Sequence From 3.7.9.241 to 3.0.41[42].188, looks like a HitmanPro Alert Number or Name mix up. :confused: :)

    With regards
    Take Care
    TheQuest :cool:

    PS: Just downloaded file, and it is a Name mix up. :thumb:
     
    Last edited: May 27, 2015
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    It's HitmanPro.Alert 3.0.42.188.
    Erik forgot the Alert part and forgot to change 41 to 42.
    See these previous two replies.
     
  9. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi Stupendous Man
    Just seen the mistake when I downloaded the file, posted above :thumb:, missed those two posts. :gack:

    With regards
    Take Care
    TheQuest :cool:
     
    Last edited: May 27, 2015
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Aside from the numbering this build is running very well for me.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    So, you have keystroke encryption...?
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    When "Show live Keystroke Encryption in colored window border" is enabled, the encryption indicator should only appear (while typing on a physical keyboard) in applications under the Browser en Other categories.

    I can confirm that there is a bug in build 188 which causes the encryption indicator to show on applications in the Office and Media category (which is not correct), displaying unscrambled keystrokes in these applications (which is correct). Expect an update soon.

    Thanks all for reporting.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    To anyone else using WSA: would the Identity Shield supersede and prevent Keystroke Encryption in HMP.A?
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    With build 188 still high cpu and memory-usage (W7 64 bits). Erik, if you want the (non-SYSTEM) hmpalert-dmp...


    cpu.jpg threads.jpg
     
  15. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Another HMPA 3.0.42.188 beta false positive alert,
    this time when I right-click the image in deugniet's recent post and choose properties in Vista IE9 context menu:
    Code:
    Mitigation   Lockdown
    
    Platform     6.0.6002/x86 06_17*
    PID          4728
    Application  C:\Program Files\Internet Explorer\iexplore.exe
    Description  Internet Explorer 9
    
    VBScript God Mode
    res://ieframe.dll/imageppg.ppg
    
    Process Trace
    1  C:\Program Files\Internet Explorer\iexplore.exe [4728]
       "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3228 CREDAT:203013
    
    2  C:\Program Files\Internet Explorer\iexplore.exe [3228]
    3  C:\Windows\explorer.exe [3052]
    4  C:\Windows\System32\userinit.exe [3276]
    
    
    Provider Name  HitmanPro.Alert
    EventID        911
    Qualifiers     0
    Level          2
    Task           9
    Keywords       0x80000000000000
    EventRecordID  202319
    
    
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I have got 2 dumps from you. All load is related to Norton dll injection in our hmpalert user mode process (tray). You can trigger the load when switching network. I will see if I can prevent Norton from injecting into our tray process.
     
  17. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    I find the same issue when I right-click an image in another website and choose properties in Vista IE9 context menu.
    Definitely seems a bug in HMPA 3.0.42.188 beta.
    Code:
    Mitigation   Lockdown
    
    Platform     6.0.6002/x86 06_17*
    PID          4792
    Application  C:\Program Files\Internet Explorer\iexplore.exe
    Description  Internet Explorer 9
    
    VBScript God Mode
    res://ieframe.dll/imageppg.ppg
    
    Process Trace
    1  C:\Program Files\Internet Explorer\iexplore.exe [4792]
       "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3228 CREDAT:203011
    
    2  C:\Program Files\Internet Explorer\iexplore.exe [3228]
    3  C:\Windows\explorer.exe [3052]
    4  C:\Windows\System32\userinit.exe [3276]
    
    
    Provider Name  HitmanPro.Alert
    EventID        911
    Qualifiers     0
    Level          2
    Task           9
    Keywords       0x80000000000000
    EventRecordID  202328
    
    
     
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I use WSA and I have seen it interfere with HMPA (though I can't say that it interferes with keystroke encryption specifically). After each upgrade of HMPA I check PC Security, Identity Shield and the System Control active processes list to make sure HMPA is set to "allow".
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Just checked my performance statistics. I am not seeing anything like that. But no Norton.
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is addressed in build 189. Will be out in an hour or so.
     
  21. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.0.42 build 189

    Changelog compared to build 188
    • Improved Application Lockdown exploit mitigation (kudos to @ropchain for reporting).
    • Fixed inadvertent display of the live encryption indicator on applications without Keystroke Encryption.
    Download
    http://test.hitmanpro.com/hmpalert3b189.exe

    Please let us know how this build runs on your computer.
     
  22. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Build 189 works fine again, no flyouts for 'Media' and 'Office' and correct encryption for 'Browsers' and 'Other'
     
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Thanks very much.
    I'll try it later today, in a couple of hours.

    By the way, it was not mentioned in Mark's post, but according to the file name (hmpalert3b189.exe), I suppose it's still beta?
     
  24. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Sharp, but build 189 is not a beta. We're just not automatically updating previous versions yet.
    The b stands for build btw, not beta.
     
    Last edited: May 29, 2015
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Ah, thanks, I understand.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.