HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Hopefully you will have figured out a Keystroke Encryption workaround for WSA Identity Shield by then :) (post #7444)
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    WSA Identity Shield is blocking the keystroke indicator so there is not much we can do. IMO Webroot should fix the issue by whitelisting HMPA.

    BTW, only the indicator is affected, the encryption still works with WSA Identity Shield.
     
    Last edited: Nov 20, 2015
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks for confirming that only the indicator is affected, and encryption still works with WSA Identity Shield - that is good to know.
    About Webroot whitelisting HMPA - I'll see if I can bring that to their attention via the Webroot Community (or @Triple Helix in the Webroot thread) ...
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Last edited: Nov 20, 2015
  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 340 Pre-release.

    Win10 v1511 build 10586.3 x64/Norton Security with Backup v22.5.4.24
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    In
    Interesting though, that the keystroke indicator still works fine in v3.0 build 209, but no longer in 3.1?
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    That is because we had to change the way the colored window border works to support metro apps (e.g. Microsoft Edge). The new way is blocked by Webroot Identity Shield.
     
  8. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    Maybe off topic, but, I just purchased HPA v3 for 3 PCs, one of which is an IBM legacy desktop. Question: whereas HPA v3 installs fine on my newer computers, on the legacy IBM with SSE CPU (not SSE2) it does not. I get an error message (below) and the installation is not completed:

    Faulting application hmpalert3.exe, version 3.0.59.209, faulting module hmpalert3.exe, version 3.0.59.209, fault address 0x001b6c8b.

    Same problem with both v3.0 and 3.1 Beta. What's up? If SSE2 is required, let me know which version still run on a CPU with SSE instruction set? HPA 2.6.5.77 runs fine on the coputer in question.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    SSE2 isn't required. Can you generate a dump?
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Updated smoothly from build 338 :thumb:
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We are currently auto-updating everyone with a 3.1 BETA or RC build to build 340.
     
  12. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Auto update 3.1 build 338 to build 340 worked just fine, no issues so far.
     
  13. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Not working for me. I do get the fly-over, but after reboot it is still 338 and I get the same fly-over.

    A manual install of 340 got me up-to-date for now.
     
  14. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    same for me.

    As for build 338, 340 works flawless. (10 x64 TH2)

    Good job, guys! :thumb:
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    340 looks good here also. Well done.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    3.1.0 build 340 :)
     
  17. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    On this computer I'm running XP Pro Sp3. With a dump you mean by using a native process/program or by using MS' User Mode Process Dumper (userdump8.1)? If the latter, I won't post it .. I'll email the dump to you using support@hitmanpro.com

    Trying your latest v.3 Beta I get this Event Viewer error:

    Description: Faulting application hmpalert3b340.exe, version 3.1.0.340, faulting module hmpalert3b340.exe, version 3.1.0.340, fault address 0x001cc137.
     
    Last edited: Nov 20, 2015
  18. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    @erikloman
    Could you please look at your inbox again?
    Installed the pre-release, it finally works correctly. Thank you!!
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Now have 340 on two desktops and a w10 virtual machine. Smooth
     
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    You really can't Whitelist things in ID Shield but have you tried to add HMPA processes under allow in WSA? http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6c_ManagingProtectedApps.htm
    and have you tried to Contact Webroot Support and ask them? Webroot Customer Service

    Thanks,

    Daniel :)
     
    Last edited: Nov 20, 2015
  21. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
  22. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Well you don't want to undermined WSA's ID Shield as well! So it's best to contact support to see if there is a work around.

    Daniel

    2014-06-20_17-54-10.png
     
  23. ParallelTwin

    ParallelTwin Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    7
    Location:
    Sydney
    I'm having issues with loading task bar pinned chrome shortcuts with user profiles: e.g. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 4"

    Didn't happen on previous build.

    Also firefox just kind of hangs when i load it, which also didn't happen before.

    EDIT: Can't reproduce issue with firefox anymore.

    2nd EDIT: Got this alert now.

    Mitigation ROP

    Platform 10.0.10586/x64 06_2a
    PID 11136
    Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Description Firefox 42

    Callee Type AllocateVirtualMemory
    0x0D9A0000 (65536 bytes)

    Branch Trace Opcode To
    -------------------------------- -------- --------------------------------
    RtlRestoreLastWin32Error +0x1f RET 0x734BC230 avcuf32.dll
    0x7789839F ntdll.dll

    InterlockedExchange +0xe RET 0x734BC21B avcuf32.dll
    0x745A787E kernel32.dll

    InterlockedDecrement +0x11 RET 0x734BC20A avcuf32.dll
    0x745B2A31 kernel32.dll

    0x73521E25 avcuf32.dll RET 0x734BC123 avcuf32.dll

    0x734D9308 avcuf32.dll RET 0x73521E20 avcuf32.dll

    0x734E0729 avcuf32.dll RET 0x734D92D6 avcuf32.dll

    0x73521B61 avcuf32.dll RET 0x734E0726 avcuf32.dll

    0x734CE5F8 avcuf32.dll RET 0x734E06EF avcuf32.dll

    RtlFreeHeap +0x254 RET* 0x7491EA3F user32.dll
    0x77870484 ntdll.dll
    41 INC ECX
    ffa7f8000000 JMP DWORD [EDI+0xf8]


    WaitMessage +0x4c ~ RET GetWindowThreadProcessId +0xf5
    0x749189FC user32.dll 0x748FDB45 user32.dll

    0x56E021BC wow64cpu.dll ~ RET 0x56E0217F wow64cpu.dll

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 74C0C671 KernelBase.dll VirtualAlloc +0x41

    2 73521E78 avcuf32.dll
    8945e4 MOV [EBP-0x1c], EAX
    837d1400 CMP DWORD [EBP+0x14], 0x0
    7411 JZ 0x73521e92
    8b4510 MOV EAX, [EBP+0x10]
    83f800 CMP EAX, 0x0
    7409 JZ 0x73521e92
    48 DEC EAX
    83c404 ADD ESP, 0x4
    83f800 CMP EAX, 0x0
    75f7 JNZ 0x73521e89
    8b450c MOV EAX, [EBP+0xc]
    9c PUSHF
    8f4020 POP DWORD [EAX+0x20]
    894804 MOV [EAX+0x4], ECX
    895008 MOV [EAX+0x8], EDX
    89580c MOV [EAX+0xc], EBX

    3 734BC242 avcuf32.dll
    4 FE7605B6 (anonymous)
    5 1033BFC2 xul.dll
    6 0FDB1A37 xul.dll

    Process Trace
    1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [11136]
    2 C:\Windows\explorer.exe [4516]
    3 C:\Windows\System32\userinit.exe [4460]

    3rd EDIT: Rebooted, can't reproduce any of the issues now! me gusta.
     
    Last edited: Nov 21, 2015
  24. CCV

    CCV Registered Member

    Joined:
    Nov 7, 2015
    Posts:
    44
    Location:
    Tasmania
    Auto update worked fine.
    A Windows Update prevented installation on first reboot. Second try went ok, except..

    Usually takes longer than normal for desktop to load after each and every upgrade of hmp.a so far - i.e., black screen for a good few seconds before anything appears.
    This time, however, it twice switched from black screen to what looked like a static version of loading screen - Windows colour with a white dot near the centre.

    Nothing else to report, yet. Tho, with Firefox (which I use only occasionally) there was no fly-out. I seem to recall seeing it in the past. The window border didn't show up first time either, but that depends on mouse position. So...
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I experience a little slowdown also, but only after the first reboot. Subsequent reboots/startups are normal. Is that what you mean?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.