HitmanPro.ALERT Support and Discussion Thread

Thank you.

 

HMP.A 3.1.10.371 runs fine on my Windows 7 x64 system (more details, see signature).
Although, not tested with Bitdefender 2016, System Mechanic, or Firefox 46.

 

Uneventful upgrade from build 370; running smooth on Windows 10x64

 

Having problems with HMPA 371 logging into my E-mail online with FF 46.0.1 and Flash Player 21.0.0.242. I get a HMPA alert message indicating Flash Player has been terminated. I did not have this problem with 370 beta. Using Windows 7 Pro SP1 x64.
I sent Mark L. a p.m. with log.

 

I'm curious, could you tell us, how is Flash Player involved with logging into your e-mail online? Is that a Flash Player dependent webmail?

 

Apparently Xfinity, my ISP, is using flash player plugin on its web page. After HMPA alert message I get attached that FP has crashed.

 

I hope you can use your MyXFINITY webmail account with Flash Player disabled?

 

I normally get E-mail through M.S. Outlook. I login online occasionally to see what spam was blocked and I can still get there when Adobe F.P. plugin blocked by HMPA.

 

What was the problem with BIT 2016? I haven't had any that I know of.

 

W7-x64:
Installed hmp.alert build 371 over build 370 without issues, running fine so far.

 

W10 x64 F-secure Appguard.

Installed Alert build 371 over 369 yesterday. Everything OK

 

Updated build 370 to 371 om my laptop, two days ago. Everything is running smoothly (like it did with build 370). No abnormalities to report.

 

this version runs fine alongside norton and voodooshield pro , no slowdowns on both the browsers I use ( edge and chrome )

 

An update to Microsoft Office 2013 has caused the ROP false positives to return with HitmanPro.Alert 3.1.10 build 371

Word:

Code:

Mitigation   ROP

Platform     10.0.10586/x64 06_3a
PID          4136
Application  C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
Description  Microsoft Word 15

Branch Trace                      Opcode  To                            
-------------------------------- -------- --------------------------------
0x69740B58 MSO.DLL                   RET  0x69740A69 MSO.DLL            

0x6ADDDCE5 MSO.DLL                 ~ RET  0x01BF1214 (anonymous; wwlib.dll)

0x6AD66A9D MSO.DLL                   RET  0x6ADDDCCF MSO.DLL            

0x697328EC MSO.DLL                   RET  0x6AD66A9C MSO.DLL            

0x6ADDDCE5 MSO.DLL                 ~ RET  0x01BF1C73 (anonymous; wwlib.dll)

0x6ADC092F MSO.DLL                   RET  0x6ADDDCCF MSO.DLL            

0x697328EC MSO.DLL                   RET  0x6ADC092E MSO.DLL            

?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x01BF185D (anonymous; wwlib.dll)
0x6973A75C MSO.DLL                                                      

0x6AD35955 MSO.DLL                 ~ RET  0x01BF184D (anonymous; wwlib.dll)

0x6A915C70 MSO.DLL                 ~ RET* 0x69790CA2 MSO.DLL            
            837d0800                 CMP          DWORD [EBP+0x8], 0x0
            8907                     MOV          [EDI], EAX
            7549                     JNZ          0x69790cf3
            57                       PUSH         EDI
            8bce                     MOV          ECX, ESI
            e83d435a01               CALL         0x6ad34fef
            5b                       POP          EBX
            b48d                     MOV          AH, 0x8d
            004800                   ADD          [EAX+0x0], CL
            0010                     ADD          [EAX], DL
            84c0                     TEST         AL, AL
            7435                     JZ           0x69790cf3
            8bce                     MOV          ECX, ESI
            e8a79ad400               CALL         0x6a4da76c
            8bc8                     MOV          ECX, EAX
            e8b41ad500               CALL         0x6a4e2780
                                 (8A7CB2157EE5E207)


0x6A1D2238 MSO.DLL                 ~ RET* 0x6A915C70 MSO.DLL            
            c20400                   RET          0x4


_MsoRegOpenKeyExW@16 +0x13a          RET  0x01BF5E7B (anonymous; wwlib.dll)
0x69732BA3 MSO.DLL                                                      

0x697328EC MSO.DLL                   RET  _MsoFreePv@4 +0xb8            
                                          0x697383FA MSO.DLL            

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  69740A74 MSO.DLL                
            8bce                     MOV          ECX, ESI
            8986ac000000             MOV          [ESI+0xac], EAX
            e81f010000               CALL         0x69740ba0
            8bc6                     MOV          EAX, ESI
            5e                       POP          ESI
            c3                       RET        

2  01BF1219 (anonymous; wwlib.dll)
3  69790CBA MSO.DLL                
4  699616F5 MSO.DLL                
5  01BF4BF1 (anonymous; wwlib.dll)
6  6998D8DC MSO.DLL                
7  6998B62B MSO.DLL                
8  6975D94A MSO.DLL                
9  6974D28D MSO.DLL                
10 6974D05A MSO.DLL                

Process Trace
1  C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [4136]
2  C:\Windows\explorer.exe [2944]
3  C:\Windows\System32\userinit.exe [2912]

Excel:

Code:

Mitigation   ROP

Platform     10.0.10586/x64 06_3a
PID          684
Application  C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
Description  Microsoft Excel 15

Branch Trace                      Opcode  To                            
-------------------------------- -------- --------------------------------
0x6AC20B58 MSO.DLL                   RET  0x6AC20A69 MSO.DLL            

0x6C2BDCE5 MSO.DLL                 ~ RET  0x04056104 (anonymous; EXCEL.EXE)

0x6C246A9D MSO.DLL                   RET  0x6C2BDCCF MSO.DLL            

0x6AC128EC MSO.DLL                   RET  0x6C246A9C MSO.DLL            

0x6C2BDCE5 MSO.DLL                 ~ RET  0x04056AD9 (anonymous; EXCEL.EXE)

0x6C2A092F MSO.DLL                   RET  0x6C2BDCCF MSO.DLL            

0x6AC128EC MSO.DLL                   RET  0x6C2A092E MSO.DLL            

?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x04056458 (anonymous; EXCEL.EXE)
0x6AC1A75C MSO.DLL                                                      

0x6C215955 MSO.DLL                 ~ RET  0x04056448 (anonymous; EXCEL.EXE)

0x6BDF5C70 MSO.DLL                 ~ RET* 0x6AC70CA2 MSO.DLL            
            837d0800                 CMP          DWORD [EBP+0x8], 0x0
            8907                     MOV          [EDI], EAX
            7549                     JNZ          0x6ac70cf3
            57                       PUSH         EDI
            8bce                     MOV          ECX, ESI
            e83d435a01               CALL         0x6c214fef
            5b                       POP          EBX
            b48d                     MOV          AH, 0x8d
            004800                   ADD          [EAX+0x0], CL
            0010                     ADD          [EAX], DL
            84c0                     TEST         AL, AL
            7435                     JZ           0x6ac70cf3
            8bce                     MOV          ECX, ESI
            e8a79ad400               CALL         0x6b9ba76c
            8bc8                     MOV          ECX, EAX
            e8b41ad500               CALL         0x6b9c2780
                                 (8A7CB2157EE5E207)


0x6B6B2238 MSO.DLL                 ~ RET* 0x6BDF5C70 MSO.DLL            
            c20400                   RET          0x4


_MsoRegOpenKeyExW@16 +0x13a          RET  0x040504B2 (anonymous; EXCEL.EXE)
0x6AC12BA3 MSO.DLL                                                      

0x6AC128EC MSO.DLL                   RET  _MsoFreePv@4 +0xb8            
                                          0x6AC183FA MSO.DLL            

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  6AC20A74 MSO.DLL                
            8bce                     MOV          ECX, ESI
            8986ac000000             MOV          [ESI+0xac], EAX
            e81f010000               CALL         0x6ac20ba0
            8bc6                     MOV          EAX, ESI
            5e                       POP          ESI
            c3                       RET        

2  04056109 (anonymous; EXCEL.EXE)
3  6AC70CBA MSO.DLL                
4  6AE416F5 MSO.DLL                
5  040587B3 (anonymous; EXCEL.EXE)
6  6AE6D8DC MSO.DLL                
7  6AE6B62B MSO.DLL                
8  6AC3D94A MSO.DLL                
9  6AC2D28D MSO.DLL                
10 6AC2D05A MSO.DLL                

Process Trace
1  C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE [684]
2  C:\Windows\explorer.exe [2944]
3  C:\Windows\System32\userinit.exe [2912]

PowerPoint:

Code:

Mitigation   ROP

Platform     10.0.10586/x64 06_3a
PID          1524
Application  C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE
Description  Microsoft PowerPoint 15

Branch Trace                      Opcode  To                            
-------------------------------- -------- --------------------------------
0x69980B58 MSO.DLL                   RET  0x69980A69 MSO.DLL            

0x6B01DCE5 MSO.DLL                 ~ RET  0x002F3373 (anonymous; ppcore.dll)

0x6AFA6A9D MSO.DLL                   RET  0x6B01DCCF MSO.DLL            

0x699728EC MSO.DLL                   RET  0x6AFA6A9C MSO.DLL            

0x6B01DCE5 MSO.DLL                 ~ RET  0x002F39CB (anonymous; ppcore.dll)

0x6B00092F MSO.DLL                   RET  0x6B01DCCF MSO.DLL            

0x699728EC MSO.DLL                   RET  0x6B00092E MSO.DLL            

?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x002F3874 (anonymous; ppcore.dll)
0x6997A75C MSO.DLL                                                      

0x6AF75955 MSO.DLL                 ~ RET  0x002F3864 (anonymous; ppcore.dll)

0x6AB55C70 MSO.DLL                 ~ RET* 0x699D0CA2 MSO.DLL            
            837d0800                 CMP          DWORD [EBP+0x8], 0x0
            8907                     MOV          [EDI], EAX
            7549                     JNZ          0x699d0cf3
            57                       PUSH         EDI
            8bce                     MOV          ECX, ESI
            e83d435a01               CALL         0x6af74fef
            5b                       POP          EBX
            b48d                     MOV          AH, 0x8d
            004800                   ADD          [EAX+0x0], CL
            0010                     ADD          [EAX], DL
            84c0                     TEST         AL, AL
            7435                     JZ           0x699d0cf3
            8bce                     MOV          ECX, ESI
            e8a79ad400               CALL         0x6a71a76c
            8bc8                     MOV          ECX, EAX
            e8b41ad500               CALL         0x6a722780
                                 (8A7CB2157EE5E207)


0x6A412238 MSO.DLL                 ~ RET* 0x6AB55C70 MSO.DLL            
            c20400                   RET          0x4


_MsoRegOpenKeyExW@16 +0x13a          RET  0x002F5ED0 (anonymous; ppcore.dll)
0x69972BA3 MSO.DLL                                                      

0x699728EC MSO.DLL                   RET  _MsoFreePv@4 +0xb8            
                                          0x699783FA MSO.DLL            

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  69980A74 MSO.DLL                
            8bce                     MOV          ECX, ESI
            8986ac000000             MOV          [ESI+0xac], EAX
            e81f010000               CALL         0x69980ba0
            8bc6                     MOV          EAX, ESI
            5e                       POP          ESI
            c3                       RET        

2  002F3378 (anonymous; ppcore.dll)
3  699D0CBA MSO.DLL                
4  69BA16F5 MSO.DLL                
5  002F22DE (anonymous; ppcore.dll)
6  69BCD8DC MSO.DLL                
7  69BCB62B MSO.DLL                
8  6999D94A MSO.DLL                
9  6998D28D MSO.DLL                
10 6998D05A MSO.DLL                

Process Trace
1  C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE [1524]
2  C:\Windows\explorer.exe [2944]
3  C:\Windows\System32\userinit.exe [2912]

 

Can you check your Office 2013 version number? Mine is 15.0.4815.1000 32-bit and I'm not getting the ROP false positive with HMPA build 371.

 

I think my PC is freezing for a few seconds during HitmanPro.ALERT's update checks. (Especially during gaming) The sound works normally but the screen is totally frozen including mouse cursor aswell. I've uninstalled Bitdefender AV 2016 Plus and cleaned it with BD's uninstalling tools. Two days after that the problem still occurs.

Event ID 214 "Check for update has failed. Trying again in 120 minutes."


Could you please implement an option for us so that we could choose how often it polls for the updates? I would rather prefer once a day / week instead of every 120min.

Thanks!

 

My version is 15.0.4823.1002 32-bit.

 

http://www.businessinsider.com/doj-and-dhs-ransomware-attacks-government-2016-4

"The DHS recently found that its EINSTEIN cybersecurity service for federal agencies relies on signatures of known viruses for detection. That makes it vulnerable to new or previously unseen viruses, a particular issue when new strains of ransomware seem to pop up every week."

Maybe Surfright/Sophos could pitch HMP.A to the U.S. Department of Homeland Security.

 

I just received a Norton Security SONAR update and a few minutes later Alert stopped.

Code:

Source
HitmanPro.Alert

Summary
Stopped working

Date
‎24/‎05/‎2016 6:47 AM

Status
Report sent

Description
Faulting Application Path:    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe

Problem signature
Problem Event Name:    BEX
Application Name:    hmpalert.exe
Application Version:    3.1.10.371
Application Timestamp:    573dbc0d
Fault Module Name:    UMEngx86.dll_unloaded
Fault Module Version:    10.1.0.96
Fault Module Timestamp:    572aaf8a
Exception Offset:    00004f0e
Exception Code:    c0000005
Exception Data:    00000008
OS Version:    10.0.10586.2.0.0.768.101
Locale ID:    3081
Additional Information 1:    cf10
Additional Information 2:    cf100be31f5ad665ccad259962d7582f
Additional Information 3:    a0d9
Additional Information 4:    a0d9b682fcdfcf08b64cccb1157c20bf

Extra information about the problem
Bucket ID:    65d0843422c9fd7e3dde50f257d5abff (50)

Code:

Log Name:      Application
Source:        Application Error
Date:          24/05/2016 6:47:50 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Dave-PC
Description:
Faulting application name: hmpalert.exe, version: 3.1.10.371, time stamp: 0x573dbc0d
Faulting module name: UMEngx86.dll_unloaded, version: 10.1.0.96, time stamp: 0x572aaf8a
Exception code: 0xc0000005
Fault offset: 0x00004f0e
Faulting process ID: 0xdc4
Faulting application start time: 0x01d1b4e2d600783f
Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Faulting module path: UMEngx86.dll
Report ID: 17ccce97-dd96-4dc5-ba56-5ac7d022717a
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-05-23T20:47:50.965496500Z" />
    <EventRecordID>3695</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Dave-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>hmpalert.exe</Data>
    <Data>3.1.10.371</Data>
    <Data>573dbc0d</Data>
    <Data>UMEngx86.dll_unloaded</Data>
    <Data>10.1.0.96</Data>
    <Data>572aaf8a</Data>
    <Data>c0000005</Data>
    <Data>00004f0e</Data>
    <Data>dc4</Data>
    <Data>01d1b4e2d600783f</Data>
    <Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
    <Data>UMEngx86.dll</Data>
    <Data>17ccce97-dd96-4dc5-ba56-5ac7d022717a</Data>
    <Data>
    </Data>
    <Data>
    </Data>
  </EventData>
</Event>

 

There seems to be several AV/Security solutions, that do not work well together with HMP.A, on the long run.
Among them: Bitdefender2016 and Norton...and some other specialized AVs and Security Tools.

My suggestion is to use simple AV and ad HMP.A as layered protection.

Overlaying protection will not work well together, and cause frequent issues.

 

You are welcome to your opinion. Personally I would rather stick with Norton than whatever "simple AV" you have in mind. Erik did hint at a version that stops Norton injecting itself into Alert once before, so I'm hoping that is still on the road map.

 

Could you name some "specialized AVs" and "simple AVs"?

 

"Specialized AVs" and security solutions can be found all through this thread, when issues are reported.

Simple AVs, that work well together with HMP.A :
Avira (free, or paid), Bitdefender-free and Microsoft Security-Essentials/Windows-Defender.
They have proven to run with HMP.A, over a long period of time.

There may be more, but I don't have enough experience, to suggest.

 

OK, thanks for your reply. However, the fact that Avira and some other AVs are compatible with HMP.A does not necessarily mean they are "simple" AVs (whatever that might be). The wording "compatible" would probably be more appropriate here. BTW, I used KIS 2016 and HMP.A without any issues until recently. Does this make KIS a "simple" AV solution? Probably not. It's merely compatible with HMP.A (and many other third-party anti-malware solutions). Anyway, now I know what you mean. Danke.

 

Well,
if I had to choose only one Security, I would go with Norton, Kaspersky, or Avira.
All of them are the best you can get, if you have to choose only one.

But I decided to go layered, so I decided to go with Avira.

Kaspersky EndpointSecurity10 is also running fine with HMP.A.
Don't know, how Kaspersky Antivirus does.