HitmanPro.ALERT Support and Discussion Thread

Thank You, for leaving this thread.

It has often enough explained by members and developers, that the 30 days trial starts with first activation,
of either HitmanPro, done by entering email,
or installing any version of HitmanPro.alert, without further action.

So there is no reason to complain!

Why didn't You send PM to @erikloman, and asked for a extended trial?

 

Thank you Erik. I will uninstall MBAE for now and see how I get on with HMPA.

 

Running HMP.A build 374 on Vista HP x64 SP2, and on Windows 7 HP x64 SP1. All is quiet.

 

erm, maybe start the free trial period first?

Edit: Just read the rest of your comments. Never mind, goodbye.

 

Upgraded to 3.5 and so far so good.

Erik are Steam & 3DMark related changes already included in this version?

 

No not yet. Kinda busy here at the office. My direct colleagues are on holiday and I have to cover for them. So stuff is going a bit slower than usual.

 

What is the problem with Steam? is an incompatibility?

 

take a look at posts 10358→10373...

 

system notified me with auto upgrade to HMA v3.5.0.546 from v3.1.11.374. after reboot BSOD Bad Header Pool.

after new reboot no HMA present anymore

system is win10x64

reinstall of v3.1.11.374 works, after upgrade again BSOD.

clean install of v3.1.11.374 also BSOD

anyone seen this?

 

You have a minidump file located in C:\Windows\Minidumps\ ?

If so, can you send it to erik@surfright.com ?

Lastly, what AV are you running?

 

Just began my 30-day trial.

Yesterday I attempted to upgrade DVDFab Passkey. The upgrade failed a number of times. I killed HitmanPro.Alert and the upgrade processed. Event viewer has this summary:

Source: HitmanPro.Alert
Event ID: 911
Task Category: Mitigation

Code:

Mitigation   SelfProtection

Platform     6.3.9600/x64 06_3a
PID          6448
Application  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyBluray.exe
Description  DVDFab is the all-in-one software package for copying Blu-ray/DVD and converting video file. 1.0

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  02410000 (anonymous; DVDFabPasskeyBluRay.exe)
            6800004102               PUSH         DWORD 0x2410000
            68412f4500               PUSH         DWORD 0x452f41
            6814e52600               PUSH         DWORD 0x26e514
            e870bb04fe               CALL         0x45bb84
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL

2  02400000 (anonymous; DVDFabPasskeyBluRay.exe)
3  023F0000 (anonymous; DVDFabPasskeyBluRay.exe)
4  0044C8AC DVDFabPasskeyBluRay.exe

Process Trace
1  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyBluRay.exe [6448]
2  D:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe [572]
3  C:\WINDOWS\explorer.exe [2656]
4  C:\WINDOWS\System32\userinit.exe [2556]

I didn't find DVDPassKEy among HitmanPro.Alert applications.

Advice?

EDIT: Just running DVDPassKey results in a self-protection mitigation error. Any workaround I'm missing?

 

I got the notification while I was sleeping. As I have advised previously, I still get the multiple fly-outs. But, not to worry, because with a reboot I have the latest version installed.

Spoiler: various screenshots

 

SelfProtection means that DVDFab wants to modify Alert's code. This is not allowed for obvious reasons. A few examples:
https://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet/
https://www.fireeye.com/blog/threat-research/2016/02/using_emet_to_disabl.html
Alert goes some lengths to prevent this.

Add the above application to the Exclude category via Applications on the blue tile (scroll entirely to the right).

 

Minidump sent, AV is symantec

 

I only have one Firefox installed which is 47.0.0. Where is HMPA (build 546) getting the rest from?

 

hi Adric, sorry for my poor english, i'll try to do my best* to help you:
imo, Firefox entry below 47.0.1 are simply leftovers (remnants?) that you could remove in all likelihood (99%?) (i presume, infact, that you are running only the latest firefox build, right?)



*

 

You could export the settings and then check the XML for the application path.
Use something like http://jsbeautifier.org/ to make the file more structered or simply search for "firefox.exe".

 

Nice, these xml-files are much better to read now

 

Thank you.

Two "newbie" questions...

1. When I look at applications (blue tile) it says: "Your Applications (26)" ... yet only 25 appear. Is HitmanPro.Alert counted in the applications total? FWIW, in the registry there are 25 entries.
2. Should all running applications be protected? If so, how do I determine the appropriate template for unprotected applications?

 

1. I think the last [+] under the Exclude category is also counted
2. No. Only applications that open internet content like browsers, document readers, etc.

 

Ah, I think you're right.
I hadn't noticed that before, but looking at an April 26 screen capture, I see that it was the same with HMP.A 3.1.9.363.

 

Purchased Hitmanpro.alert for 6 computer. Had the trial installed on 1. when I installed it on 2 more PCs, the initial scan found a LOT of suspicious files. They are almost all flagged ignore. a couple are flagged delete.

This happened on both PCs. One a win 10 desktop and 1 a win10 laptop. Is it safe to have HMPA delete the ones marked delete?. And, what is the resolution for the files marked suspicious? There are 211 files on the desktop and 151 files on the laptop the are flagged.

I am running RollbackRX on all 3 PCs.On the 1st PC, the trial, that I activated with my new Key, no rootkit was ever reported, even today. On the 2nd PC, the Desktop, no rootkit is reported. (this is a new today install). On the laptop, a rootkit is reported. I changed the flag to ignore. Will this be a permanent ignore or do I have to do something else to keep HMPA from mitigating Rollback.

 

My laptop freezes when I attempt to mount an encrypted container using Jetico's BC (BestCrypt) Traveller. Executing the program is normal until I enter the container password to mount the container file (similar as Truecrypt). At that point, the laptop is completely unresponsive.

I added BC Traveller to my exclusions, but the still laptop froze when I tried to mount the container file. I powered off and rebooted, then I stopped the HitmanPro.Alert service. Again the laptop froze when I attempted to mount the container file.

Finally, I powered out, rebooted, then uninstalled HitmanPro.Alert. After rebooting, the container file mounted as expected.

I was sure killing the service would enable the container mounting, but that didn't work.

Any ideas on how I can mount encrypted containers periodically without uninstalling HitmanPro.Alert.

Thanks.