HitmanPro.ALERT Support and Discussion Thread

No "Windows could not connect to the System Event Notification Service" notification with Windows login.

 

Thank you for the clarification.
As I said, the issue you experienced may probably have been completely different to the issue that I mentioned before.
Thanks again.

I'm not sure about caiusilus, though, as to my question"Did you get a "Windows could not connect to the System Event Notification Service" error notification", caiusilus replied "I see the notification before login."
I cannot rule out that there could have been some miscommunication or misunderstanding.

 

See: Exploit mitigations > Applications...

Office-info can't be read completely at far right of screen.

 

It is a metro interface, use the mouse wheel to scroll.

 

Ok. Thanks.

 

You're right, Stupendous Man, the notification (on LUA) appears after I enter my password. And after my PC freeze. I have only a black screen... and i am forced to reboot.
But I can login on my admin account with HMP alert 3.

Apologize for my bad english writing...

best regards,
Laurent

 

Ah, thanks, that is the same as with my issue earlier on.

That is different to my experience earlier on,
however, a black screen is not uncommon with the "Windows could not connect to the System Event Notification Service" issue.

To rule out any miscommunication -
The notification that you got after entering your password trying to login to your LUA, was that:
"Windows could not connect to the System Event Notification Service"?
Or the equivalent in French on a computer with a French Windows edition, of course. I think that is:
"Windows n'a pas pu se connecter au Service de Notification d'événement système"

If you got that notification, the issue you experienced seems to be different to what deugniet described.
I don't know if the cause could be the same, or that the cause of the issue may be different too.
If the cause of the issue may be different than that of the issue deugniet reported, then it might be a good idea if SurfRight has a more specific look at the issue you reported.

 

Hi,

yes, that is exactly that notification ;-)
So I go back to emet. Waiting surfright fix this issue ;-)

Kind regards,
Laurent

 

Thank you very much, Laurent.

As I said,
if you got that notification, the issue you experienced seems to be different to what deugniet described.
I don't know if the cause could be the same, or that the cause of the issue may be different too.
If the cause of the issue may be different than that of the issue deugniet reported, then it might be a good idea if SurfRight has a more specific look at the issue you reported.
But that is up to SurfRight, of course.

 

Another event:

Logboeknaam: Security
Bron: Microsoft-Windows-Security-Auditing
Datum: 13-7-2014 16:42:03
Gebeurtenis-id:6281
Taakcategorie: Systeemintegriteit
Niveau: Informatie
Trefwoorden: Controle mislukt
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
De paginahashes van een installatiekopiebestand zijn niet geldig. Mogelijk is het bestand onjuist ondertekend zonder paginahashes of is het bestand beschadigd vanwege een onbevoegde wijziging. De ongeldige hashes kunnen duiden op een schijffout.

Bestandsnaam: \Device\HarddiskVolume3\Windows\System32\hmpalert.dll
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6281</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2014-07-13T14:42:03.271847700Z" />
<EventRecordID>198060</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="60" />
<Channel>Security</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">\Device\HarddiskVolume3\Windows\System32\hmpalert.dll</Data>
</EventData>

 

I entered the "hmpalert64-test.exe" into EMET's protected aps this morning as there was no "HPA3-test.exe" in the folder I downloaded from a few pages back and then re-tried the test and there still was no blocks by EMET with the .exe running with all mitigation's

 

EMET doesn't apply ROP mitigations to 64bit apps.

 

(Win 7 64 bits, F-Secure, Hmpalert, HitmanPro licensed, Appguard, Sandboxie 4.09).

Believing that most people write up problems in forums and don't very often log successes, I bit the bullet and upgraded Hmpalert to 3.0.12.63. Everything has run as smooth as silk for 24 hours apart from Sandboxie (even though I have a named pipe in Global settings). Everything loads and Sandboxie is usable, but there is no mouse over green hitmanPro.Alert//Safebrowsing at the top of the screen and the keyboard encryption test fails. I'm sure someone will fix it soon. I reckon Hmpalert is a superb piece of engineering. Many Thanks.

 

Thank you for writing this success story. Much appreciated.

 

Hi there. I installed your BETA version a couple days ago with no major issues. It's a nice program, seems to target the correct applications for protection and I've had no issues with safe browsing. But I would like to mention what seems to be a possible false positive. This is also occurring in your current release version of HitmanPro.Alert.

My PC is running Win7 64bit, with Emsisoft Anti Malware V9 & EMET 4.1 Update 1.

So I'll first say what the normal behaviour is and then I'll tell you the behaviour caused when HMP.A is installed on the system.

There is a game called Planetside 2 made by Sony Online Entertainment. When I launch the game, it brings up the updater. When the updater has verified the game is up to date, it allows the user to click the PLAY button which launches the game and closes the launcher.

With HMP.A, it behaves almost the same but when you click PLAY nothing happens and the launcher just closes. No user-facing prompts show up. However, Event Viewer does log it and I've included what it's offered up below, with just a couple things redacted:

Spoiler: Event Viewer Log

Code:

Log Name:      Application
Source:        Application Error
Date:          16/07/2014 8:32:49 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      REMOVED
Description:
Faulting application name: PlanetSide2_x64.exe, version: 0.0.0.0, time stamp: 0x53bc4d73
Faulting module name: hmpalert.dll, version: 3.0.12.63, time stamp: 0x53be9039
Exception code: 0xc0000005
Fault offset: 0x000000000007db50
Faulting process id: 0x65c
Faulting application start time: 0x01cfa0e1450d0375
Faulting application path: D:\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2_x64.exe
Faulting module path: C:\Windows\system32\hmpalert.dll
Report Id: 886a26e2-0cd4-11e4-b8b1-001b21b55c31
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-16T10:32:49.000000000Z" />
    <EventRecordID>92309</EventRecordID>
    <Channel>Application</Channel>
    <Computer>REMOVED</Computer>
    <Security />
  </System>
  <EventData>
    <Data>PlanetSide2_x64.exe</Data>
    <Data>0.0.0.0</Data>
    <Data>53bc4d73</Data>
    <Data>hmpalert.dll</Data>
    <Data>3.0.12.63</Data>
    <Data>53be9039</Data>
    <Data>c0000005</Data>
    <Data>000000000007db50</Data>
    <Data>65c</Data>
    <Data>01cfa0e1450d0375</Data>
    <Data>D:\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2_x64.exe</Data>
    <Data>C:\Windows\system32\hmpalert.dll</Data>
    <Data>886a26e2-0cd4-11e4-b8b1-001b21b55c31</Data>
  </EventData>
</Event>

Regards, Turing.

 

Emsisoft on x64 is in the known issues list.

Regarding Planetside 2, try setting Active Vaccination to Passive.

 

@erikloman ,

If you don't mind, I have two questions for you.

1) Is there much benefit for HMP.A 2 and HMP free (unlicensed) users upgrading to HMP.A 3?

&

2) Will HMP.A 2 users be automatically upgraded to HMP.A 3 once 3 is released?

Thank you.

PS : I have installed HMP.A 3 as a trial on a W7 x64 SP1 machine running Norton Security with Backup v22.0.0.67 (beta) and it installed over HMP.A 2 and after a reboot seems to be running fine.

 

1) With v3 you get these free additions (compared to v2):

• Active Vaccination
• Webcam Notifier
• Keystroke Encryption
• Hollow Process blocker
• HitmanPro integration
• Colored border around application (e.g. red border when browser is unsafe to use)
• Overall improvements

If you have a HitmanPro license you get hardware-assisted Exploit Mitigations as well.

2) Yes as all features of V2 are in V3 + the stuff mentioned in 1) above.

 

Thanks Erik. I might of missed it but how do I enable Active Vaccination, or is that not yet activated?

 

will there be hardware-assisted Exploit Mitigation support for AMD based system in future??

 

Its acitvated (default).

See: Security > System Vaccination.

 

No because AMD processors lack the feature where it records the last instructions (branches) it took.

 

Thanks but...
Mine shows as Passive Vaccination and the writing for Active Vaccination is not white, so it looks like I can't enable it.

 

Active Vaccination requires a license. I will send you one via PM.

 

PM Received! Thanks.