HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    Erik,
    In Ctp4 I get still a blue flyby in IE9 in my Vista system.
    Was there something changed in Ctp4 about this "bug" in Ctp3 ?
    Can you approve that is it safe to change the reg to the full path of iexplore.exe ?
     
    Last edited: Oct 4, 2014
  2. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    I'll try this the next time I install. I would prefer an additional option for the tray icon to temporarily (say 15 min.) disable HMPA before it reactivates itself. A lot of AVs and Firewalls offer you this feature. Makes it easier for problem determination.
     
  3. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    I just already tried it in Ctp4 here in my Vista system.
    After stopping the service I did some tests and did not get the flyby any more.
    So I think it workes, but...... after starting the service again I got a BSOD (blue screen).
    So we first need an answer from Erik if and when it is supported without BSOD.
     
  4. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    I just installed HMPA on my Win7 system and stopping the service does seem to disable it. I did not get a BSOD restarting the service and the fly-out did come back. The problem I see with this is there is no indication from HMPA that it has been disabled. Either a change in color of the tray icon or by some other means. Yes the fly-out will no longer show, but some people may only want the fly-out once per session and they will have no idea if the service was disabled at some point during their session.
     
  5. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    I'm still having the same slow-down on Win7 with the fileman exe I sent. The overall system does not seem to be affected as was the case with XP. Also no BSODs so far. When I disable the alert service, fileman screen appears instantly. Seems like there's an interaction problem with some Win32 console mode programs before their display appears. I have another program called fileview that reacts the same way. I'll give Win8 a try next.
     
  6. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    I had a similar problem several times last week.

    However, I was not running HPA3 (HPA2 instead). I was also running Sandboxie though. Maybe this helps pinpointing?

    Please post what you find out.
     
  7. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Wish that was true.

    Many iTunes crashes today. Unfortunately after using it for a while and no clear indication of what action in iTunes triggers these crashes.
     
  8. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    OOOPs, 1st Win7 BSOD after a clean reboot and starting Firefox. I sent you the dump Erik. Also, I do not see the green boarder around the browser GUI like I did on the XP system. Active vaccination is on.
    W7BSOD.jpg
     
  9. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    I agree that disabling the service should to be visible in the HMPA screen.
    But i think it is not a big omission, because everyone who knows how the disable a service, will remember this after a wile.
    And after only stopping the service it wil again be started at the next reboot.
     
  10. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    Erik, the BSOD after starting the service in Vista comes from address hmpalert.sys+f36b as far I can see.
    I will try it again in a few hours in an "empty" system to prove that it is repeatable.
     
  11. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    The point I was making was if the service was disabled by something else other than the user himself such as malware, etc..
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Are you sure you are running build 90? Can you send a dump?
     
    Last edited: Oct 4, 2014
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    As some of you noticed is that we have a BSOD issue in CTP4. All seem related to the same bug. We are working on a fix.

    Keep the reports coming in.
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Error:

    Logboeknaam: Application
    Bron: Application Error
    Datum: 4-10-2014 14:28:25
    Gebeurtenis-id:1000
    Taakcategorie: (100)
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: *****
    Beschrijving:
    Naam van toepassing met fout: hmpalert.exe, versie: 3.0.15.90, tijdstempel: 0x542e7ef5
    Naam van module met fout: hmpalert.exe, versie: 3.0.15.90, tijdstempel: 0x542e7ef5
    Uitzonderingscode: 0xc0000005
    Foutoffset: 0x001cc501
    Id van proces met fout: 0xaac
    Starttijd van toepassing met fout: 0x01cfdfceb0ef22f4
    Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    Pad naar module met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    Rapport-id: ef90db90-4bc1-11e4-911f-001f16aa0c13
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-04T12:28:25.000000000Z" />
    <EventRecordID>147973</EventRecordID>
    <Channel>Application</Channel>
    <Computer>sjaak2-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>hmpalert.exe</Data>
    <Data>3.0.15.90</Data>
    <Data>542e7ef5</Data>
    <Data>hmpalert.exe</Data>
    <Data>3.0.15.90</Data>
    <Data>542e7ef5</Data>
    <Data>c0000005</Data>
    <Data>001cc501</Data>
    <Data>aac</Data>
    <Data>01cfdfceb0ef22f4</Data>
    <Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
    <Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
    <Data>ef90db90-4bc1-11e4-911f-001f16aa0c13</Data>
    </EventData>
    </Event>
     
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    BSOD. Sent minidump by mail. Dont know if its HmP.Alert.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    it is running just perfect
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Do you have a dump of this crash?
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No crash, only a recurring HmP.Alert-event in Event viewer.

    During boot a BSOD, I sent you a mail with dmp-file.

    Logboeknaam: System
    Bron: Microsoft-Windows-WER-SystemErrorReporting
    Datum: 4-10-2014 17:36:12
    Gebeurtenis-id:1001
    Taakcategorie: Geen
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****
    Beschrijving:
    De computer is opnieuw opgestart na een bugcontrole. De bugcontrole is 0x000000d1 (0x0000000000008088, 0x0000000000000002, 0x0000000000000008, 0x000000000000808:cool:. Er is een dump opgeslagen in: C:\Windows\MEMORY.DMP. Rapport-id: 100414-29374-01.
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-04T15:36:12.000000000Z" />
    <EventRecordID>879320</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>****</Computer>
    <Security />
    </System>
    <EventData>
    <Data Name="param1">0x000000d1 (0x0000000000008088, 0x0000000000000002, 0x0000000000000008, 0x000000000000808:cool:</Data>
    <Data Name="param2">C:\Windows\MEMORY.DMP</Data>
    <Data Name="param3">100414-29374-01</Data>
    </EventData>
    </Event>
     
  19. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    I will send you a mail with the Wuala-link (memory.dmp (zipped 161 mb)).
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Ive got the BSOD dump. Still looking for a service dump.
     
  21. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman
    Thanks you for getting back.
    Sorry no, do not have the dump files because have Automatically restart unchecked also not using any paging file [to save hits to SSD [and space] [have 32gb of memory]].

    Will temporary recheck Automatically restart and give the OS some paging file.

    With regards
    Take Care
    TheQuest :cool:
     
    Last edited: Oct 4, 2014
  22. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Got a BSOD after logging into Windows and opening Chrome. BlueScreenView faulted HMP.Alert's driver and ntoskrnl. As soon as I rebooted and logged in, I got another BSOD, but this time it wasn't HMP.Alert, I think. I have the minidumps, but can't attach them here.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    To clarify, when I say "white-listing" I mean that HMPA will perhaps look at from where malware (the payload) is trying to load. So for example if malware (that is triggered by some exploit) is trying to launch from c:\Temp, HMPA will stop it. And some more info about the "Network Lockdown" feature would be nice, but you're a bit busy, so it can wait. :)
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Rasheed

    Are you testing the beta?
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    At the moment I'm not, I installed it on Win XP SP2, but the protection does not work. I did test it on Win 8 months ago, and it worked quite smoothly.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.