HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I got a big time BSOD on restart with Alert on XP SP 2 with Comodo CIS and GesWall. Not able to boot at all and restored the system. Is it a known issue? I don,t have a dump.
     
    Last edited: Dec 8, 2014
  2. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    321
    if i install the latest RC will it auto update to the final release/next RC build automatically?

    thanks
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  4. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Does HMPA RC work in IE11.

    I am not able to see either green border or encrypting keys when keying in user id/Password in IE11 64 bit for the below link.

    https://netbanking.hdfcbank.com/netbanking/

    However above link works in chrome as expected..
     
    Last edited: Dec 8, 2014
  5. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert needs at least Windows XP Service Pack 3. XP SP2 is not supported.
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Yes, Internet Explorer 11 is supported (all web browsers that registers itself in Windows as browser are automatically protected). If you see a green or blue notification flyout in the upper right corner of the screen the browser is protected. The border is an extra and there could be some software interfering with the drawing of the border. Do you have other security software on your machine?
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes. As a matter of fact, we are planning small updates in the coming days via the auto update mechanism.
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I updated to the RC the other day. I have posted about my experience in earlier posts over the last couple of days.

    I have justed rebooted into the snapshot and I find that hmpalert.exe v2.6.5.77 has been created in C:\ ...Is this OK? Doesn't seem right, as it is a version from last April.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You mean it is in the root of C: ?
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
  11. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Sorry Erik, for not being clear in my earlier post.
    Yes, i see the border and encryption keys flyout (in IE11) when typing in the url bar but not in the user-id/password fields.
    You may try going to that site and see if it works for you.
    Reg. Flyout, i don't think i saw it for IE. I will check once i go back to home.

    My System: W 8.1 64 bit, ESS 8, HMA RC, Admuncher

    Thanks, Harsha,
     
  12. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    I have just realised the latest Alert is causing stalling and slowdown when uploading files to a NAS drive when using FileZilla.

    With the Alert service fully disabled all is fine and FileZilla uploads at full speed, with Alert enabled the file starts uploading normally then slows down dramatically sometimes stalling completely -

    with the Alert service running but all options set to OFF, the same slow down occurs.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Will it be possible to set Alert to manual update for people who have software which prevents the automatic update?
    Upgraded to the RC, no more exploit alerts for Cyberfox and it works properly with EMET 5.1 :)

    EDIT: When I exit Cyberfox, the Flash player process crashes, doesn't matter if it was protected by DefenseWall or not:

    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: FlashPlayerPlugin_15_0_0_239.exe
    Application Version: 15.0.0.239
    Application Timestamp: 546d18b1
    Fault Module Name: hmpalert.dll
    Fault Module Version: 3.0.20.120
    Fault Module Timestamp: 548064c7
    Exception Code: c0000005
    Exception Offset: 0000b5de
    OS Version: 6.1.7601.2.1.0.256.1
    Locale ID: 1043
    Additional Information 1: dae0
    Additional Information 2: dae0841d28bb3a301a419e5efe5b0022
    Additional Information 3: 450e
    Additional Information 4: 450e2985f0fe05fed9023f7909977c00
     
    Last edited: Dec 9, 2014
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This was an issue with the CTP4. This has been resolved with the RC (build 120 or newer).
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Erik, I've reinstalled hmp.a 3 rc again on one machine and so far I haven't seen the Firefox not opening issue. I will continue to monitor and if it happens again I will do as you suggest and disable mbae to see if that is the cause.

    Thanks.
     
  16. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    I`m currently using v3.0.20 build 120 RC - the issue is still occurring.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    That's interesting. I tried it and can confirm that the key encryption notifier/border doesn't pop up when typing in that login field using IE 11. It works fine in Firefox.
     
  18. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Yes. The issues seems to be only in IE. Works fine in Chrome. Thanks for testing and confirming :)
    Now, need to wait for Erik's reply to see why bank site is not working. Strange Behavior!
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The encryption IS working (you can see with the Keylogger Test in the Exploit Test Tool).
    The border is not showing due to messages being redirected in IE11.
    We are working on an update to address various issues, including this one.

    Thanks and keep the reports coming! :thumb:
     
  20. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    OK. Thanks for the confirmation Erik.

    Thanks, Harsha.
     
  21. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    With System Explorer 6.1-option Connections I continuously see hmpalert.exe build 120 (Vista 32 bits). Not with Windows 7 64 bits.
     

    Attached Files:

  22. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    It runs slower.....guess it's coincidental. Anyway, I'm sticking with Version 2 for now.
     
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Lockdown with Adobe Reader XI update 11.0.9 > 11.0.10 (build 120 W7 64 bits).

    Logboeknaam: Application
    Bron: HitmanPro.Alert
    Datum: 9-12-2014 17:39:14
    Gebeurtenis-id:911
    Taakcategorie: (9)
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****2-PC
    Beschrijving:
    Mitigation Lockdown
    Platform 6.1.7601/x64 06_17*
    PID 892
    Application C:\ProgramData\Adobe\ARM\Reader_11.0.09\22931\AdobeARMHelper.exe
    Description Adobe Reader and Acrobat Manager Helper 1.801.10

    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-12-09T16:39:14.000000000Z" />
    <EventRecordID>155073</EventRecordID>
    <Channel>Application</Channel>
    <Computer>****2-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\ProgramData\Adobe\ARM\Reader_11.0.09\22931\AdobeARMHelper.exe</Data>
    <Data>Lockdown</Data>
    <Data>Mitigation Lockdown
    Platform 6.1.7601/x64 06_17*
    PID 892
    Application C:\ProgramData\Adobe\ARM\Reader_11.0.09\22931\AdobeARMHelper.exe
    Description Adobe Reader and Acrobat Manager Helper 1.801.10
    </Data>
    </EventData>
     
  24. BBss

    BBss Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    23
    So you guys are not planning on fixing the game crash bug i reported in the old versions? (CoD - Advanced Warefare Multiplayer)

    Just reinstalled the RC and the bug came back immediately.

    Edit:

    Well as there are not many options for a root cause when all protection options are disabled, it might only be because of the reason that Hitman Pro Alert basically injects it's dll into every process..

    Code:
    Process: s1_mp64_ship.exe Pid: 1844
    Name    Description    Company Name    Path
    ........
    "hmpalert.dll    HitmanPro.Alert 64-bit Support Library    SurfRight B.V.    C:\Windows\System32\hmpalert.dll"
    Please add an option to add exceptions for programs which are not supposed to be touched in any way by Hitman Pro Alert. I think that will fix the problem. Thanks
     
    Last edited: Dec 9, 2014
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We are still working on it but it looks like CoD doesnt like anything done in its process. Debugging is nearly impossible due to the protective measurements of CoD. So its not like we dont want to, its a lot of work to figure out what exactly it doesn't like.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.