HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This will be addressed in the next minor update. Already tucked into our Source Control system.
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you share the bat file you are using? Send it via PM or email erik@surfright.com.
     
  3. BBss

    BBss Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    23
    Well but if you don't inject the hitman pro .dll to its process, then it shouldn't crash, right?
    So maybe the easiest way is to add a new option where you can add Programs to a exceptions List, which are not supposed to be affected by Hitman Pro in any way?


    Edit: So simply renaming the hmpalert.dll in the system32 folder fixes the crashing problem.
    It is probably a protection measurement of the game to prevent hacks from injecting dlls into it.
    So i would stick to the request to add an exception list for programs which are fully excluded from Hitman Pro Alerts protection.
     
    Last edited: Dec 9, 2014
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    That is an option but we like to keep thing tight in order to not let anything slip onto the computer through an exclude.
     
  5. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Second time now HMPA is giving a false positive in Steam. Now it's a game I want to launch.

    RC 120, Win 8 x64


    Mitigation Lockdown

    Platform 6.3.9600/x64 06_3c
    PID 2740
    Application C:\Games\Steam\Steam.exe
    Description Steam Client Bootstrapper 1.0

    Filename C:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe

    Command line:
    "C:\Games\Steam\steamapps\common\Team Fortress 2\hl2.exe" -steam -game tf
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    This is not so much a false positive but actually an inappropriate setting. The manual hasn't been finished so you couldn't know, but I suspect you manually added Steam.exe to Alert and it's not stored under the Browser profile, right?
    If you need to protect Steam (which is basically a game browser/downloader/launcher), I'd recommend to add it to the Browser category which behaves differently. This should help. Let us know if it doesn't.
     
    Last edited: Dec 9, 2014
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks! That did the trick!
     
  8. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    464
    Last edited: Dec 10, 2014
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Update: The Firefox not opening, yet running in Task Manager, has happened again. Disabled MBAE for now to see if the problem persists.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    I have steam under the other category, and apparently it doesn't know it should be there. It's working.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I did have one strange false positive today.

    I have Acrobat Pro X11, and it updated today. On my desktop A the update went without incident. On Desktop B, as the install was progressing, HMPA shut it down with an alert. Grrr I rebooted and the update restarted and this time went fine.

    Pete
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is the same issue as this post: https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-121#post-2435463
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay. Let me know if I can do anything.
     
  14. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    Sent email with bat file. Thanks.
     
  15. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Happy to report that iTunes did no longer crash (this did happen with several CTP releases) after it crashed the first time I started it with HMA active.

    In fact, I completely forgot that problem and updated several iOS devices to iOS 8.1.2 today.

    (So I'm really happy that there were no crashes during those firmware updates!)
     
  16. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Oh, one bug on my system: the reported "Scan completed" time seems to be the time the scan before the last one completed?

    (if I run a scan once a day, the last scan is reported as "24 hours ago" when I just completed a scan)
     
  17. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    I always get the alert below when launching a file that has had changes made to it prior to it being run. I.e. create a .txt file with some text. Launch the txt file from my Win32 console Filemanager application and it gets intercepted. If I launch a different .txt file that hasn't been changed there is no alert. Hard to understand what is going on. The alerts happen on all types of files such as .doc, .zip etc. where the modified timestamp of the file is very recent.

    I tried adding FM.exe to the test mitigation template and unchecked lockdown, but that did not help after FM was restarted.
    Alert.jpg

    Also launched from Fileman
    Alert1.jpg
     
    Last edited: Dec 9, 2014
  18. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    321
    I keep getting this FP when trying to watch anything on netflix in firefox 35 beta
     

    Attached Files:

    • FP.png
      FP.png
      File size:
      89 KB
      Views:
      27
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    It is starting to look a lot like the free version of MBAE is incompatible with HMP.A 3 RC. After disabling MBAE I have not been able to reproduce FF not opening.

    Erik, if you can reproduce and find the cause if and when you can make time it will be greatly appreciated.

    Thanks,
    Dave
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I have to ask why if you are running HMP3 RC, why do you worry about MBAE? I don't think you need both of them.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    That is a good question Peter, but since there will be a free version of HMP.A which does not include exploit mitigations I would like to use the free version of MBAE to help protect my browsers.

    Cheers.
     
    Last edited: Dec 10, 2014
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Strike that! It's just happened again while MBAE was disabled.

    Erik, any other suggestions?
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    MBAE uninstalled, HMP.A Mitigations + Active Vaccination enabled.

    Windows Media Player blocked - ROP Alert.
     
  24. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
  25. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    Fad said:
    I have just realised the latest Alert is causing stalling and slowdown when uploading files to a NAS drive when using FileZilla.
    With the Alert service fully disabled all is fine and FileZilla uploads at full speed, with Alert enabled the file starts uploading normally then slows down dramatically sometimes stalling completely -
    with the Alert service running but all options set to OFF, the same slow down occurs.​

    Unfortunately, this hasn`t been resolved fully for some reason as it is still occurring here at least when using Alert v3.0.20 Buid 120 RC

    If this problem is regarded as being totally fixed - is it unlikely to be looked into again ?

    (Testing an alternative program had the same results)
     
    Last edited: Dec 10, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.