HitmanPro.ALERT Support and Discussion Thread

...and Plugin looks as it should ? Thanks ~~ Yeah, I installed Chrome just to test with Alert. Not knowing in the ways of Chrome. Thanks !

 

The plugin container item for Firefox has the same generic icon in my HMPA install.

 

+1
I actually suggested that twice in this thread tho.

BTW, does HMPA block heap feng shui attack too?

 

I have RC 143 installed on Win8.1 Pro x64 and the only problem I'm seeing so far is that the blue or green highlight box remains on screen and over other windows, even when the app it "belongs to" is minimized or in the background. I've seen this happen with Directory Opus 11.10 x64 and WebSite-Watcher 14.3.

 

So are you saying that hypothetically I could activate my one licence on two different live test PCs which are running alongside each other on my home network and they will both fully work for however long or until I next re-image, which could be days/weeks/months

 

How do you decide which template to assign for a program if it's not obvious?

E.G. I assigned Spotify to the media template and then it refused to run with an alert appearing on program startup!

 

As far as I can tell, they're not templates but rather simple categories for organizing the applications in the interface. I had to compare some applications in various categories to arrive at this conclusion. I'm not sure, but that's how I interpreted it.

 

Spotify is a nasty application. It is performing an actual ROP. It is not an issue of Alert, it detects the ROP as it should.

 

Can you post a log?

 

Damn I just lost a long reply to siketa. Thank you siketa and stapp for trying to help me, I showed perhaps a much too large degree of kindness, grace, and mercy to Hit Man Pro by deleting my post. But will still uninstall it from my system despite my having purchased a license. Wow, Hit Man Pro did more damage to my system than the Malware.

Yes, task manager was working.

But what happened is that after an hour or so, the usual start screen appeared. I was able to access Change Settings and I was able to do a Successful System Restore (almost-I still have that search engine hi-jacker-how is that possible??)

Damn, I had planned on going to sleep early tonigh for a change

At this point in time I could not possibly have a lower opinion of Hit Man Pro. It's dangerous.

 

ZAM can create a restore point prior to the cleaning.
I'm not sure if HP does it but maybe they should consider this feature....

 

1. This is the HitmanPro.Alert thread. Questions related HitmanPro should be posted in the corresponding thread.

2. Restore point has been in HitmanPro since 2009.

 

Are you having an issue with HitmanPro or HitmanPro.Alert?

What kind of issue? I cannot find any post of you here at Wilders having an issue with HitmanPro or HitmanPro.Alert.

 

I am currently running 1 one PC license on two machines (main machine a testing machine), but I suppose I won't be able to re-image one of them might it be necessary.

 

Thanks, "generic" was the word I needed. Thanks ~ I setup a friend with Alert and found the same generic Icon. So, all sorted. Thanks

 

Will the keyboard encryption feature be made to work with Explorer at some point?

 

The Keystroke Encryption is assigned to Browsers and Other template.

 

Thank you. That isn't anywhere near obvious or intuitive.

 

Yeah, I'm still ? on Passive vs Active vaccination and the difference between Disable mitigations vs Remove mitigations
Be nice to have a Help file.

 

Alert auto-updated correctly to 143 here, however on the machine with DefenseWall, it was still build 141 after reboot. Turns out DefenseWall runs the update as Untrusted, after manually running as Trusted it succesfully updated. Does the update launch through the browser or something that causes DefenseWall to make it Untrusted?

 

So should I simply not assign any template to Spotify & leave it as unprotected?

 

Erik,

I've just had some ROP alerts with both Firefox and IE11 when visiting secunia.com, then clicking on the Consumer Products > PSI link. Firefox closes when I close the alert however IE11 says it will close but after I close the alert IE11 stays open. and I can view the page as normal.

I don't know if it is a false positive or not but I thought I would mention to you.

Here's the details.

Code:

Log Name:      Application
Source:        HitmanPro.Alert
Date:          7/02/2015 10:26:29 PM
Event ID:      911
Task Category: (9)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Dave-PC
Description:
Mitigation   ROP

Platform     6.1.7601/x64 06_25
PID          1196
Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description  Firefox 35.0.1

Branch Trace                      Opcode  To                           
-------------------------------- -------- --------------------------------
RtlEnterCriticalSection +0x37         RET DllCanUnloadNow +0x29c73     
0x777022F7 ntdll.dll                      0x623D329D msmpeg2adec.dll   

RtlEnterCriticalSection +0x37         RET DllCanUnloadNow +0x2b321     
0x777022F7 ntdll.dll                      0x623D494B msmpeg2adec.dll   

DllCanUnloadNow +0x51a5e            * RET DllCanUnloadNow +0x86f59     
0x623FB088 msmpeg2adec.dll                0x62430583 msmpeg2adec.dll   
            8bf0                     MOV          ESI, EAX
            e89e43faff               CALL         0x623d4928
            f7d8                     NEG          EAX
            1bc0                     SBB          EAX, EAX
            f7d0                     NOT          EAX
            23c6                     AND          EAX, ESI
            5e                       POP          ESI
            e854a0fcff               CALL         0x623fa5ec
            2000                     AND          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
                                 (D59ACF0AF28E5F35)


DllCanUnloadNow +0xdd68             * RET DllCanUnloadNow +0x51a5e     
0x623B7392 msmpeg2adec.dll                0x623FB088 msmpeg2adec.dll   
            c3                       RET      
                                 (6E752DB88B58BBB4)


Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------

1  623D32C4 msmpeg2adec.dll          DllCanUnloadNow +0x29c9a
            85c0                     TEST         EAX, EAX
            8b8544ffffff             MOV          EAX, [EBP-0xbc]
            0f840c090000             JZ           0x623d3bde
            c78554ffffff01000000     MOV          DWORD [EBP-0xac], 0x1
            85f6                     TEST         ESI, ESI
            0f84fa080000             JZ           0x623d3bde
            f70300000020             TEST         DWORD [EBX], 0x20000000
            0f8561080000             JNZ          0x623d3b51
            8b9d20ffffff             MOV          EBX, [EBP-0xe0]
            83c304                   ADD          EBX, 0x4
            c645ab00                 MOV          BYTE [EBP-0x55], 0x0
            89bd34ffffff             MOV          [EBP-0xcc], EDI

2  623D4955 msmpeg2adec.dll          DllCanUnloadNow +0x2b32b
3  623C9B31 msmpeg2adec.dll          DllCanUnloadNow +0x20507
4  623C6021 msmpeg2adec.dll          DllCanUnloadNow +0x1c9f7
5  75818CA6 ole32.dll                CoInitializeSecurity +0x1a4d
6  75833170 ole32.dll                CoSetState +0xa6b
7  75818DCA ole32.dll                CoInitializeSecurity +0x1b71
8  75818D3F ole32.dll                CoInitializeSecurity +0x1ae6
9  75818AC2 ole32.dll                CoInitializeSecurity +0x1869
10 75818A73 ole32.dll                CoInitializeSecurity +0x181a

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-02-07T11:26:29.000000000Z" />
    <EventRecordID>6676</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Dave-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
    <Data>ROP</Data>
    <Data>Mitigation   ROP

Platform     6.1.7601/x64 06_25
PID          1196
Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description  Firefox 35.0.1

Branch Trace                      Opcode  To                           
-------------------------------- -------- --------------------------------
RtlEnterCriticalSection +0x37         RET DllCanUnloadNow +0x29c73     
0x777022F7 ntdll.dll                      0x623D329D msmpeg2adec.dll   

RtlEnterCriticalSection +0x37         RET DllCanUnloadNow +0x2b321     
0x777022F7 ntdll.dll                      0x623D494B msmpeg2adec.dll   

DllCanUnloadNow +0x51a5e            * RET DllCanUnloadNow +0x86f59     
0x623FB088 msmpeg2adec.dll                0x62430583 msmpeg2adec.dll   
            8bf0                     MOV          ESI, EAX
            e89e43faff               CALL         0x623d4928
            f7d8                     NEG          EAX
            1bc0                     SBB          EAX, EAX
            f7d0                     NOT          EAX
            23c6                     AND          EAX, ESI
            5e                       POP          ESI
            e854a0fcff               CALL         0x623fa5ec
            2000                     AND          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
            0000                     ADD          [EAX], AL
                                 (D59ACF0AF28E5F35)


DllCanUnloadNow +0xdd68             * RET DllCanUnloadNow +0x51a5e     
0x623B7392 msmpeg2adec.dll                0x623FB088 msmpeg2adec.dll   
            c3                       RET      
                                 (6E752DB88B58BBB4)


Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------

1  623D32C4 msmpeg2adec.dll          DllCanUnloadNow +0x29c9a
            85c0                     TEST         EAX, EAX
            8b8544ffffff             MOV          EAX, [EBP-0xbc]
            0f840c090000             JZ           0x623d3bde
            c78554ffffff01000000     MOV          DWORD [EBP-0xac], 0x1
            85f6                     TEST         ESI, ESI
            0f84fa080000             JZ           0x623d3bde
            f70300000020             TEST         DWORD [EBX], 0x20000000
            0f8561080000             JNZ          0x623d3b51
            8b9d20ffffff             MOV          EBX, [EBP-0xe0]
            83c304                   ADD          EBX, 0x4
            c645ab00                 MOV          BYTE [EBP-0x55], 0x0
            89bd34ffffff             MOV          [EBP-0xcc], EDI

2  623D4955 msmpeg2adec.dll          DllCanUnloadNow +0x2b32b
3  623C9B31 msmpeg2adec.dll          DllCanUnloadNow +0x20507
4  623C6021 msmpeg2adec.dll          DllCanUnloadNow +0x1c9f7
5  75818CA6 ole32.dll                CoInitializeSecurity +0x1a4d
6  75833170 ole32.dll                CoSetState +0xa6b
7  75818DCA ole32.dll                CoInitializeSecurity +0x1b71
8  75818D3F ole32.dll                CoInitializeSecurity +0x1ae6
9  75818AC2 ole32.dll                CoInitializeSecurity +0x1869
10 75818A73 ole32.dll                CoInitializeSecurity +0x181a
</Data>
  </EventData>
</Event>

Thanks.

 

Since I've installed b143 Microsoft Outlook 2013 has been refusing to send/receive e-mail!
I get the error:
'Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.'

If I then remove Outlook from HMPA altogether, it works perfectly.

I don't really want to leave it as unprotected, but not sure how to protect it.
I've tried protecting it & then unticking all the code & memory mitigations boxes, but I still get the same server errors.