HitmanPro.ALERT Support and Discussion Thread

If you've experienced ROP and IAF false positives I would like you to try this build 147:
EDIT: Pulled build 147 due to license and flash in Chrome issue.

Let me know how this version runs on your computer

Send any false positive report via PM.

 

If you've experienced ROP and IAF false positives I would like you to try this build 148:
http://test.hitmanpro.com/hmpalert3b148.exe

Let me know how this version runs on your computer

Send any false positive report via PM.

 

Ok, thanks for the update!

 

Erik,

I've sent you a PM.

Cheers,
Dave

 

I have 143 RC now and have no problems with it. Should i install 148 now.

 

@erikloman Is there any resolution pending or do I have to leave my network unprotected permanently?

I realise there are other issues that may be more pressing that are being worked on as a priority.

 

Immediately after installing build 148 HMPA said it was updating. I'm not sure if it was updating HMP, or HMPA. It said updating for at least 2 minutes, but I don't know what it was updating. Build 148 came with vaccination set to passive, and gave me a message that I was not fully protected. I don't remember the exact message. I went ahead, and set vaccination to active. Cyptoguard came disabled by default in this build. I enabled it. This build began a system scan with HMP, but then gave me a message that the scan had been canceled. I looked, and HMP had stopped one scan, and started another. Nothing else to report for now.

 

I wouldn't rush into it just yet.

 

Is your license still valid? Is your computer running on time?

 

My license is working fine now. Maybe it was a problem with build 147. I'm using 148 now, and all is ok.

 

No issues with build 148 so far.

 

I Will give it a try tomorrow morning and let you know.

I will also attach a list of apps that I added personally and which I believe should be added out-of-the-box.

Thanks !

 

Finally I found you guys, was looking for a beta forum then support referred me here. Really great product, installed it a couple of days ago after running 2.6 for a while. I do appreciate that it is a complex bit of software and I in no way pretend to understand much of the details, so I will not contribute anything significant in terms of useful feedback, other than to say that last night using Palemoon and working on updating a website on wix.com, I was getting occasional freezes of the browser. It seemed to be hanging whilst encrypting the data entry into the browser. Happened 3 times in about 3 hours, no specific pattern or details other than what I just mentioned. Only other security running at the time was MSE, on Windows 7. Hitmanpro.alert process and folder are excluded.

In terms of resource impact, IE10 takes about 10 seconds to startup fully, IE 10 about 15, Chrome (Dragon) about 10. With 2.6 the time is nearly half. That's on an older Dell laptop but with SSD added, so it's normally quite fast overall.

Anyway, looking forward to the final release next month hopefully. Good luck in the meantime, I'll keep out of the way and leave you experts to keep up the great work.

 

It's listed as being a release candidate. This should not be considered the same as beta.

 

How do you think it should be considered?

 

What profile would you recommend for a torrent client?

 

What profile do you recommend for instant messengers?

 

Does HMPA RC create a folder called CryptoGuard in the Windows folder?

 

I also have a CryptoGuard folder in C:\Windows so I guess it does.

 

Ok, thank you. Someone was asking about that folder over in the AppGuard thread.

 

I got the following alert from HMPA build 148 when playing an MKV file in Media Player Classic. I don't think the file is infected. I have had it for a long time, and nothing has ever been detected in it before. I also cropped the prompt from HMPA. It stretched all the way across the screen. I was not sure if that was expected behavior so I thought I would let you know.

C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
HeapSpray
Mitigation HeapSpray Platform 6.1.7601/x64 06_1a PID 4728 Application C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe Description MPC-HC x64 0x0000000010B13000 0x0000000010CAA000 0x0000000010CE4000 # Size: 232KB Size: 232KB Size: 232KB -- ------------------ ------------------ ------------------ 1 95.74% ADD 96.25% ADD 96.71% ADD 2 2.73% 0x00 3.64% 0x00 2.54% 0x00 3 1.52% 0x1E 0.01% 0x01 0.74% 0x1E 4 0.00% 0x01 0.01% 0x54 0.00% 0x01 5 0.00% 0x06 0.01% 0x10 0.00% 0x06

Edit: I'm using Windows 7X64 Ultimate.

 

No problems installing build 148. Also no problems with latest Sandboxie beta 4.15.12.

 

I just had the same thing happen again with Media Player Classic. HMPA detected HeapSpray attack against Media Player Classic. I wonder if AppGuard could be causing false positives with HMPA. I don't know if it has anything to do with it, but I thought I would mention it. I would just disable AppGuard, but it want help because the detected HeapSpray attack happens randomly so I never know when it is going to be detected.

C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe
HeapSpray
Mitigation HeapSpray Platform 6.1.7601/x64 06_1a PID 29100 Application C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe Description MPC-HC x64 0x00000000113DC000 0x000000001152C000 0x0000000011557000 # Size: 172KB Size: 172KB Size: 172KB -- ------------------ ------------------ ------------------ 1 95.86% ADD 99.58% ADD 96.26% ADD 2 3.09% 0x15 0.41% 0x00 2.27% 0x00 3 1.01% 0x00 0.00% 0x01 0.73% 0x08 4 0.00% 0x10 0.00% 0x0A 0.00% 0x01 5 0.00% 0x58 0.00% 0x00 0.00% 0x02

The two events AppGuard blocked are below. They were blocked at the exact same time HMPA detected HeapSpray attack.

Prevented <c:\program files (x86)\k-lite codec pack\mpc-hc64\mpc-hc64.exe | c:\windows\explorer.exe> from writing to <\registry\machine\system\controlset001\control\mediaresources\directsound\speaker configuration>.

Prevented <C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe> from reading memory of <C:\Windows\explorer.exe>.

 

HitmanPro.Alert 3.0.29 Build 152 Release Candidate

This build is mainly focused on getting various bugs solved.

Changelog

• FIXED: Various false positives.
• FIXED: Internet Explorer failed to start on computers with Avast!.
• FIXED: Crash caused by race condition when service is shutting down.
• IMPROVED: Application performance.
• IMPROVED: ROP mitigations.
• IMPROVED: IAF mitigations.

Download
http://test.hitmanpro.com/hmpalert3b152.exe

Please let me know how this version runs on your computer