HitmanPro.ALERT Support and Discussion Thread

Hi SM
Yes, I C bogus encrypting flyout in WordPad. Bizarre.
188 + W8.1 x64

 

Confirmed for Windows WordPad on Windows Vista x86 as well as Windows 7 x64 with HMPA 3.0.42.188 beta.

 

Hello,

Thanks to ll for confirming this issue. It seems it has nothing to do with SpyShelter and also is not limited to just LibreOffice but seems to apply to any app protected under the "office" template...

 

and apps under Browser n' Other templates for me...

 

Hello,

The curious issue, unless I am wrong (I could not find any documentation on this), is that as far as I know, keyboard encryption should not apply to the "office" template, only to the "browser" and "other" templates...

 

Erik or Mark explained templates back around post 4200, give or take a hundred or so.

More recently it was posted up that documentation was still a few months away.

 

Hi erikloman

Strange Name or Numbering Sequence From 3.7.9.241 to 3.0.41[42].188, looks like a HitmanPro Alert Number or Name mix up.

With regards
Take Care
TheQuest

PS: Just downloaded file, and it is a Name mix up.

 

It's HitmanPro.Alert 3.0.42.188.
Erik forgot the Alert part and forgot to change 41 to 42.
See these previous two replies.

 

Hi Stupendous Man

Just seen the mistake when I downloaded the file, posted above , missed those two posts.

With regards
Take Care
TheQuest

 

So, you have keystroke encryption...?

 

When "Show live Keystroke Encryption in colored window border" is enabled, the encryption indicator should only appear (while typing on a physical keyboard) in applications under the Browser en Other categories.

I can confirm that there is a bug in build 188 which causes the encryption indicator to show on applications in the Office and Media category (which is not correct), displaying unscrambled keystrokes in these applications (which is correct). Expect an update soon.

Thanks all for reporting.

 

To anyone else using WSA: would the Identity Shield supersede and prevent Keystroke Encryption in HMP.A?

 

With build 188 still high cpu and memory-usage (W7 64 bits). Erik, if you want the (non-SYSTEM) hmpalert-dmp...

 

Another HMPA 3.0.42.188 beta false positive alert,
this time when I right-click the image in deugniet's recent post and choose properties in Vista IE9 context menu:

Code:

Mitigation   Lockdown

Platform     6.0.6002/x86 06_17*
PID          4728
Application  C:\Program Files\Internet Explorer\iexplore.exe
Description  Internet Explorer 9

VBScript God Mode
res://ieframe.dll/imageppg.ppg

Process Trace
1  C:\Program Files\Internet Explorer\iexplore.exe [4728]
   "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3228 CREDAT:203013

2  C:\Program Files\Internet Explorer\iexplore.exe [3228]
3  C:\Windows\explorer.exe [3052]
4  C:\Windows\System32\userinit.exe [3276]


Provider Name  HitmanPro.Alert
EventID        911
Qualifiers     0
Level          2
Task           9
Keywords       0x80000000000000
EventRecordID  202319

 

I have got 2 dumps from you. All load is related to Norton dll injection in our hmpalert user mode process (tray). You can trigger the load when switching network. I will see if I can prevent Norton from injecting into our tray process.

 

I find the same issue when I right-click an image in another website and choose properties in Vista IE9 context menu.
Definitely seems a bug in HMPA 3.0.42.188 beta.

Code:

Mitigation   Lockdown

Platform     6.0.6002/x86 06_17*
PID          4792
Application  C:\Program Files\Internet Explorer\iexplore.exe
Description  Internet Explorer 9

VBScript God Mode
res://ieframe.dll/imageppg.ppg

Process Trace
1  C:\Program Files\Internet Explorer\iexplore.exe [4792]
   "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3228 CREDAT:203011

2  C:\Program Files\Internet Explorer\iexplore.exe [3228]
3  C:\Windows\explorer.exe [3052]
4  C:\Windows\System32\userinit.exe [3276]


Provider Name  HitmanPro.Alert
EventID        911
Qualifiers     0
Level          2
Task           9
Keywords       0x80000000000000
EventRecordID  202328

 

I use WSA and I have seen it interfere with HMPA (though I can't say that it interferes with keystroke encryption specifically). After each upgrade of HMPA I check PC Security, Identity Shield and the System Control active processes list to make sure HMPA is set to "allow".

 

This is addressed in build 189. Will be out in an hour or so.

 

HitmanPro.Alert 3.0.42 build 189

Changelog compared to build 188

• Improved Application Lockdown exploit mitigation (kudos to @ropchain for reporting).
• Fixed inadvertent display of the live encryption indicator on applications without Keystroke Encryption.

Download
http://test.hitmanpro.com/hmpalert3b189.exe

Please let us know how this build runs on your computer.

 

Build 189 works fine again, no flyouts for 'Media' and 'Office' and correct encryption for 'Browsers' and 'Other'

 

Thanks very much.
I'll try it later today, in a couple of hours.

By the way, it was not mentioned in Mark's post, but according to the file name (hmpalert3b189.exe), I suppose it's still beta?

 

Sharp, but build 189 is not a beta. We're just not automatically updating previous versions yet.
The b stands for build btw, not beta.

 

Ah, thanks, I understand.