HitmanPro.ALERT Support and Discussion Thread

Halloween special is valid until Nov 11th, 2015 as per email notice.

 

Ah, very good, thanks!

Glad I haven't gotten around to installing the new versions of Norton Security...

 

CryptoWall 4.0 surfaced
https://twitter.com/markloman/status/661934803265130496

 

Changelog?

 

See HitmanPro.Alert 3.0 Build 209 RC
or HitmanPro.Alert 3 Release History

 

I see why they call you Stupendous Man. TY

 

Hello all

I am using HMP 3 for the first time now and after that, I wanted to use Alert too. But even with Bitdefender disabled and deleted HMP3, I can't start after I opened the mainscreen. I get this error: Failed to install program. Error 0
I searched on Google and in this Forum, but I coodn't find anything. I got this error with antoher PC too and both using W7 sp1 and Bitdefender Total Security 2015.

 

https://blog.knowbe4.com/cryptowall-v4.0-released-now-encrypts-the-file-names-as-well
http://www.webroot.com/blog/2015/11/05/cryptowall-4-0-and-what-you-should-know/

 

Actually the Halloween BOGO (buy one year get a second year free) sale is valid until November 11

 

Security researchers have found a ransomware family that can securely encrypt files, even if the victim does not have an Internet connection. http://news.softpedia.com/news/rese...le-ransomware-that-works-offline-495747.shtml

 

May have been asked before but can one install 209 over 329 beta, or does one have to uninstall beta first?

 

I over-installed 208 with 328.

 

But the other way round, 3.0 209 over 3.1 329 beta - i.e. going backwards?

 

Ah, well that is different.

I read a post by Erik the other week saying if you are going back a version you need to uninstall first, so that may be the same going from the beta back to the stable released version.

If it were me I'd be uninstalling first. Actually, the few times I've gone back a version of HMP.A I've uninstalled using REVO Uninstaller for a cleaner install of the earlier version. A while back I uninstalled the 'normal' way and when I installed the older version MS Edge [Win10] was shown as an application when the older version did not detect Edge.

Your mileage may vary.

 

if you want to switch to 3.1.xxx starting from 3.0.xxx, you can smoothly overwrite, otherwise uninstall is required

3.0 → 3.1 : overwrite
3.1 → 3.0 : uninstall

 

Thanks @Krusty13 and @test.
Have uninstalled 3.1 build 329 beta and installed 3.0 build 209 no problem.
Can now also confirm that Keystroke Encryption is working again with WSA Identity Protection on.
Something in 3.1 beta broke this.
Hope it can be identified before it moves to stable release.

 

paulderdash, you have a lot of software overlapping: keep it simple!

 

Got this issue

Code:

SBIE2203 Failed to communicate with Sandboxie Service:  *GUIPROXY_00000001 - chrome.exe [FF000000]

- HMPA Beta .329 with Chrome v47 x64 inside Sandboxie. Any idea how to fix it?

EDIT: FIXED

 

Thanks @test - it looks overlapping but it is thought through - but don't want to stray OT here

 

FWIW ~ I experienced same ....

and I do not have same (software overlapping) setup.

 

When trying to watch Horizon Go (Ziggo online TV) with Firefox I get the following ROP warning:
Windows 10 Professional x64
Alert 3.1.0 build 329 beta

Code:

Mitigation   ROP

Platform     10.0.10240/x64 06_5e
PID          4144
Application  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Description  Plugin Container for Firefox 41.0.2

Branch Trace                      Opcode  To                             
-------------------------------- -------- --------------------------------
InterlockedIncrement +0x11            RET GetHotPatchInfo                
0x74137531 kernel32.dll                   0x64FC3889 SS2OSD.dll          

InterlockedIncrement +0x11            RET GetHotPatchInfo                
0x74137531 kernel32.dll                   0x64FC3880 SS2OSD.dll          

GetHotPatchInfo                       RET GetHotPatchInfo                
0x64FC45B0 SS2OSD.dll                     0x64FC37AB SS2OSD.dll          

LoadLibraryExW +0x5                 * RET GetHotPatchInfo                
0x74137925 kernel32.dll                   0x64FC2D30 SS2OSD.dll          
            55                       PUSH         EBP
            8bec                     MOV          EBP, ESP
            83e4f8                   AND          ESP, -0x8
            6aff                     PUSH         -0x1
            686edafe64               PUSH         DWORD 0x64feda6e
            64a100000000             MOV          EAX, [FS:0x0]
            50                       PUSH         EAX
            64892500000000           MOV          [FS:0x0], ESP
            51                       PUSH         ECX
            a1742e0065               MOV          EAX, [0x65002e74]
            a801                     TEST         AL, 0x1
            752c                     JNZ          0x64fc2d81
            83c801                   OR           EAX, 0x1
            a3742e0065               MOV          [0x65002e74], EAX
            6a00                     PUSH         0x0
            c744241000000000         MOV          DWORD [ESP+0x10], 0x0
                                 (4FD8E23657BE51C8)


calloc +0x127                         RET PR_LoadLibraryWithFlags +0x15b 
0x5C6C2CA7 mozglue.dll                    0x5C3B2AEB nss3.dll            

memset +0x71                          RET calloc +0x116                  
0x5C5E15A4 msvcr120.dll                   0x5C6C2C96 mozglue.dll         

RtlLeaveCriticalSection +0x34         RET calloc +0x10d                  
0x77035E34 ntdll.dll                      0x5C6C2C8D mozglue.dll         

RtlEnterCriticalSection +0x2b         RET calloc +0x8d                   
0x77035EAB ntdll.dll                      0x5C6C2C0D mozglue.dll         

TlsGetValue +0x23                     RET calloc +0x3e                   
0x74C200E3 KernelBase.dll                 0x5C6C2BBE mozglue.dll         

PR_LoadLibraryWithFlags +0x7a         RET PR_LoadLibraryWithFlags +0x14b 
0x5C3B2A0A nss3.dll                       0x5C3B2ADB nss3.dll            

strcoll +0x4d                         RET PR_LoadLibraryWithFlags +0x66  
0x5C66B712 msvcr120.dll                   0x5C3B29F6 nss3.dll            

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  64FC5217 SS2OSD.dll               GetHotPatchInfo
            85c0                     TEST         EAX, EAX
            7461                     JZ           0x64fc527c
            0fb64608                 MOVZX        EAX, BYTE [ESI+0x8]
            8b4e04                   MOV          ECX, [ESI+0x4]
            8801                     MOV          [ECX], AL
            0fb64609                 MOVZX        EAX, BYTE [ESI+0x9]
            8b4e04                   MOV          ECX, [ESI+0x4]
            884101                   MOV          [ECX+0x1], AL
            0fb6460a                 MOVZX        EAX, BYTE [ESI+0xa]
            8b4e04                   MOV          ECX, [ESI+0x4]
            884102                   MOV          [ECX+0x2], AL
            0fb6460b                 MOVZX        EAX, BYTE [ESI+0xb]
            8b4e04                   MOV          ECX, [ESI+0x4]
            884103                   MOV          [ECX+0x3], AL
            0fb6460c                 MOVZX        EAX, BYTE [ESI+0xc]
            8b4e04                   MOV          ECX, [ESI+0x4]

2  64FC2D94 SS2OSD.dll               GetHotPatchInfo
3  5C3B2B11 nss3.dll                 PR_LoadLibraryWithFlags +0x181
4  0E1609E3 xul.dll                  ??0JSTracer@@IAE@PAUJSRuntime@@W4TracerKindTag@0@W4WeakMapTraceKind@@@Z
5  0F31F9D9 xul.dll                  ?GetTriggeringPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIPrincipal@@@Z

Process Trace
1  C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [4144]
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="5544.0.1282079003\1434376966" "C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program File
2  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5544]
3  C:\Program Files (x86)\Mozilla Firefox\updater.exe [4028]
"C:\Program Files (x86)\Mozilla Firefox\updater.exe" C:\Users\Richard\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates\0 "C:\Program Files (x86)\Mozilla Firefox" "C:\Program Files (x86)\Mozilla Firefox\updated" 7788/replace "C:\Program Files (x86)\Mo
4  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [7788]
5  C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4920]
6  C:\Windows\explorer.exe [8504]
7  C:\Windows\System32\userinit.exe [7912]
8  C:\Windows\System32\winlogon.exe [7100]
C:\Windows\System32\WinLogon.exe -SpecialSession
9  C:\Windows\System32\smss.exe [8928]
\SystemRoot\System32\smss.exe 000000d0 00000074 C:\Windows\System32\WinLogon.exe -SpecialSession

 

Notwithstanding that I had asked for a response from the developer, and got none, I recently uninstalled HMP.A about 6 days ago, because IE would start to open and close soon after with:








After, a reboot I reinstalled the last version that worked. After, which I could open IE.

 

Have you tested HMPA with all of your other defenses turned of? It is a logical consequence that software will not function correctly if it can't make certain changes.

One further piece of advice: Stop using Windows XP.

 

Greetings to all the Wilders forum community.

I'm currently evaluating on my home computer HitmanPro.Alert.

I downloaded and installed the latest public available 3.0.59 build 209 version then activated the trial license.
Everything is working fine except the Hardware-assisted Control-Flow Integrity (CFI) that seem inactive, no blue icon is displayed.

I run the following system:

Cpu: Intel Core i7-6700K
Main board: Asus Maximus VIII Gene
Memory: 32GB
Storage: M.2 SSD 480GB

Operating system: Windows 7 SP1 64 bit fully updated
Antivirus: NOD32 (latest 64 bit version)

Your help in understanding why the Hardware-assisted CFI feature is not recognized will be greatly appreciated.
Thanking in advance, best greetings.