HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    Hi!, *loman,
    what about A, B, C...and D?? :D
     
  2. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    If you change settings for a particular application in HitmanPro.Alert you must restart that application. By design it is not possible to change any security settings on a running application.
    You may want to check if e.g. Firefox.exe is really terminated. E.g. if Firefox's windows are gone but the process is still running, new windows will be spawned from the existing process and the previous security settings are still in effect (unchanged).
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    By design.....Thanks
     
  4. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    We don't want attackers to be able to disarm mitigations on the fly now would we ;)
     
  5. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    In HitmanPro.Alert, please disable Control-Flow Integrity for the AIM application. In the meantime we'll take a look at it.

    Yes it would. And actually, it's already on our wish list since 2014 but it is a nice-to-have feature. No definite yes or no yet on this feature.

    Yes, that's a nice feature and also already on my personal wish list for quite a while now.

    I haven't experienced this before but @erikloman apparently knows about it so I'll check with him ;)

    Thank you for the input!
     
  6. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Thank you for the information!
     
  8. hjlbx

    hjlbx Guest

    @markloman
    @erikloman

    How will SurfRight beta tester licenses work under Sophos administration ?
     
  9. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    No, we would not. Guess, I'm thinking in terms of Norton toggle, on-the-fly.
     
  10. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Norton does things entirely different and does not offer exploit technique mitigations (even though marketing might say otherwise).
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    So far so good here. :cool:
     
  12. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Just for the record:
    HMP.A build 347 triggered the win8.1-64 SmartScreen-Filter.

    I appreciate this, because the file is not wide spread.

    No issue so far, since installing.
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Yeah, it did on one of my Win10 machines too, but not the other for some reason.
     
  14. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @Krusty13 :
    Do both Your WIN10 machines run on Your Microsoft account?

    If so, than MS perhaps knows, that You already allowed the download...
    Otherwise Smart may be not that reliable, or has learned in the meantime, or asks only one time for the same IP....

    Who knows...
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    No, I have a local account on both and I don't even have a MS account.
     
  16. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    No problems so far.
     
  17. CCV

    CCV Registered Member

    Joined:
    Nov 7, 2015
    Posts:
    44
    Location:
    Tasmania
    :thumb:
     
  18. CCV

    CCV Registered Member

    Joined:
    Nov 7, 2015
    Posts:
    44
    Location:
    Tasmania
    Upgrade went smoothly. I have a question tho:
    Is there some way to stop hmp.a monitoring IE?

    I disabled both Safe browsing and Exploit mitigation for IE, but it still won't open. Same error as before and, yes, I know, Avast is part of the problem. There may be some way to exclude Avast from IE instead, but I haven't figured that out yet either.
    For the use I make of IE it doesn't matter all that much to me, but I'm thinking there ought to be some workaround...
     
  19. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    what does this mean?
    Mitigation DEP

    Platform 6.3.9600/x64 06_3c
    PID 3352
    Application C:\Program Files (x86)\Opera\opera.exe
    Description Opera Internet Browser 11.64

    EIP = 09C1A504, State = 0x1000, Type = 0x20000, Protect = 0x4

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 774600B1 ntdll.dll
    2 77460083 ntdll.dll
    3 774607FF ntdll.dll KiUserExceptionDispatcher +0xf

    Process Trace
    1 C:\Program Files (x86)\Opera\opera.exe [3352]
    2 C:\Windows\explorer.exe [2416]
     
  20. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Thanks for explaining. Add the word 'Caution'?
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    HMPA 3.1.0.340
    false positive
    Mitigation Lockdown
    Tracker Software PDF-XChange Viewer component Tracker Update (TrackerUpdate.exe) (PDF-XChange Viewer's program updater)
    Windows 7 SP1 x64

    Nevertheless the lockdown, PDF-XChange Viewer update was successful.

    Event log:
    Code:
    Provider     HitmanPro.Alert
    EventID      911
    Qualifiers   0
    Level        2, Error
    Task         9
    Keywords     0x80000000000000
    TimeCreated  12-1-2016 9:27:48
    Channel      Application
     
     
    Mitigation   Lockdown
     
    Platform     6.1.7601/x64 06_25
    PID          3076
    Application  C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
    Description  Tracker Update 5.5
     
    Filename     C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
    Created By   C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
     
     
    Process Trace
    1  C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [3076]
    ""C:\Program Files\Tracker Software\Update\TrackerUpdate.exe"" -StateFile:""C:\Users\XXXXX~1\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.state.xml""
    2  C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [3524]
    ""C:\Program Files\Tracker Software\Update\TrackerUpdate.exe"" -StateFile:""C:\Users\XXXXX~1\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.state.xml""
    3  C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [3064]
    4  C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe [4068]
    5  C:\Windows\explorer.exe [3188]
    6  C:\Windows\System32\userinit.exe [2124]
    
    
     
  22. PrimalGS

    PrimalGS Registered Member

    Joined:
    Jan 7, 2016
    Posts:
    2
    Hi Guys,

    We have the following issues:

    1. AutoUpdate feature and the /update switch does not working since weeks because the upgrade process try to access an url that is unavailable.

    Windows Event Viewer - Windows Logs / Application logs an error from HitmanPro Alert:
    Check for update has failed. Trying again in 120 minutes.

    Traffic captured with MS Network Monitor:
    Webserver response : Status Code 500, Internal Server Error, Url: /hmpalert344.exe

    2. Silent upgrade with remote deploy with PDQ Deploy unsuccessful, becauase package failed.

    Does somebody has any experience with remote deployment/upgrade HitmanPro Alert in a corporate environment?​

    Cheers,

    Misa
    Primal Game Studio
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The files were properly deployed but the new TrackerUpdate.exe file was blocked from execution.
     
  24. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    What do you mean, exactly?
    Do you mean PDF-XChange Viewer was updated, but the Tracker Update component (TrackerUpdate.exe) was not?
    Or do you mean something else?

    What action should I take?
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Lockdown means that NEW executables produced by the mitigated application cannot be executed. Therefore the TrackerUpdate.exe was updated, though it was not executed (the alert was shown).

    Since you state the update was successful nonetheless, I think you do not need to do anything.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.