HitmanPro.ALERT Support and Discussion Thread

I had the same issue with PDF-XChange Viewer, last week.
PDF-XChange Viewer and Editor both use Tracker Update (TrackerUpdate.exe).
See last week's series of posts regarding Tracker Update lockdown: A, B, C, D and E.
Despite of the lockdown, with simply ignoring that alert, PDF-XChange Viewer could be updated successfully, or so it looked to me.
Just to be sure, I downloaded and ran PDF-XChange Viewer's current installer, thus bypassing Tracker Update.
As I mentioned last week, I think that it might be wise if SurfRight could have a look at HMPA's reaction to TrackerUpdate.exe.

 

Thanks @Stupendous Man. Tracker Update didn't do its job, because of the Lockdown. And I am not sure how to bypass that.
I have also subsequently downloaded the PDF-XChange Editor installer and updated fine that way.
I have used Tracker Update successfully before with HMPA, so I guess some code related to this has changed.

 

Thanks, paulderdash.

@erikloman
As I mentioned, I think that it would be wise if SurfRight could have a look at HMPA's reaction to TrackerUpdate.exe.

 

No problems with Flash 20.0.0.286, Firefox 43.0.4 and build 351.

Win10 1511 build 10586.63 x64/Norton Security with Backup v22.5.5.15

 

i'm frankly pleased with the latest build...even if this issue has not been fixed again

IMO it's too easy to change accidentally a setting...

For ex, double clicking (accidentally/distractedly) Deluge icon in the main GUI, Null page mitigation switch to OFF since it is in the same position...

 

HitmanPro.Alert (HMPA) works in tandem with HitmanPro, meaning when HMPA blocks and notifies you then click on "scan", which loads HitmanPro to find/remove malware. An alert doesn't necessarily mean there is malware on the machine; it means that some software is acting like malware. For instance it has been noted that some legit software uses ROP and looks like an attack to HMPA. If HitmanPro doesn't find anything then it may be the case that legit software is causing the problem and it's time to ask Surfright support for help. As for keeping malware off of the machine to begin with that's the job of real-time AV/AM.

 

If the mitigation is triggered, it _prevented_ malware from getting on the machine. So most likely a scan will not reveal an infection.

If an intruder alert is triggered, the scan should reveal an infection.

Regarding the Anti-VM mitigation, if you use software which probes whether it is running in a virtual machine, you might want to nudge the Vaccination setting down to Passive (from Active).

 

hi erik i have the free HTM.A i use it only for browser so the free HTM.A lacks the exploit mitigations and it use only safe browsing. so do i need and the exploit mitigations. or its enough?
is the free version enough for browsing?
2nd question: the free HTM.A doesnt ptotect from ransom ,however in the past and earlier free versions had that protection. tnx

 

Again a keystroke encryption-problem (build 351).



Win10 1511 build 10586.63 x64/Norton Security with Backup v22.5.5.15

 

The Safe Browsing only protects against malware trying to hook into functionality provided by the browser and does not protect against exploit.

CryptoGuard v2 present in Alert v2 does not protect against the all of the most recent crypto ransomware for that you need CryptoGuard v3 present in Alert v3.

 

erik,

can you please comment, has this issue in post #8128/8140 with ie11 ever addressed? I've uninstalled HMPA because I'm having the same issue, it prevents ie11 from starting on my system AND also prevents some desktop icons from opening. Would like to continue using but its useless on my system.

Please advise!

 

Have you done any troubleshooting? For instance it could be a compatibility issue with Zemana AM and/or Bitdefender AV Plus.

 

Ah, so that's it. There can be two notices generated, one for an actual intrusion, and one for detection. Yes? With all due respect to the developer, I'm afraid to "nudge" anything because I don't know what a lot of this means. The reason I'm being so persistent is that the Lenovo software contains a hardware scan, people use that, I use that or did. If it's vulnerable, theoretically, your BIOS can get infected, your motherboard corrupted, etc, esp. if you're not protected. So, how do I go about seeing if this was a ROP issue, as this occurred during installation of a driver? That would indeed make this a false-positive and I can proceed with getting my machine straightened out.

I'm still really curious about the stack/pivot. I'll admit I was asking for it as I brainlessly opened Internet Explorer without loading some 200 Windows updates first. Cha! The clear notice with the green bar and Attack! appeared the instant I opened IE to the MSN homepage (the date was 12/15/2015 to verify the appearance of the mitigation notice). No malware at all but there was a line of red Xs all the way down System in Event Viewer. Bad! How does the stack/pivot exploit operate?

 

In the beginning it wasn't an issue with my other software then it devolved in later builds, I haven't messed it because I don't have the time or desire to mess with it. Just wondering if it was ever addressed so I could re DL it.

 

I understand. The problem is all of the software is changing, not just HMPA, and the more layers we use the more potential for conflicts. At least if you isolate the conflict you can decide what to use and what to lose

 

Correct, everything else coexists perfectly fine hate to break up my armor for one security suit. Thanks

anyone else having issues with ie11?

eric?

 

Hi everyone,
I am going to keep an eye on plat1098's HitmanPro.Alert question here so we'll know how to proceed at Lenovo Community if other customers report the same. Thank you very much for looking into this.
Reference: https://forums.lenovo.com/t5/Securi...during-installation-of-LAN-driver/m-p/2249363

 

Thanks. OP was not able to post a screenshot at Lenovo so we couldn't confirm the exact product. I'll edit my post above.

 

That's just a false positive. I had similar issues while installing a driver too, I think it's due to the used setup program. I reported it in this thread but I haven't received a reply.

 

@erikloman @markloman
I understand that you guys might be busy, but it's really hard to get any response from you. I just sometimes feel that I'm constantly ignored.
You released a new build with some new strings, I updated my translation and asked to update it in this thread. No reaction. Could you take a moment to confirm that the message has been noticed and that you have replaced it?
I know that you might be fed up with my frequent translation updates, but I can assure you that this time it was done purely to add the new strings introduced in one of the recent builds. You should be happy that a user tries to keep it up-to-date on a regular basis.
Also, the translation of HitmanPro (the on-demand scanner) still hasn't been replaced in the new builds although you received it many weeks ago, could you please take care of this as well?
Thank you!

 

^^^ this is why I've uninstalled HMPA and will not be renewing my license it's not worth my time.

 

Thanks a lot! I have been seeing this on my system since like 2-3 weeks too but never thought of HPA being the culprit.

I can confirm this for HMPA 3.1.0 build 340 on up2date Win 8.1 Pro x64 (also using EAM 11.0.0.6054).
EDIT: Still happens with HMPA 3.1.1 build 351.

It only happens for the applications in the browsers list:


To reproduce it:

• Make sure the web browser is the active window.
• Press and hold [LEFT ALT] then press [TAB] to change to another application. What happens now is that the task switcher window remains on screen after all the keys have been released which is not the intended behaviour on Windows.
• Disabling the "Keystroke Encryption" in HPA immediately removes this effect/bug. You do not even need to restart the browser.
• It does not happen when you switch from another window to the web browser. It only happens when you want to switch away from the browser.

What happens is actually not so uncommon: You can create the same behaviour when you press and hold [RIGHT ALT] and then press [TAB]. When you now release both keys the task switcher window does not disappear. You can btw do they same if you press and hold [LEFT ALT]+[CTRL] and then press [TAB]. (Since the Ctrl-key modifies the left Alt-key to the right Alt-key.) That's also intended behaviour on Windows so you are able to choose the window you want to switch to without the need to hold down the Alt-key all the time.

Also: If you add the browser to the exclusion list but let the "Keystroke Encryption" feature enabled this bug does not happen for it. So it really only occurs for protected web browsers with activated "Keystroke Encryption".

Would be awesome if you could come up with a fix.

EDIT: Also another minor GUI bug I've just noticed in the "Your web browsers" window.

• Click on one of the web browsers on the left and then immediately (less then 1s after clicking) move your mouse cursor to the right area (beyond the dark shadowy line).
• The settings on the right will appear for a splitsecond and then disappear.
• You need to click on one of the web browsers on the left (and wait for ~1s) to make it appear again.