HitmanPro.ALERT Support and Discussion Thread

What is CFI??

 

Erik , my Firefox 46 is always crash (for there 50 times) !!!!!!!!!!!!!

 

This may have nothing to do with 367. My 7x64 machines frequently startup with volume icons missing from the taskbar. And it is random as can be. I have come across a very useful workaround that puts the volume icon right back, without having to reboot. I've used this solution many times.

• Open task manager (Ctrl+Alt+Del)
• In the Processes Tab, click to highlight "explorer.exe"
• Then click "End Process" (desktop icons disappear)
• Click on "File" > "New Task (Run)"
• In the Open box, type "systray.exe"
• Click OK
• Again, click on "File" > "New Task (Run)"
• In the Open box, type "explorer.exe"
• Click OK again

Everything should come back, including the volume icon. HTH

 

Have you guys tried remove the Enforce DEP tick for Firefox?

 

Removing the Enforce DEP option works for me Firefox 46 32bit.

 

One of these Mitigations you can enable/disable for each protected Program / CFI = Control-Flow Integrity

Maybe this can solve your problem with Firefox

 

disable DEP in Firefox plugin and container , and no more crashes , but slower to load pages .Disdable all protections in Firefox and plugin container , no errors , but still slow

 

What do you mean "Firefox plugin and container"? Just remove the tick from "Enforce DEP" in HitmanPro.Alert for the application Firefox.

I don't have slow loading of pages.

 

Ok..only disable DEP in Firefox aplication...but Firefox is a few more slow that version 45

 

All I can report is that Firefox 46 32bit performance is fine for me with HitmanPro.Alert 3.1.9 367 (and no crashes with DEP disabled).

I notice you have version 364 and not 367, so update it.

I don't use Kaspersky or MBAM.

I would do the usual checks like disabling Kaspersky, all Firefox add-ons and uninstall MBAM completely not just disable it.

 

Same here. Updated from Firefox 45.0.2 to 46 using the built-in updater and I also run into the false-positive. Firefox immediately got stopped by HMPA.
The following three alerts are using HMPA build 363 (the latest auto-update version). The last one is from build 367. Unticking "Enforce DEP" only for "firefox.exe" also works for me as a workaround.

This is from Windows 8.1 Pro x64 with Emsisoft Anti-Malware 11.6.2.6338.

Spoiler: Crash 1, build 363

Mitigation DEP

Platform 6.3.9600/x64 06_3c
PID 5952
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 46

EIP = 170602AA, State = 0x1000, Type = 0x20000, Protect = 0x2

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 76F9FE71 ntdll.dll
2 76F9FE43 ntdll.dll
3 76FA05BF ntdll.dll KiUserExceptionDispatcher +0xf

4 037E0968 (anonymous; xul.dll)
58 POP EAX
c1e805 SHR EAX, 0x5
03e0 ADD ESP, EAX
8b442430 MOV EAX, [ESP+0x30]
8910 MOV [EAX], EDX
894804 MOV [EAX+0x4], ECX
5f POP EDI
5e POP ESI
5b POP EBX
5d POP EBP
c3 RET

5 69577808 xul.dll

Process Trace
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5952]
2 C:\Program Files (x86)\Mozilla Firefox\updater.exe [9320]
"C:\Program Files (x86)\Mozilla Firefox\updater.exe" C:\Users\XXX\AppData\Local\Mozilla\updates\XXXXXXXXXXXXXXXX\updates\0 "C:\Program Files (x86)\Mozilla Firefox" "C:\Program Files (x86)\Mozilla Firefox\updated" 9620/replace "C:\Program Files (x86)\Mozill
3 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [9620]
4 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4648]
5 C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe [6804]
"C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe" "C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\XXXXXXX.Test1\minidumps\0b964aed-0ab1-4fe5-932a-29d2936e049a.dmp"
6 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8372]
7 C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe [9816]
"C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe" "C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\XXXXXXX.Test1\minidumps\f6c98b95-dd6c-4b9b-9a32-b881811201f0.dmp"
8 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [1600]
9 C:\Windows\explorer.exe [4792]
10 C:\Windows\System32\userinit.exe [4720]

Spoiler: Crash 2, build 363

Mitigation DEP

Platform 6.3.9600/x64 06_3c
PID 5056
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 46

EIP = 35AC0010, State = 0x1000, Type = 0x20000, Protect = 0x2

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 76F9FE71 ntdll.dll
2 76F9FE43 ntdll.dll
3 76FA05BF ntdll.dll KiUserExceptionDispatcher +0xf

4 0B56E298 (anonymous)
808ec21ec89430 OR BYTE [ESI-0x6b37e13e], 0x30
0b00 OR EAX, [EAX]
00e5 ADD CH, AH
e5aa IN EAX, 0xaa
00e5 ADD CH, AH
e548 IN EAX, 0x48
f8 CLC
bf0a8067f9 MOV EDI, 0xf967800a
0c00 OR AL, 0x0
0000 ADD [EAX], AL
00a5000000e0 ADD [EBP-0x20000000], AH
192a SBB [EDX], EBP
2018 AND [EAX], BL
e356 JECXZ 0xb56e315
0b00 OR EAX, [EAX]
00e5 ADD CH, AH

5 1EC28F34 (anonymous; xul.dll)
6 12BBED38 (anonymous)
7 1EC28F34 (anonymous; xul.dll)
8 26BF9160 (anonymous)
9 03C70968 (anonymous; xul.dll)
10 0E1D95EE xul.dll

Process Trace
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5056]
2 C:\Windows\explorer.exe [4792]
3 C:\Windows\System32\userinit.exe [4720]

Spoiler: Crash 3, build 363

Mitigation DEP

Platform 6.3.9600/x64 06_3c
PID 8972
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 46

EIP = 16DE0010, State = 0x1000, Type = 0x20000, Protect = 0x2

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 76F9FE71 ntdll.dll
2 76F9FE43 ntdll.dll
3 76FA05BF ntdll.dll KiUserExceptionDispatcher +0xf

4 232F21F0 (anonymous)
60 PUSHA
677717 JA 0x232f220b
60 PUSHA
212f AND [EDI], EBP
2300 AND EAX, [EAX]
0000 ADD [EAX], AL
00aa00000068 ADD [EDX+0x68000000], CH
3551221043 XOR EAX, 0x43102251
7209 JB 0x232f2211
0000 ADD [EAX], AL
0000 ADD [EAX], AL
2500000000 AND EAX, 0x0
0000 ADD [EAX], AL
0000 ADD [EAX], AL
0000 ADD [EAX], AL
0000 ADD [EAX], AL

5 17776814 (anonymous; xul.dll)
6 241ED0E8 (anonymous)
7 36320968 (anonymous; xul.dll)
8 6B4595EE xul.dll
9 6BA8F33B xul.dll ??4ContextOptions@JS@@QAEAAV01@ABV01@@Z +0x18b
10 6B45889C xul.dll

Process Trace
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [8972]
2 C:\Windows\explorer.exe [4792]
3 C:\Windows\System32\userinit.exe [4720]

Spoiler: Crash 4, build 367

Mitigation DEP

Platform 6.3.9600/x64 06_3c
PID 6132
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 46

EIP = 24030681, State = 0x1000, Type = 0x20000, Protect = 0x2

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 7776FE71 ntdll.dll
2 7776FE43 ntdll.dll
3 777705BF ntdll.dll KiUserExceptionDispatcher +0xf

4 25FF0968 (anonymous; xul.dll)
58 POP EAX
c1e805 SHR EAX, 0x5
03e0 ADD ESP, EAX
8b442430 MOV EAX, [ESP+0x30]
8910 MOV [EAX], EDX
894804 MOV [EAX+0x4], ECX
5f POP EDI
5e POP ESI
5b POP EBX
5d POP EBP
c3 RET

5 620C7808 xul.dll

Process Trace
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6132]
2 C:\Windows\explorer.exe [4676]
3 C:\Windows\System32\userinit.exe [4616]

 

@erikloman,

I notice an issue with HMP.A 3.1.9.363 and Internet Explorer 11
on both my Windows 7 x64 systems
(both with G Data IS, HitmanPro.Alert 3, DEP enabled for all programs and services, SEHOP enabled, UAC most secure setting, standard user account, SpywareBlaster, Adblock Plus)

HMP.A reports Internet Explorer 11 NOT PROTECTED.
Restarting IE11, or even rebooting the system, does not help.
I don't know since when, or since which HMP.A build, that issue is there.

 

I have version 367....uninstall Hitman and Firefox work normaly..

Hitman will try to reinstall cleanly and finds again

 

Reinstalled Hitman..no crahes with DEP unchecked, but....Firefox is more slowly...

 

Firefox 46x64 sloooow.
Firefox 46x32 crash.... FF45.0.2x32...okay
build 366

 

As above, for 32 bit remove the tick from "Enforce DEP" in HitmanPro.Alert for the application Firefox.

 

Windows 10 Pro 64bit. My IE 64bit was not protected, I enabled Exploit Mitigation and it is now. IE 32bit was protected.

 

You write "I enabled Exploit Mitigation".
Wasn't Exploit Mitigation enabled?
I disabled and re-enabled Exploit Mitigation, but that doesn't make any difference.

By the way, that what I reported in my previous post, can only be noticed with IE11 running.
Without IE11 running, there's no indication that IE11 wouldn't be protected.

 

Nope, it was enabled for IE 32bit but not IE 64bit. I enabled it and it has stayed enabled after a reboot and shows as protected when running.


Edit: Just looked on my Windows 10 Pro 64bit laptop and they are BOTH protected on that. Strange that IE 64bit wasn't protected on my desktop.

 

Reinstalled Firefox 45.0.2...Firefox Work perfect and very fast....

 

32 or 64 bit?

 

only used Firefox 32 bits...

the 64-bit version is not faster than 32 and also is not compatible with extensions and plugins still

 

@erikloman,

It's worse than I mentioned in my previous report.

HMP.A 3.1.9.363 not only shows Internet Explorer 11 as NOT PROTECTED,
but also PDF-XChange Viewer
Wordpad,
and Windows Media Center.
Restarting applications doesn't change that.

As I mentioned,
2 Windows 7 x64 systems, both with G Data IS, HitmanPro.Alert 3, DEP enabled for all programs and services, SEHOP enabled, UAC most secure setting, standard user account, SpywareBlaster, Adblock Plus.



N.B.
Later confirmed by L10090.

 

W7-x64 with hmp.alert build 366 or 367:
1. Firefox 46.0 keeps on crashing whatever mitigations(DEP/CFI) I disable. Had to uninstall FF46.0 and reinstall FF45.0.2
2. IE11, FF45/46, Notepad, PDF exchange viewer, 7-Zip keep showing under 'Runnig applications' as UNPROTECTED!! Whatever I try.

 

We are having a strange issue with HMPAlert 3 and our commercial license. Worked fine with build 3.0.41.187, it would show being activated with a proper commercial license. Now since we've updated to 3.1.9.364 it is now showing as unlicensed. Has there been any changes with licensing between these build numbers?