HitmanPro.ALERT Support and Discussion Thread

Notepad++ intercepted for ROP. Haven't had this issue before and haven't updated Notepad++ in a long time so something in Alert must have changed. Tried updating Notepad++ but didn't fix it.

Spoiler: Details

 

It's the latest beta and it fixed a little bit more:

#10570

 

There is a major issue with v3.5 build and windows 10 anniversary update. I uninstalled Bitdefender 2016 and HMPA to install Windows 10 anniversary edition.

Post a successful installation, and reloading BD and HMPA (downloading it from surfright's website), i was unable to login to windows 10. I could see a mouse pointer on the screen, that's all.

I restored windows to pre security software levels.

Then i loaded Bitdefender. rebooted the system. no problem.

I then installed HMPA (downloading it again from surfright's website). Back to the same problem - cannot boot into windows. I am stuck with a mouse pointer on the screen.

I am posting this message from one of my other PCs while a system restore is in progress on the affected PC.

I have to add one more point - 2 out of 3 systems i upgraded didn't have a problem. This is a problem with one of my machines.



Edit: Bitdefender reported that it blocked teslacrypt2 from downloading to my download's folder during the first round of installations. Now i was extremely careful to ensure that I didn't open a single website before BD / HMPA was installed. So I simply can't figure out what was the entry point for teslacrypt into my PC.

 

SurfRight will give surely a better support to AU in the next few build, anyway the latest official release [3.5.0.546] works as expected on 1607 so i suspect your issues are related to the mix with the other real time software in your system...

 

Are you running the beta? I'm not seeing that with Build 546. Or maybe it's plugin related?

 

I can confirm it's HMPA that's the culprit. I have the same security software on all 3 machines. So i don't know what's going wrong on that PC.

On a 3rd attempt, I created a restore point right before installing HMPA and as expected, post installing and rebooting the system is stuck with a blank screen and pointer.

I am sure there might be many users who are probably resetting their PCs at this time, unaware that HMPA is causing this issue.

 

I had the same issue with my HP laptop. I did end up going back to factory default. After a few days, HP wanted to update my video driver. I created a rollback snapshot, then installed the HP video driver. Sure enough, blank screen and mouse cursor on the login screen. After I rolled back, I did not have that problem. I suspect if you can get logged into the computer, then in device manager uninstall and remove the video driver, reboot and let Win 10 reinstall the driver, that will solve the problem. I worked for me.

 

I am aware of the video driver issues at the solutions for it. But this doesn't have anything to do with the video driver problem. It happens only "if" I install HMPA after upgrading to win10 1607.

 

I have the issue with the 548 beta and had the issue with the stable 546 version before that. I haven't installed any plugins that doesn't come by default.

Pre-post edit: Read the details of the alert and saw "RTSS" and realized it had something to do with RivaTuner Statistics Server which I use with MSI Afterburner, so for some reason RTSS is doing something to Notepad++ which HMPA doesn't like.
Fix: Add Notepad++ to RTSS application list and set "Application detection level" to "None"

 

https://m.reddit.com/r/Windows10/comments/4vufpo/windows_10_fully_freezes_after_anniversary_update/

 

Yeah. I've tested by whitelisting some files and I'm still getting that warning. I think I can live with it for now.

 

Dev's, do you want me to stop providing feedback here? As no replies to PM's now or my posts here. I have no confidence the key encryotion is even been worked on due to the silence.

Also was no comment on why a uninstaller was blocked.

 

1. In what application is the encryption not working? Was it working with 3.1? Is it just the border not working?

2. Can you please post the details from the alert that was shown? You can find these in the Event Log.

 

What warning? Any details?

 

@erikloman please, any thoughts?

 

I think since you did a fresh anniversary install you could run into this issue:
https://blogs.msdn.microsoft.com/wi...r-signing-changes-in-windows-10-version-1607/

 

I also performed a clean Windows 10 (x64) 1607 installation.

I did not get any driver warnings during HMP.A installation and it seems to run just fine.

 

Yup, also running into this issue, both with HMPA and Hitman Pro. Since you gave no further specifics on whether or not you are planning to conform to the new driver signing policy by Microsoft, does that mean you are basically saying tough luck? Also the bug with the TP-link slow router interface is still an issue with the latest stable build of HMPA.

 

We are a little surprised this was suddenly enforced. We are going to conform of course.
TP-Link we can reproduce but the fix has to come from our supplier.

 

Thx for the update!

I think many developers were surprised, other programs are having similar issues.

 

That leaves the question of course what impact this has on protection, are we still protected?

 

It works in 3.1 as shown in my screenshot.

As far as I can tell its broken in all applications on 3.5.

On my laptop it works fine on 3.5. This is why I speculated it might be related to drivers, because my laptop and PC are setup using the same custom install image I have, same registry tweaks, same group policies. They both have the same security software running.

I will upgrade back to 3.5 in an hour or two, and try some things.

 

If you do a *fresh* 1607 install AND you have SecureBoot enabled in your BIOS AND an installed product uses a driver which was not passed through Microsoft then the driver will not start and in case of Alert, you have no protection.

Until security products are in line with Microsoft's new enforced policy I recommend *temporarily* disabling SecureBoot as SecureBoot wont protect you against exploits or ransomware which are the prevalent attacks.

For HMP and HMPA, my colleagues will put the drivers through Microsoft policy asap.

Hope this helps.

 

This certainly helps, thx!

 

That is because you have to read the entire blog post from Microsoft.
Not all machines are equally treated by the new policy (SecureBoot enabled/disabled and fresh install or upgrade matter). But also old drivers are allowed (not enforced).

Its a mess and it is all MS fault by not making this new policy more clear. Enforcing policy at the day of the launch is not the way to treat customers and independent software vendors!