HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    Any ETA regarding STEAM & 3DMark related changes/fixes?
     
  2. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Looking forward to a fix for the driver signing issue, considering I made a clean installation. =P
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Running good here Win 7 x64.
     
  4. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    If we have a clear roadmap, future renewals of HMPA and even the renewal of Antivirus solutions can be planned better.
     
  5. plat1098

    plat1098 Guest

    HitmanPro Alert 3.5.1. build 550b/Firefox 48/W10 v.1607 b. 14393.10 not clean install/SecureBoot enabled. Fine so far, HMP-A remembered everything. Minor issues: flyout not always happening with each browser once per logon; colored border not always appearing; wish that "check for updates has failed" warning would kindly disappear. So far, so good, though, overall.
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Hi @chrcol!

    Rest assured, we are 100% focused on HitmanPro.Alert. Sophos Intercept contains HitmanPro.Alert, so all fixes and improvements we do there are also in HitmanPro.Alert. If you install Sophos Intercept (a beta is available later this month for people to try) you even get the same binary in C:\Program Files\HitmanPro.Alert. We maintain one code base and since Sophos is now also actively testing, many recent fixes are under the hood and are thanks to vigorous testing by Sophos and third-party security testers.

    Regarding hooking into everything. It seems there is a general assumption that a security product must work a certain way. And if it doesn't work like that, it's bad. But HitmanPro.Alert is not like e.g. Microsoft EMET or an antivirus product. It does way much more than that, actually it does things like nothing else. E.g. Process Protection and Safe Browsing deliver security in such a different way, not found in other products. It is deliberately designed this way for several reasons, but most important these:
    1. stop unknown malware before it executes without relying on hooks, and
    2. ensure compatibility with third-party security solutions like antivirus
    I understand the use of the term false positive but this word is more associated with signatures and AV. HitmanPro.Alert is a behavior-based model which works for every modern application. If an application fails or steps on one of HitmanPro.Alert's boobytraps, it is either the perpetrating application's own fault or the configuration of HMPA needs adjustment so it's more lenient towards the application. The design is suitable for every application, as long as you put it in the correct category.

    If an application is stopped by HitmanPro.Alert, while the application itself is not deliberately protected, it's because the parent application is protected by HitmanPro.Alert. Unlike other exploit prevention solutions, programs that spawn from protected applications also receive the same mitigation of its parent; protections are inherited. This is extremely effective against many real-world threats, like malicious macro's that drop malware (e.g. ransomware, remote access trojans, etc), PowerShell attacks and other attacks that abuse or rely on a trusted legitimate program (often part of the operating system) to drop additional threats on your machine. Examples:
    There are numerous more. HitmanPro.Alert goes further than Microsoft EMET is designed for.

    Please check and update the mitigations of the parent process when a setup or seemingly unprotected application is intercepted. The category is likely wrong.
    Hope this helps.
     
    Last edited: Aug 8, 2016
  7. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    FWIW, I am running Avira Pro and HitmanPro.Alert 546 without download issues.

    My Avira Pro is a fresh install (I Revo'd my previous Avira install after the recent "improved" version w/launcher released).

    I am using Avira's real-time, web protection, and firewall protection (not rootkit or email protection).

    I've also disabled "launcher" in start-up, and disabled the launcher service.

    I will be installing HitmanPro.Alert 550 shortly.
     
  8. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    A new issue appeared between AdGuard and HMPA. First let me say that I disabled secure boot after I did a fresh install of Windows 10 Anniversary. The problem is that I can't start the Adguard interface after HMPA is installed (I tested both the stable version and the latest beta). Adguard shows no notification icon in the tray, it does however run as a background process when I look at the Windows Task Manager, but the GUI won't start. No error messages are shown. Before Windows 10 Anniversary I had no problem running both together.

    Excluding Adguard in Exploit Mitigation doesn't help. Completely disabling Exploit Mitigation, Risk Reduction and Safe Browsing also doesn't help.
     
    Last edited: Aug 8, 2016
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    What is meant by a "fresh installation of Windows 1607?" Is that something other than an "Upgrade to Win 1067 from pre Win 1067 ?" I did my upgrade to 1067 via Media Creator.

    I run an ASUS ROG GR20, that has a stoopid bios in which "Secure Boot" can not be disabled. I'd rather not play Russian Roulette so that is why I am asking.

    I switched from an earlier beta version to 3.5.0 546 retail this AM with no issue.
     
    Last edited: Aug 8, 2016
  10. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    I've just checked Adguard with HitmanPro.Alert and that works fine. Do you also have Bitdefender IS installed, as indicated in your signature?
     
  11. JayKatai

    JayKatai Registered Member

    Joined:
    Dec 16, 2015
    Posts:
    23
    Any eta on when driver signing will be fixed? System builder, so kind of need it to work with fresh 1607. Thanks for all the hard work, its a great program, so I feel kind of naked and exposed while waiting for this issue to be fixed. :)

    Disabling secure boot isn't an option for me.
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    As mentioned before, if you upgraded from a release of Windows prior to Windows 10 Version 1607, HitmanPro.Alert runs fine, you're not affected.
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    I am running HMPA 546 with Adguard with no issue.

    Have you tried to start the tray icon and/or GUI via the exe. file ?

    A clean re-install of Adguard?

    Do you see the Adguard symbol on screen lower right corner when browsing?

    When running an earlier Beta - 536- I would sometimes get a tray icon but no Adguard symbol when browsing. I would have to click on the tray icon to open the GUI to start the service. But that appears to be a different issue than what you are experiencing.
     
    Last edited: Aug 8, 2016
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Thanks for the reply erikloman :)
     
  15. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @ all Wilders members:

    The Loman brothers are working really hard on Hitman products, fixing issues, doing integration in Sophos products
    and answering forums posts in several threads.

    Give this guys a break.
    You don't want them to burn out.
     
  16. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "If an Electron Can Be in Two Places at Once, Why Can't You?"

    http://discovermagazine.com/2005/jun/cover
     
  17. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    Ok some more information.

    3.5 is back on this pc and right now keyboard encryption is working, someone mentioned earlier it works initially and then fails, so I will test again after 24 hours more uptime, note it was not working when I previously tested on 3.5 on this machine and that was tested after a pretty high uptime without a reboot (over 2 weeks).

    Regarding the avast uninstaller I am guessing the parent app was explorer, the uninstaller was launched from the programs and features control panel applet. Explorer was not added by me to HMPA protection list.

    Regarding sopho's, I typod I missed a word 'may', I was speculating as to why people might be showing concerns which was "if" hmpa was merged into the sophos then "maybe" they would need to repurchase the product. Obviously if there is no intention to do that merge and this product stays how it is and is part of the sophos application like is stated, then yeah I have no problem with this.
     
  18. plat1098

    plat1098 Guest

    Hmm, seems my personal irritant-- that "check.....updates failed" warning --is gone (at least for now) with latest HMP-A v. 3.5.1 550b.....maybe? Yes? If so, excellent. You click on the bold "check for updates" on the little tray icon, it says "no updates available" and Event Viewer is nice and red:mad:/white again, no yellow.

    Liking the new Windows build...very nice!
     
  19. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    Confirming mounting Jetico BestCrypt encrypted container files now works (Ref Build 550b)
     
  20. LittleDude

    LittleDude Registered Member

    Joined:
    Mar 22, 2008
    Posts:
    79
    Keystroke Encryption does not appear to be working in browsers on my system. Are there conflicts with other software that I should be aware of?
    Thanks

    Update: Removed Zemana Antimalware(was not using real-time protection) including the drivers it leaves behind and Keystroke Encryption is now working. I may reinstall ZAM including portable version to narrow down the problem in case someone else is experiencing similar issues.
     
    Last edited: Aug 9, 2016
  21. Can't answer for Mark Loman, but after the upgrade, I made an image backup and did a "refresh". A refresh (just hold shift key before restarting and choose refresh in advanced options), has the same effects as a fresh install: you end up with a default OS and no other programs (so only try this out after having an image backup).

    Regards Kees
     
  22. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Yup, I have Bitdefender 2016 installed, I also have a ticket running with them regarding them using some non-WHQL drivers which Event Viewer is giving me some warnings about, but doesn't seem to effect the product itself. The logging I sent to them... they replied back that I must uninstall both Hitman Pro and Alert because of compatibility issues and that it might be the cause of my "issues" regarding the warnings. I think Bitdefender's answer is nonsense, because I simply asked the question if I might run into any troubles regarding the Windows 10 Anniversary Update because of the warnings in the Event Viewer. See below for the exact warnings regarding Bitdefender.

    Nevertheless before the Windows 10 Anniversary Update, all three products (AdGuard, HMPA and Bitdefender) ran fine with each other.

    Code:
    Code Integrity determined kernel module \SystemRoot\system32\DRIVERS\ignis.sys that did not meet the WHQL requirements is loaded into the system. Check with the publisher to see if a WHQL compliant kernel module is available.
    
    Code Integrity determined kernel module system32\DRIVERS\trufos.sys that did not meet the WHQL requirements is loaded into the system. Check with the publisher to see if a WHQL compliant kernel module is available.
    
    Code Integrity determined kernel module system32\DRIVERS\avc3.sys that did not meet the WHQL requirements is loaded into the system. Check with the publisher to see if a WHQL compliant kernel module is available
    
     
    Last edited: Aug 9, 2016
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I am running both together (latest versions) without issue on my primary machine - see sig. I don't have BD, or VS on this laptop. Also I did an upgrade, not a clean install of AU (I am assuming fresh = clean).
    I read that AG does meet the new driver signing requirements, but HMPA has yet to implement this. In my understanding, HMPA shouldn't work for clean installs ... ?
     
    Last edited: Aug 9, 2016
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I have no issues with HMPA keystroke encryption running ZAM with real-time protection on.
     
  25. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Tray icon is not visible, clicking the desktop shortcut only loads extra background processen, the service is running, re-installing didn't help, the problem is probably Bitdefender according to markloman.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.