HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    If there are known incompatibilities between HMPA and popular antivirus suites, maybe Erik or Mark can give a list or something? It's a real bummer when you buy software that works at first and sometime later in the future it stops working together, it's like flushing down money through the toilet when you have like almost a year's worth of subscription.. Also I don't have much faith in Windows Defender since it's scores in AV-Test, AV-Comparatives and such are not to good. Maybe back to Norton, Kaspersky or Avira then? :(
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I run HMPA, SBIE and MBAM. I also run EIS and have never had any compatibility issues. Going with Norton and Kaspersky you probably will
     
  3. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I understand this, that's why I trial the software first and when no problems arise I buy it. When using the same software for several versions for many months without incident I didn't expect this to happen all of a sudden. It all started after the Windows 10 Anniversary Update. To make sure it wasn't a bad Windows installation I even reinstalled Windows twice. Well I guess I have to take my losses then..
     
  4. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Did you try rolling back the Anniversary Update? Seems that lots of folks have had some unpleasant surprises since updating. From some descriptions I have read it almost sounds like an OS upgrade, rather than just a service pack style update.

    http://www.infoworld.com/article/31...inst-windows-10-anniversary-update-grows.html

    https://www.reddit.com/r/Windows10/comments/4vrr27/windows_10_anniversary_update_megathread/
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    The problem is compatibility is a moving target because of ongoing changes in the OS and security products. What I look for is a willingness on the part of the developers to support other products. It's a deal breaker for me if there are compatibility problems and a developer just says uninstall the other software.
     
  6. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    I noticed that you are running in "compatibility mode", i.e. Windows Defender. At least Microsoft likely tests that before releasing an upgrade, LOL!!!
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Yes :) For now I'm using Windows Defender because it's just AV/AS and doesn't step on HMPA or MBAM.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes, that's the frustrating thing. And the weird thing is that on some systems there are no problems at all. HMPA caused SBIE to malfunction on my system, probably because the protection hooks were interfering with each other. But most people did not have this problem.
     
  9. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    You know, I have considered it too. Maybe the next time I have a conflict I won't waste any time trying to debug. Just go with the flow. I think with HMPA and MBAM the overall layered coverage is probably just fine.

    I have read all of the AV test sites and have seen the scores for Windows Security Essentials & Defender slide to the point they are either no longer even tested, or they are used as a baseline. But in actuality, Microsoft does very well with real-world, in the wild, malware. So a zero day exploit could probably get past even the best signature based AV/AS. The days of the usefulness of signature detection or aggressive heuristics are numbered ... which is why I rock with HMPA :)
     
  10. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    @Peter2150 Will have a look at Emsisoft :)

    @Tinstaafl Rolling back is no longer an option, I did a fresh install and don't have a backup from before the upgrade. I only made a backup of individual stuff, not of whole Windows. Since it's my mediacenter I don't do really super important stuff on it, hence not backing up Windows. Not to smart I know..

    @Victek Yeah you're right about incompatibilities being a moving target, but it really sucks when you paid for the software and it suddenly no longer works right. But generally speaking I think some products might statistically cause more problems then other products when you look over a longer period of time.

    @erikloman @markloman I saw that in past versions of HMPA you improved compatibility with Bitdefender, might this be possible again?

    Besides uninstalling HMPA, deactivating Active Threat Control completely in Bitdefender also solves the problems, but then it's protection also lowers significantly. Adding HMPA to Bitdefender's exclusion list also doesn't help.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, the question is who to blame. If HMPA works correctly and SBIE not anymore, then how is SBIE to blame? I think problems can be caused by both parties. And I've never seen SBIE causing any problems but that's because I don't constantly try out new security software.

    But that's why earlier in this thread I asked the HMPA developers if it's really necessary to hook multiple processes, because I expect that is the cause of most issues. Especially because other security tools might do the same.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    1, Have you heard of Windows 10 AU. It has caused a lot of grief

    2. Could you post you developers qualifications on which you base your comments?
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Who is talking about Win 10? I'm talking about the conflicts between security tools, that may be solved but may occur again and again if a certain product gets updated. And since when do you have to be a developer to know stuff. You can find this info on the web you know.

    It's a fact that back in the days, a lot of security tools caused problems because they hooked the kernel directly in the Windows 32 bit OS. That's why M$ blocked direct kernel hooking on Win 64 bit, but sadly enough user-mode hooking by multiple security tools can also cause problems.
     
  14. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    81
    Location:
    Kissimmee, FL
    I have had three customers call in with this problem today. Dell Product Registration causes this all on its own. Solution is to temporarily put HMPA in audit mode, then uninstall Dell product registration. Be sure to put HMPA back in terminate mode.

    Might I also suggest that if HMPA is in audit mode, that it should have a different looking tray icon that indicates as such! It would be too easy to leave HMPA in audit mode and nobody ever notice it.

    Log Name: Application
    Source: HitmanPro.Alert 3.5.0 546
    Date: 8/13/2016 10:08:20 AM
    Event ID: 911
    Task Category: Mitigation
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: DESKTOP-9PRS4MP
    Description:
    Mitigation Anti-VM

    Platform 10.0.10586/x64 06_3c
    PID 7808
    Application C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe
    Description Setup Launcher Unicode 2.2.27

    VirtualPC
    Process Trace
    1 C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe [7808]
    C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe /q"C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe" /tempdisk1folder"C:\Users\Mary\AppData\Local\Temp\{D86273B0
    2 C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe [7572]
    "C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe" -runfromtemp -l0x0409 -removeonly
    3 C:\Windows\SysWOW64\dllhost.exe [8940]
    C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-08-13T17:08:20.184521900Z" />
    <EventRecordID>33788</EventRecordID>
    <Channel>Application</Channel>
    <Computer>DESKTOP-9PRS4MP</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe</Data>
    <Data>Anti-VM</Data>
    <Data>Mitigation Anti-VM

    Platform 10.0.10586/x64 06_3c
    PID 7808
    Application C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe
    Description Setup Launcher Unicode 2.2.27

    VirtualPC
    Process Trace
    1 C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe [7808]
    C:\Users\Mary\AppData\Local\Temp\{D86273B0-F6F4-4093-B72C-3871DEFA5561}\setup.exe /q"C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe" /tempdisk1folder"C:\Users\Mary\AppData\Local\Temp\{D86273B0
    2 C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe [7572]
    "C:\Program Files (x86)\InstallShield Installation Information\{B96204EB-3051-4B4F-9534-ED13FE7095D1}\setup.exe" -runfromtemp -l0x0409 -removeonly
    3 C:\Windows\SysWOW64\dllhost.exe [8940]
    C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
    </Data>
    </EventData>
    </Event>
     
  15. guest

    guest Guest

    Sandboxie is in perpetual race against its environment, because it use a particular approach of Windows mechanism , an extended "whitelist" to do its job (what is not authorized is blocked). so when one of the whitelisted applications suffer a major recoding ( say Chrome) , Sandboxie can't isolate it properly anymore and create incompatibilities. Hence the multiples weekly updates/fixes.

    that is the point, if you use a software created during a certain OS, and you keep using this OS and barely install any new softwares, the chances to get issues are minimal; unfortunately this behavior is not the popular one so it is logical than others encounter issues.

    indeed, HMPA (and other security softs) inject dll into almost every processes even to programs/processes that are not supposed to be handled by it (like processes of security softs) which may result in incompatibilities with the injected soft/process , one reason exclusions features are necessary.
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Agreed. I haven't heard Erik or Mark speak to this, but I hope it's on their feature list. After my last license expired there were a few days where HMPA was in unlicensed mode (no mitigations and no CryptoGuard) until I pulled up the UI for some reason and noticed. HMPA would benefit from being able to display real time status, such as active, inactive, licensed mode, unlicensed/free mode, etc.
     
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I don't know what audit mode is.
     
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I never would have know about audit mode.
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    One very important note:
    If you enable "silent audit", malware is not stopped anymore, but executed and reported to Windows Event Logging.

     
  20. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    all of win10's build updates have been an OS upgrade, its a flawed system which I posted about several months ago.

    Why microsoft moved from their reliable service pack system to this new system I do not know. Basically whenever there is a new build, it reinstalls the OS. It then restores your settings and apps as it thinks it should be, of course it misses things out which is why people report the problems they do.
     
  21. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Just to confirm that 550 Beta is running smoothly on Win 7 along with WSA and VoodooShield.
     
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I am still not sure how to enable or disable silent audit.
     
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @Dragon1952 :
    There are good reasons, why this setting is not on the main screen.
    You need to be an advanced user, to select "silent audit"...:isay:

    Hint:
    Click on "Action mode"
     
  24. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I have always used the advanced interface but don't remember clicking on action mode in recent memory. I might have when i first started using hmpa but forgot about it after seeing what the default setting was for action mode.
     
  25. Der.Reisende

    Der.Reisende Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    51
    Location:
    Germany
    ================================================================================
    Topic: Support Request:
    Keystroke Encryption Issue when using Browsers, HMP.A v3.5.0 b546.
    ================================================================================

    Hello Guys @ SurfRight / @ sophos, I am coming up with an support request.

    I have following issue with Windows 10 x64, v1607 b14393.51 using HitmanPro Alert v3.5.0 b546.
    After the "Anniversary Update" (or an upgrade to the latest HMP.A version, cannot tell, did not use that machine that often in the past weeks due to studying somewhere else but home), both Google Chrome (x64, v52.0.2743.116 m) came up with no longer accepting any keyboard inputs (every other application, Win10 included, did).
    Therefore, I tried everything I could think of solving that issue (plug in, plug out, reinstall and reset Chrome, Restart Win10, look up Device manager for issues,...) after nothing to be found on the internet to solve the issue.

    I then came up with the crazy idea to deactivate Keystroke encryption in HMP.A, (as Edge worked somehow), for I already had issues with PSE13/14 and Exploit Protection in HMP.A.

    And, et voilà, everything works fine (HMP.A does not seem to support Edge Keystroke Encryption yet).

    Of course, deactivating parts of the security software is not the intention of how to use it, so please, have a look in that matter and feel free to contact me at any time if you need more information. I will reply ASAP.

    Thank you and BR.

    ================================================================================
     
    Last edited by a moderator: Aug 14, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.