HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I've tried to observe an event that places a file (random filename) to CryptoGuard folder.
    I'm curious as to whether a random filename file once placed in CryptoGuard folder is also updated as the original file changes.
    I'm curious if 588 changed CryptoGuard folder housekeeping.
     
  2. guest

    guest Guest

    I'm monitoring executables that are written to the harddisc, and i can see that directly after a system-file was changed (after installing a windows-update for example), a file in the CryptoGuard-folder was created accordingly.
    Or after i updated HMP.A
    So if files in the Windows-folder are changed, CryptoGuard "decides" to make a copy of it in the CryptoGuard-folder.
    That's my observation.
    Code:
    2016/06/22_05:13 > W:C:\Users\Public\...\hmpalert3b532.exe > C:\Windows\SysWOW64\hmpalert.dll
    2016/06/22_05:13 > W:C:\Users\Public\...\hmpalert3b532.exe > C:\Windows\System32\hmpalert.dll
    2016/06/22_05:15 > W:C:\Windows\CryptoGuard\ED028E5D
    2016/06/22_05:26 > W:C:\Windows\CryptoGuard\9E592914
    ...
    2016/06/25_06:07 > W:C:\Windows\System32\poqexec.exe > C:\Windows\SysWOW64\ole32.dll
    2016/06/25_06:07 > W:C:\Windows\CryptoGuard\DF4D3F19
    2016/06/25_06:07 > W:C:\Windows\System32\poqexec.exe > C:\Windows\System32\ole32.dll
    2016/06/25_06:07 > W:C:\Windows\CryptoGuard\409E065F
    2016/06/25_06:07 > W:C:\Windows\System32\poqexec.exe > C:\Windows\SysWOW64\asycfilt.dll
    2016/06/25_06:07 > W:C:\Windows\CryptoGuard\8195B61C
    2016/06/25_06:07 > W:C:\Windows\System32\poqexec.exe > C:\Windows\SysWOW64\olepro32.dll
    2016/06/25_06:07 > W:C:\Windows\CryptoGuard\D8B5D021
    
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    what tool generates such detail
     
  4. guest

    guest Guest

    with MZWriteScanner from Excubits you can monitor executables which are written/dropped to harddisk.
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Aha!, tried to run demo. No joy. Thanks anyway.
     
    Last edited: Sep 10, 2016
  6. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    I was also interested to know what tool you were using. Thanks for sharing.
     
  7. ForeignerAUS

    ForeignerAUS Registered Member

    Joined:
    Sep 11, 2016
    Posts:
    3
    Location:
    UK
    I have a question that I hope the community can help me with.

    I'm new to Hitman. Since installing, I cannot update Razer Synapse. I'm getting the following error:

    BadUSB
    Mitigation BadUSB Platform 10.0.14393/x64 06_3c Keyboard name Razer BlackWidow Ultimate Hardware ID HID\VID_1532&PID_011A&REV_0200&MI_01&Col01

    I've tried disabling BadUSB but it doesn't help. In fact, I've tried disabling everything that I can see that can be disabled, but nothing helps.

    Has anyone got any advice? Thanks.
     
  8. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    What is the version number of HMP.A?
    Have you tried uninstalling, then reinstalling HMP.A?
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Disabling BadUSB should take care of it, but since it doesn't then, as a temporary workaround, uninstall HMPA, do your update and reinstall HMPA.
     
  10. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    What is the significance of the safety notification color?

    When I first opened Android's SDK Manager I saw a black flag announcing Java protection. When I closed and reopened the same program again the notification appeared in blue. So why black followed later by blue? Is black a "first use" color? Other?
     
  11. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I've run into this problem a couple of times and it's also annoying that HMPA often doesn't even give any sign that it's blocking something and that disabling options in HMPA doesn't help. And what's even more annoying is that when you finally figure out HMPA is blocking stuff, it's not uncommon that the exclusion option doesn't work, so even after excluding the program HMPA continues to do it's blocking thing... so that raises the question what the exclusion option exactly does...
     
    Last edited: Sep 11, 2016
  12. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    @ Telos

    Black= ok, i've identified an app that needs to be shielded because it is prone to be exploited (so, you will see black flag only 1 time!, a kind of "first use" as you precisely said)

    Then,
    ASA you run that particular app, the flag notify you that you are safe (blue→ exploit protection on)
     
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    The Synapse update would likely effect your Keyboard drivers and HMPA might misinterpret it as malicious or a "new" keyboard. Does HMPA give you the option to proceed? Typically BADUSB will alert you to a device acting as a new keyboard and ask you if it is OK.

    Maybe uninstall HMPA and then do the update, make a new Restore Point, and reinstall HMPA. There would be some risk, however, that after reinstalling HMPA you would have a non functioning keyboard, but you would not need a keyboard to re-uninstall HMPA and rollback your Synapse drivers or do a System Restore, unless HMPA freezes your system. If that is what it is doing now, ignore this paragraph.

    It's a shame that you are having an issue that is preventing you from using such a fine keyboard. If you were not having any issues prior to the update and all your keyboard's functions were accessible, I would forget about the update.

    Did you read the Changelog?

    FWIW: Many gamers hate Razer's Synapse. It often causes more problems than it's worth.

    I have stopped updating the Razer Synapse on my system. Everytime I have updated it on my system it totally borks my wi-fi connection, requiring me to reinstall my wifi adapter driver and reconnecting to my wifi signal. I have no idea why this happens, but it always does. When I did update my Synapse, HMPA never triggered a problem.

    (In my case Synapse is not that important cuz the only Razer Product I use that uses Synapse is their FireFly Hard Gaming Mouse Mat (Totally Awesome BTW). It has a a"gimmick" LED multi-colored border and all that Synapse does is allow you to select a pattern and speed of the changing light pattern.)

    Synapse is a trouble-maker and I would attribute any problems updating it to Razer before HMPA.

    Do a Google search for Razer Synapse Problems and you will get pages upon pages of results, particulary respecting Win 10, let alone 1067.

    I have not updated my Synapse since before Win 1067 and the "old version" is working just fine.

    Unless you are using the very latest new Razer products, you likely don't need the update.
     
    Last edited: Sep 12, 2016
  14. ForeignerAUS

    ForeignerAUS Registered Member

    Joined:
    Sep 11, 2016
    Posts:
    3
    Location:
    UK
    Thanks for all your advice. I think I'll just leave the update. Synapse works fine atm.
     
  15. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    Maybe it's just coincidence but I'm getting corrupted downloads with Chrome 64. I had 2 bad downloads downloading audio tracks from Bandcamp a few hours ago, and now downloading WonderFox DVD Ripper Pro here (see upgrade button). Repeated the Wonderfox download, and again it was corrupted.

    At both sites, I stopped the service, and the download arrived intact. I'm using 558.
     
  16. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    What other security software / web filter do you have on your machine?
     
  17. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    Thanks Erik.
     
  18. ajp2k16

    ajp2k16 Registered Member

    Joined:
    Sep 12, 2016
    Posts:
    6
    Location:
    Sweden
    I'm having problems with HitmanPro.Alert and high CPU usage when connecting through OpenVPN. When connected through VPN and I transfer a file my CPU usage goes up quite a lot and my transfer speed is greatly reduced. I tried running this through support but the answer I got was that a new version would fix this problem but the fix never came, at least nothing that worked. Last version I tried was the latest .558

    Anyone else seeing this? I have a 250/50Mbps connection and I suppose faster speeds make it even more noticable.

    I'm using a VPN for privacy reasons and right now I can't use HitmanPro.Alert at all.

    Any suggestions? Thanks!
     
  19. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    A couple of random things I'd try as a test to narrow it down. Doesn't harm trying. :)

    I'd add OpenVPN to the exclusions in Exploit Mitigation.

    Another is disabling Network Lockdown in Risk Reduction.
     
  20. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    Malwarebytes Anti-Malware Home and Charter Security Suite (provided by F-Secure).

    EDIT: Same experience at opengapps.org. 4 failed attempts including 1 in incognito mode. "Failed - Network error" from Chrome. Toggled off service and download completed. Toggled on service, download again failed.
     
    Last edited: Sep 12, 2016
  21. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    558 version is having issues with 3DMark and it's Java 8.


    The program javaw.exe version 8.0.910.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
    Process ID: 1a10
    Start Time: 01d20c55716cbc66
    Termination Time: 3
    Application Path: C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\jre\bin\javaw.exe
    Report Id: d2cd9bf3-7848-11e6-9f9e-5cf370776aa3
    Faulting package full name:
    Faulting package-relative application ID:


    The description for Event ID 901 from source HitmanPro.Alert cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\jre\bin\javaw.exe
    Disabled=ON
    DEP=ON
    ASR=ON
    ASLR=ON
    BottomUpASLR=ON
    SEHOP=ON
    NullPage=ON
    HeapSpray=ON
    LoadLib=ON
    Caller=ON
    IAF=ON
    StackPivot=ON
    StackExec=ON
    BannedAPI=ON
    Intruder=ON
    KbdGuard=ON
    LockdownNewFile=ON
    LockdownAutorun=ON
    Profile=A07E-CB4F

    the message resource is present but the message is not found in the string/message table



    Faulting application name: FMSIScan.exe, version: 4.48.599.0, time stamp: 0x57ac82f9
    Faulting module name: igdrcl32.dll, version: 20.19.15.4424, time stamp: 0x56fdc832
    Exception code: 0xc0000005
    Fault offset: 0x000680bd
    Faulting process id: 0x2f30
    Faulting application start time: 0x01d20c4d2e89441a
    Faulting application path: C:\Program Files (x86)\Futuremark\SystemInfo\FMSIScan.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\igdrcl32.dll
    Report Id: 346e7da2-74cb-4b35-86d5-d926428a219a
    Faulting package full name:
    Faulting package-relative application ID:
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What AV are you using? Or are you using other network monitoring tool (eg. glasswire).
    I installed OpenVPN and use vpnbook free service but I do not see high CPU usage.
     
  23. ajp2k16

    ajp2k16 Registered Member

    Joined:
    Sep 12, 2016
    Posts:
    6
    Location:
    Sweden
    @erikloman Right now I'm only using Windws Defender because my Avira (Pro with webshield on, better with it off) also affected the speed of OpenVPN but not as much as HMPA does. I'm using WinAntiRansom together with Windows Defender now without any slowdowns, nothing else installed at the moment. I've tried a lot of VPN services and I had this problem with them all when using HMPA, at first I thought all vpn providers were really bad... I'm on Windows 10 Pro by the way. I only see high CPU when transfering something att full speed or doing a speed test like speedtest.net or something, not while doing normal web surfing. Thanks!

    @eddiewood Thanks for the suggestions, I'll give it a try!
     
  24. guest

    guest Guest

    And if you do a speed-test without a VPN, do you see the same high CPU-%?
     
  25. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    What process is maxing out the CPU in Task Manager?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.