HitmanPro.ALERT Support and Discussion Thread

Same here, but only on one of my machines for some reason.

 

...and same here too

 

Krusty, were both BadUSB and KE not working on your one machine?

I uninstalled 601 and reinstalled 593, everything is functioning. Guess I'll stick with that for the time being, right?

 

Upgraded over the top of beta build 600 and after reboot Bad USB is staying ON and keyboard encryption is working

 

I didn't check Keyboard Encryption but I could see BadUSB had a different icon and when I checked that out I couldn't keep it enabled.

I'm sticking with 593 on that machine too.

 

U[graded to build 601 beta: BADUSB cant be activated and keyboard encryption does not work. I'll try a clean install.

Win10 1703 build 15063.332 x64/Norton Security v22.9.3.13

 

Both dont work after clean install.

 

It seems that for some Bad USB mitigation and Keystroke Encryption are still not working after we've made changes since build 600. We are addressing this right now. Stay tuned for an update.

In case someone is wondering whether Alert prevents real-world exploits, including the DoublePulsar NSA exploit, check out this tweet:
https://twitter.com/GossiTheDog/status/869468423209848832

 

yesss!!

 

HitmanPro.Alert 3.6 Build 602 BETA

We have slightly tweaked the code related to keyboard handling so that Bad USB and Keystroke Encryption now work as expected ... hopefully

Changelog (compared to 601)

• Fixed Bad USB mitigation
• Fixed Keystroke Encryption

Notes
This build has co-signed drivers by Microsoft.

Download
http://test.hitmanpro.com/hmpalert3b602.exe

Please let us know how this build runs on your computer

 

Just upgraded from 593 to 602.
Everything OK so far.

 

The 602 is meant as an upgrade from 593.
The 7xx series are the CTP1 and the inbound CTP2.

 

On my Windows 7 x64 system (see signature), I upgraded build 601 to 602.
The upgrade was smooth, with no issues, and everything looks fine.
Bad USB is enabled, and Keystroke Encryption works as expected.
However, as I experienced no issues with Bad USB and Keystroke Encryption in build 601, my experience with build 602 doesn't say much regarding the fixes for Bad USB and Keystroke Encryption.

 

hi, everything was ok with build 601 also everything ok with build 602 thank you,

 

Yes, 3.6/602: BadUSB stays enabled and Keystroke Encryption works. Thanks!

 

hi, any news on CTP2 thank you

 

As Erik said - stay tuned - just keep an eye on this forum thread, and relax. Give Erik and the team some time.

 

ok thank you

 

Installed the BETA over 3.6.5 and 3.6.6 on two different computers. Bad USB and Keystroke Encryption are working flawlessly on both.

Additionally a Steam game made with Unity is now working without getting terminated by Mitigation: CallerCheck, Callee Type: LoadLibrary.

BTW: Is there a software/server-side delay when a new official release is available? When 3.6 was released I was stuck with 3.6.0 for a long time before noticing that hitmanpro.com was already offering 3.6.3, at which point I did a manual update on all of my 3 machines. Today on my surface the internal updater did not offer 3.6.6, before I installed the build 602 BETA over it. Is that intended or a bug?

 

Build 602 BETA fixes both problems. Nice.

 

Thanks for the link. I suppose HMPA will also block this tool from injecting code?

https://github.com/countercept/doublepulsar-usermode-injector

You know what the thing is, HMPA is focused on auto-blocking things, so it can't monitor things like service/driver loading and standard code injection, because this can also be used in a non-malicious way. And a full behavior blocker often relies on user input.

 

What type of problems do you have, and which version of Windows are you using? In the past I also had problems with the HMPA and SBIE combo, that's why I decided not to install HMPA. But because of all the new protections I'm planning to give it another try.

BTW, I saw a video that was made by the VoodooShield developer, and it seemed like lsass.exe was exploited which resulted in the loading of rundll32.exe which is able to run the payload I suppose. So does HMPA now protect all system processes, or does it simply act whenever this exploitation technique is being used? And HMPA doesn't protect against EternalBlue itself, correct?

https://www.mrg-effitas.com/eternalblue-vs-internet-security-suites-and-nextgen-protections/

 

3.6 602 with keystroke protection enabled now locks keyboards on other PCs\laptops than what I initially reported. Dell, Toshiba, MSI,...