Don't feel alone, mine is mute too, I just haven't noticed it till now. I am ok with it not playing, but this is interesting that HMP.A would have that effect on the start or boot tone. Did you have to re-load them or did switching to 604 just remedy the issue ?
As soon as I uninstalled CTP4 it asked for a restart and the tone worked straight away after that. I had also noticed my daily scheduled HMP scan didn't produce a tone and my scheduled weekly backup with Macrium Reflect was the same.
Yep. And now, some hours later, HMP.A has crashed again, this time to the point where the "SYSTEM" process didn't respawn (the one associated with my PC's name is still listed in Task Manager): Code: - System - Provider [ Name] Application Error - EventID 1000 [ Qualifiers] 0 Level 2 Task 100 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2017-06-26T03:30:30.000Z EventRecordID 151780 Channel Application Computer -PC Security - EventData hmpalert.exe 3.6.7.603 593adfa1 hmpalert.exe 3.6.7.603 593adfa1 c0000005 001fd8c0 880 01d2ed74376d4170
Two recent PrivGuard alerts, both while opening Sandboxied Firefox: Code: Mitigation PrivGuard Platform 10.0.15063/x64 v710 06_45 PID 16820 Application C:\Windows\SysWOW64\dllhost.exe Description COM Surrogate 10 Sweep Code Injection 0000000000760000-0000000000766000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [3512] 0000000000770000-0000000000771000 4KB 00007FFA4DD89000-00007FFA4DD8A000 4KB Process Trace 1 C:\Windows\SysWOW64\dllhost.exe [16820] C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897} 2 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe [18004] 3 C:\Program Files\Sandboxie\SandboxieRpcSs.exe [13992] 4 C:\Program Files\Sandboxie\SbieSvc.exe [3512] Code: Mitigation PrivGuard Platform 10.0.15063/x64 v710 06_45 PID 22844 Application C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe Description rf-chrome-nm-host 8 Sweep Code Injection 00000000009F0000-00000000009F6000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [3656] 0000000000D00000-0000000000D01000 4KB 00007FFB8ECA9000-00007FFB8ECAA000 4KB Should I untick Local Privilege Mitigation? It only happens occasionally. Edit: Btw this is CTP4. And @mood I reread your post #316 now, so I'll switch that off for now.
Just linking to this discussion: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-562#post-2687662 Maybe it should have been posted here.
Every time with Chrome: Mitigation PrivGuard Platform 10.0.14393/x64 v710 06_4e PID 22304 Application C:\Program Files\Sandboxie\SandboxieCrypto.exe Description Sandboxie COM Services (CryptSvc) 5.20 Sweep Code Injection 00000000001F0000-00000000001F6000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [1908] 0000000000520000-0000000000521000 4KB 00007FFBE7159000-00007FFBE715A000 4KB 1 C:\Program Files\Sandboxie\SbieSvc.exe [1908] 2 C:\Windows\System32\services.exe [940]
@guest Thanks... Already added it after I got the warning, hopefully it would be fix in the next update.
@subhrobhandari #335 Do you have protected Windows Firewall Control with HMP.A? WFC was prevented from executing a dropped file in the temporary folder. If it is protected, this could explain the Lockdown Mitigation. The Credential Theft Protection is preventing the application from accessing \REGISTRY\MACHINE\SAM\SAM This is expected if the Mitigation is enabled. Is PrivaZer or any other application in the Process Trace a protected application?
I assume that the protection of Explorer.exe is leading to these kind of Mitigations. You don't need to add explorer.exe to the list of Protected Applications:
I use a utility WSCC (Windows System Control Center) to download and maintain Sysinternals and Nirsoft utilities. But now with CTP4, some Nirsoft utilities fail to install or update. I get a red 'Malware Blocked' fly-out top-right for about 9 utilities. Didn't happen with build 603. Is HMPA now doing a cloud scan? How can I bypass this check, or exclude these utilities (preferably at folder level)? I have tried unticking all Process Protection mitigations. Edit: Found it. Temporarily disabled Anti-Malware Protection. Doh.
HMP.A is now detecting WFC (Windows Firewall Control) as Razzy infection and borking it's service. I added it to exclusion and rebooted and it grabbed it again and trashed the service for WFC so needless to say I had to kill HMP.A to get my internet connectivity back working. Easy to replicate just install WFC with HMP.A 710 CTP 4 and watch the detection. For now, even though I am a paid subscriber I am uninstalling HMP.A and patiently await a solution. Keep up the awesome work guys
No doubt this will be worked out in the new v3.7 build, but for now if you run the stable release (3.6.7 build 604) you will not have this problem.
Is the Realtime Protection of HMP.A detecting it? I think you have seen something like this: "Gen:Variant.Razy" If yes, this is caused by the Realtime Protection of HMP.A. You can't make exclusions for it but it will be soon possible. Switch to Build 604 (which doesn't have the Realtime Protection), or you can install CTP 4 and try to disable the Realtime Protection. After they have released a new build you will be able to exclude the file or even the whole folder.
Ok will do, thanks for that valuable heads up mood I will switch to 604 till the update then I will switch back to the CPT builds. PeAcE
Hey bro, I'm using WFC with CTP4 and not getting this issue. Update: My mistake, not running latest ver. of wfc, 4.9.9.1. updated and immediately got the same problem as @CyberGhosT. As per @mood advice I disabled Anti-Malware in CTP4 and _wfc service could be started.
Back to build 604 (from 710). Getting into a(n) (infinite?) loop with Sandboxie COM Services (DCOM) 5.20 PrivGuard-alerts. Alert > Close > Alert > Close >Alert > Close... Logboeknaam: Application Bron: HitmanPro.Alert Datum: 8-7-2017 8:38:56 Gebeurtenis-id:911 Taakcategorie: Mitigation Niveau: Fout Trefwoorden: Klassiek Gebruiker: n.v.t. Computer: **** Beschrijving: Mitigation PrivGuard Platform 10.0.15063/x64 v710 06_17* PID 5696 Application C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe Description Sandboxie COM Services (DCOM) 5.20 Sweep Code Injection 0000000000710000-0000000000716000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [2984] 0000000000720000-0000000000721000 4KB 00007FF80E889000-00007FF80E88A000 4KB 1 C:\Program Files\Sandboxie\SbieSvc.exe [2984] 2 C:\Windows\System32\services.exe [688] 3 C:\Windows\System32\wininit.exe [620] wininit.exe Process Trace 1 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe [5696] 2 C:\Program Files\Sandboxie\SandboxieRpcSs.exe [5172] 3 C:\Program Files\Sandboxie\SbieSvc.exe [2984] 4 C:\Windows\System32\services.exe [688] 5 C:\Windows\System32\wininit.exe [620] wininit.exe Gebeurtenis-XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2017-07-08T06:38:56.729886200Z" /> <EventRecordID>4289</EventRecordID> <Channel>Application</Channel> <Computer>****</Computer> <Security /> </System> <EventData> <Data>C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe</Data> <Data>PrivGuard</Data> <Data>Mitigation PrivGuard Platform 10.0.15063/x64 v710 06_17* PID 5696 Application C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe Description Sandboxie COM Services (DCOM) 5.20 Sweep Code Injection 0000000000710000-0000000000716000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [2984] 0000000000720000-0000000000721000 4KB 00007FF80E889000-00007FF80E88A000 4KB 1 C:\Program Files\Sandboxie\SbieSvc.exe [2984] 2 C:\Windows\System32\services.exe [688] 3 C:\Windows\System32\wininit.exe [620] wininit.exe Process Trace 1 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe [5696] 2 C:\Program Files\Sandboxie\SandboxieRpcSs.exe [5172] 3 C:\Program Files\Sandboxie\SbieSvc.exe [2984] 4 C:\Windows\System32\services.exe [688] 5 C:\Windows\System32\wininit.exe [620] wininit.exe </Data> </EventData> </Event>