HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. plat1098

    plat1098 Guest

    Yes, OK then, this summarizes the issue very neatly. Perhaps it is best for me to keep the "ie" in Sandboxie and leave Chrome out of it--for now at least. Otherwise, it gets very complicated and messy. :)

    Hey @shmu26: this untrusted fonts thing is a relic from the past and was resolved when I attempted to activate this mitigation thru group policy, only to get a warning id 1085 in event viewer! @BoerenkoolMetWorst and @markloman had illuminated the untrusted fonts mitigation issue re: Alert in below post over a month ago. :) Very interesting--glad this mitigation is reworked in Fall CU.

    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-573#post-2713455
     
  2. Armadax

    Armadax Registered Member

    Joined:
    Sep 13, 2015
    Posts:
    19
    Location:
    Zuid-Holland
    Okay, thanks for this. But, errmmm, we’re staying tuned since June??
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    This was brought up yesterday. Whats the June.
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    It was June when Erik said,
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Ah. Thanks SM
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Yeah, that real-time scanner would be a real lot more usable if exclusions were possible :)
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    From past experience I know I have to use Passive Vaccination when installing / upgrading Netgear Genie but I just got this when upgrading to the latest version.
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          24/11/2017 8:51:02 AM
    Event ID:      911
    Task Category: Mitigation
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      David-HP
    Description:
    Mitigation   Lockdown
    
    Platform     10.0.16299/x64 v723 06_5e
    PID          7056
    Application  C:\Program Files (x86)\NETGEAR Genie\wpinst.exe
    Description  wpinst.exe
    
    Filename     C:\Users\David\AppData\Local\Temp\wpinst64.exe
    Created By   C:\Program Files (x86)\NETGEAR Genie\wpinst.exe
    
    
    Process Trace
    1  C:\Program Files (x86)\NETGEAR Genie\wpinst.exe [7056]
    2  C:\Users\David\AppData\Local\NETGEARGenie\update_temp\NETGEARGenie-install.exe [4504]
    C:/Users/David/AppData/Local/NETGEARGenie/update_temp/NETGEARGenie-install.exe
    3  C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [9236]
    4  C:\Windows\explorer.exe [7252]
    5  C:\Windows\System32\userinit.exe [2676]
    6  C:\Windows\System32\winlogon.exe [780]
    winlogon.exe
    7  C:\Windows\System32\smss.exe [664]
    \SystemRoot\System32\smss.exe 000000dc 00000080
    
    Thumbprint
    a1430adc96c80ff18655b510d868acdac7eb0f130413ae6943d77f96ae999399
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2017-11-23T21:51:02.108924700Z" />
        <EventRecordID>6928</EventRecordID>
        <Channel>Application</Channel>
        <Computer>David-HP</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\NETGEAR Genie\wpinst.exe</Data>
        <Data>Lockdown</Data>
        <Data>Mitigation   Lockdown
    
    Platform     10.0.16299/x64 v723 06_5e
    PID          7056
    Application  C:\Program Files (x86)\NETGEAR Genie\wpinst.exe
    Description  wpinst.exe
    
    Filename     C:\Users\David\AppData\Local\Temp\wpinst64.exe
    Created By   C:\Program Files (x86)\NETGEAR Genie\wpinst.exe
    
    
    Process Trace
    1  C:\Program Files (x86)\NETGEAR Genie\wpinst.exe [7056]
    2  C:\Users\David\AppData\Local\NETGEARGenie\update_temp\NETGEARGenie-install.exe [4504]
    C:/Users/David/AppData/Local/NETGEARGenie/update_temp/NETGEARGenie-install.exe
    3  C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [9236]
    4  C:\Windows\explorer.exe [7252]
    5  C:\Windows\System32\userinit.exe [2676]
    6  C:\Windows\System32\winlogon.exe [780]
    winlogon.exe
    7  C:\Windows\System32\smss.exe [664]
    \SystemRoot\System32\smss.exe 000000dc 00000080
    
    Thumbprint
    a1430adc96c80ff18655b510d868acdac7eb0f130413ae6943d77f96ae999399</Data>
      </EventData>
    </Event>
    I do have Netgear Genie added to HMP.A's protected programs in the Other category. Netgear Genie appears to have upgraded successfully.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
  9. guest

    guest Guest

    This is the reason why you got the Lockdown Mitigation. The protected program dropped a file in a a temporary directory and launched it.
    You can disable "Application Lockdown" for the protected program temporarily, but all files have been successfully updated ("appears to have upgraded successfully"). In this case you don't "need to".
    For example Opera is triggering the Lockdown Mitigation while it is upgrading, but nevertheless the upgrade was successfull: "I received the notification from HMP.A, Opera was still able to automatically update to the latest version" #12865
    The "Holiday Promotion 50% off" is available for all License Options.
    After a click on the Buy button a new page is opened, and you can choose other License Options.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    Indeed, as mood says.
    If you click "Buy Now", the shop page opens, on which you can choose other options than 1 PC 1 Year.
    The other options are 3 PC 1 Year, 1 PC 3 Year, and 3 PC 3 Year, all with reduced prices.

    Oddly, I see it is not 50% off, but only 39% off!
    For instance, 1 PC 1 Year € 18.15 where the full price is € 29.95, and 3 PC 3 Year € 56.27 where the full price is € 92.95. That is not 50% off, but only 39% off.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  12. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Thanks mood. I figured that was the case but thanks for explaining the mitigation, that helps.
     
  13. guest

    guest Guest

    "50% off" (excluding VAT) :)
    If you buy it, the final price includes the VAT.
    I'm glad to help :)
     
  14. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    23
    Location:
    Finland
    Hi
    I updated Hitman pro alert from build 604 to build 723 by installing over. I had trial license but now I have paid version. Now, I notice that Opera browser takes longer time to load than with build 604 and it does not load ghostery extension at the same time (or it has been disabled and each time have to manually enable it afterwards). It is really annoying! Could program update do this, I had not this problem before and I have not made changes to Opera browser. If I disable exploit mitigations fro Opera, browser loads faster. I am using Opera 49.0.2725.47 and I am using Windows 10 64 bit (1709), I also have Avast free 17.8.2318.
     
  15. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    Ah, thanks very much, mood.
    I overlooked that line about VAT.
    In my defense, I can't remember that SurfRight, before being part of Sophos, made offers this way, offering 50% off on one page, excluding VAT, and then adding VAT on the next page. Or perhaps SurfRight did the same before Sophos, but I forgot. :confused:
     
  16. lawdude

    lawdude Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    41
    I still have 244 days left on my subscription. If I buy now to get the lower price, does subscription begin on purchase date or when I activate?
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    It begins when you activate. Do not activate the key until the existing activation expires.
     
  18. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    23
    Location:
    Finland
    Why does windows process manager show 2 HitmanPro.Alert processes? Is this normal?
     
  19. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I'm also seeing that in Windows Task Manager. I don't know why it's displayed twice there, but in Process Explorer it is only listed once under services.
     
  20. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    23
    Location:
    Finland
    Sorry, I meant task manager.
     

    Attached Files:

  21. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Thanks for this reminder, last time was messy. And Thanks for the excellent deal, purchased another 3 years.
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    One is a User service "...hmpa.exe/tray"
    One is a SYSTEM service "...hmpa.exe/service"
     
  23. lawdude

    lawdude Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    41
    Gotchya. Now, if I will only be able to remember where the confirmation email is 244 days from now.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Thanks!


    Afaik it was really 50% off including VAT in the past.
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Does a HitmanPro.Alert subscription include a HitmanPro subscription?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.