Excluding of applications should prevent HMP.A from injecting its .dll, but it seems that newer versions of HMP.A are injecting it nevertheless which might cause trouble on some systems. ("hmpalert!A3 / hmpalert!CVCCP", these are exports from the injected hmpalert.dll which can be seen in the crash report)
I rather doubt that. MPC-HC is no longer actively developed. There are unofficial builds by clsid at Doom9's forum, but I really doubt we can expect a fix for HMPA crashing MPC-HC. And on the HMPA side, earlier, Erik Loman mentioned that MPC-HC uses many weird techniques to play video's and that it cannot be supported. But, as also mentioned by Erik, and also by Mark (as pointed out by mood), adding MPC-HC to HMPA exceptions should be sufficient to prevent MPC-HC crashing. However, if adding MPC-HC to HMPA exceptions is not sufficient, then there is an issue. I hope Erik, Mark, or Ronny can offer a solution to that.
Good question. Where I said that on my Windows 7 x64 system with HMPA 723 stable, MPC-HC does not crash if it is added to HMPA's exclusion list, I am talking about MPC-HC.1.7.13.x64 portable. I don't know about the MPC-HC 32-bit and installer versions, or the unofficial builds by clsid.
Yeah, I know, I know... No comment. Code: Log Name: Application Source: HitmanPro.Alert Date: 26/02/2018 7:38:33 PM Event ID: 911 Task Category: Mitigation Level: Error Keywords: Classic User: N/A Computer: David-HP Description: Mitigation CredGuard Platform 10.0.16299/x64 v734 06_5e PID 940 Application C:\Program Files\Norton Security\Engine\22.12.0.104\symerr.exe Description Symantec Error Reporting 7.10 Reading LSASS (812) process memory: 0000000000000000 L1128 Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FFF407365A4 KernelBase.dll ReadProcessMemory +0x14 2 00007FFF407BBD86 KernelBase.dll GetModuleFileNameExA +0x2a6 3 00007FFF407BBBD0 KernelBase.dll GetModuleFileNameExA +0xf0 4 00007FFF407BB954 KernelBase.dll EnumProcessModulesEx +0x84 5 00007FFF2DABECB6 ccLib.dll 85c0 TEST EAX, EAX 7564 JNZ 0x7fff2dabed1e 488d353f830500 LEA RSI, [RIP+0x5833f] 488b0538830500 MOV RAX, [RIP+0x58338] 483bc6 CMP RAX, RSI 7437 JZ 0x7fff2dabed04 f6401c01 TEST BYTE [RAX+0x1c], 0x1 7431 JZ 0x7fff2dabed04 80781902 CMP BYTE [RAX+0x19], 0x2 722b JB 0x7fff2dabed04 ff15f1690200 CALL QWORD [RIP+0x269f1] ba2d000000 MOV EDX, 0x2d 89442420 MOV [RSP+0x20], EAX 458b4d28 MOV R9D, [R13+0x28] 4c8d05dd3f0300 LEA R8, [RIP+0x33fdd] 6 00007FFF2DABE7C3 ccLib.dll 7 00007FFF2DABEA60 ccLib.dll 8 00007FFF2DABE4C1 ccLib.dll 9 00000000522F4F83 sqsvc.dll 10 00000000522F3633 sqsvc.dll Process Trace 1 C:\Program Files\Norton Security\Engine\22.12.0.104\symerr.exe [940] "C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe" /submit 2 C:\Windows\System32\svchost.exe [1212] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 3 C:\Windows\System32\services.exe [788] 4 C:\Windows\System32\wininit.exe [668] wininit.exe Thumbprint 42e1b2d530f9d74fa2be1ab40cf597106ec096654b94ee2622b4aa68007c7a5f Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2018-02-26T08:38:33.301262100Z" /> <EventRecordID>55858</EventRecordID> <Channel>Application</Channel> <Computer>David-HP</Computer> <Security /> </System> <EventData> <Data>C:\Program Files\Norton Security\Engine\22.12.0.104\symerr.exe</Data> <Data>CredGuard</Data> <Data>Mitigation CredGuard Platform 10.0.16299/x64 v734 06_5e PID 940 Application C:\Program Files\Norton Security\Engine\22.12.0.104\symerr.exe Description Symantec Error Reporting 7.10 Reading LSASS (812) process memory: 0000000000000000 L1128 Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FFF407365A4 KernelBase.dll ReadProcessMemory +0x14 2 00007FFF407BBD86 KernelBase.dll GetModuleFileNameExA +0x2a6 3 00007FFF407BBBD0 KernelBase.dll GetModuleFileNameExA +0xf0 4 00007FFF407BB954 KernelBase.dll EnumProcessModulesEx +0x84 5 00007FFF2DABECB6 ccLib.dll 85c0 TEST EAX, EAX 7564 JNZ 0x7fff2dabed1e 488d353f830500 LEA RSI, [RIP+0x5833f] 488b0538830500 MOV RAX, [RIP+0x58338] 483bc6 CMP RAX, RSI 7437 JZ 0x7fff2dabed04 f6401c01 TEST BYTE [RAX+0x1c], 0x1 7431 JZ 0x7fff2dabed04 80781902 CMP BYTE [RAX+0x19], 0x2 722b JB 0x7fff2dabed04 ff15f1690200 CALL QWORD [RIP+0x269f1] ba2d000000 MOV EDX, 0x2d 89442420 MOV [RSP+0x20], EAX 458b4d28 MOV R9D, [R13+0x28] 4c8d05dd3f0300 LEA R8, [RIP+0x33fdd] 6 00007FFF2DABE7C3 ccLib.dll 7 00007FFF2DABEA60 ccLib.dll 8 00007FFF2DABE4C1 ccLib.dll 9 00000000522F4F83 sqsvc.dll 10 00000000522F3633 sqsvc.dll Process Trace 1 C:\Program Files\Norton Security\Engine\22.12.0.104\symerr.exe [940] "C:\Program Files\Norton Security\Engine\22.12.0.104\SymErr.exe" /submit 2 C:\Windows\System32\svchost.exe [1212] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 3 C:\Windows\System32\services.exe [788] 4 C:\Windows\System32\wininit.exe [668] wininit.exe Thumbprint 42e1b2d530f9d74fa2be1ab40cf597106ec096654b94ee2622b4aa68007c7a5f</Data> </EventData> </Event> Followed closely by - https://www.wilderssecurity.com/thr...-layer-of-defense.398859/page-45#post-2740681
Uninstalled 734 BETA. No wifi and Windows responds VERY slow once started to desktop. I can see both Norton and Hitmanpro Allert in Taskmanager but no Norton and HitmanPro alert trayicons. Same after several Windows-restarts. After uninstalling 734 BETA no problems, Wifi is ok now and Norton trayicon is back. Win10 1709 build 16299.214 x64/Norton Security v22.11.0.104
Is that with HMPA stable build 729, or with no HMPA at all? If that is with no HMPA at all, what happens when you install stable build 729?
Found this: Logboeknaam: System Bron: Service Control Manager Datum: 26-2-2018 9:58:15 Gebeurtenis-id:7011 Taakcategorie: Geen Niveau: Fout Trefwoorden: Klassiek Gebruiker: n.v.t. Computer: **** Beschrijving: Time-out (30000 seconden) tijdens het wachten op een reactie op een transactie van deze service: hmpalertsvc. Gebeurtenis-XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7011</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2018-02-26T08:58:15.808148600Z" /> <EventRecordID>7369</EventRecordID> <Correlation /> <Execution ProcessID="720" ThreadID="6908" /> <Channel>System</Channel> <Computer>****PC</Computer> <Security /> </System> <EventData> <Data Name="param1">30000</Data> <Data Name="param2">hmpalertsvc</Data> </EventData> </Event>
No, I mean, where you said "After uninstalling 734 BETA no problems", is that with no HMPA at all, or with HMPA stable build 729 reinstalled? And if that is with no HMPA at all, what happens when you install stable build 729?
Great, thanks for testing. Beta 734, however, seems not so great. Quite a few issues reported by now, some tinkering needed by the developers, so it seems.
But of course. However, with some beta we see no issues at all and those are later released as stable, while other beta still need some more work, like this one. But of course that's fine, as it's a beta.
Hello, I am also having similar issue when trying to do a scan with ESET. HMP.A does not generate any alert. ESET just sits there endlessly scanning memory. Completely disabling CredGuard (Credential Theft Protection) solves the issue. For the time being, I have completely disabled CredGuard (Credential Theft Protection) in order for the anti-virus/malware scanners that I have to work properly. I will enable and test again later if a new version of HMP.A is released with changes that will solve this issue.
Hitman Pro Alert Beta 737 interfering with Battleeye Anti-Cheat system for Player Battlegrounds Unknown.
Just to get that clear - Are you sure you are talking about the latest stable build 729? Or beta build 734? (By the way, this is the dedicated beta thread, there's a different thread for the HMPA stable versions.)
Yeah, I'm stuck on 604 too because of BSODs on W7/XP 32-bit with all later HMPA versions. Not sure when this issue will be resolved due to SOPHOS priorities even though they were able to reproduce the crashes. We are no longer dealing with the Loman brothers like we did before SOPHOS took over.