HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    By nag screen i meant the green halo around firefox popping out every few minutes telling me that I am protected. Very annoying. It took me few minutes but I finally figured out how to turn it off. I decided to keep my trial for 30 days and see how it works.
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That isn't a "nag" screen
     
  3. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    Yeah I figured that one out. It did feel like a nag screen. Good thing is that there was option to turn if off.
     
  4. Damnatus

    Damnatus Registered Member

    Joined:
    Dec 29, 2015
    Posts:
    16
    Hi there.
    I have an issue with the CamGuard/ Webcam Notifier: I use Streaming-Software like OBS where I use a Webcam to film myself. Here the Cam works.

    I used a fork of OBS, called Streamlabs OBS (or SLOBS, see: https://streamlabs.com/streamlabs-obs) and here the Webcam doesn't work when the Webcam Notifier in HMPA is on. When I deactivate it, it works. I can't remember that I have blocked the program to access the Cam.
    Is there a possibility to see the blocked programs so I can check that before filing a bug report?
     
  5. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.7.6 Build 737 Released

    Changelog (compared to build 729)
    • Improved Credential Theft Protection, which now terminates applications that attempt to access LSASS in an offending way.
    • Improved error handling when activating a trial or product key
    • Improved CryptoGuard to handle a new technique used by SamSam ransomware
    • Improved mini-filter performance which speeds-up CryptoGuard
    • Improved CryptoGuard to handle compressed PDF files more accurately
    • Improved Application Lockdown with detailed thumbprint generation for script-based attacks and to block abuse of Certutil and Python
    • Improved event logging of APC mitigation alerts
    • Improved Code Cave mitigation
    • Improved startup time of the HitmanPro.Alert Service
    • Added Event ID 800 (malware detected) to the custom HitmanPro.Alert view in the Windows Event Log
    • Added malware detections to the "Number of alerts" counter on the HitmanPro.Alert user interface
    • Added support for Spectre mitigations; i.e. our binaries are now compiled with /Qspectre compiler switch
    • Added offline indicator when the HitmanPro Anti-Malware Cloud is unreachable
    • Fixed the "Scan failed" issue which could occur when pressing the "Scan Computer" or "Scan with HitmanPro" button
    • Fixed unexpected behavior of Safe Browsing to improve detection and prevent false positives
    • Fixed issue that prevented proper disabling of Exploit Mitigations on Java binaries
    • Fixed rare issue that caused a hanging thread (locked a file) when CryptoGuard creates a file backup
    • Fixed an issue with code injection on Windows XP
    • Fixed an issue with the Reflective DLL Injection mitigation (part of Load Library mitigation)
    • Fixed an issue with the Windows 10 Start Menu
    • Fixed an issue when importing previously exported settings
    • Fixed a rare issue that could cause a BSoD mentioning partmgr.sys
    • Several other minor fixes and improvements
    Download (with drivers co-signed by Microsoft)
    https://dl.surfright.nl/hmpalert.exe

    We'll start updating users automatically at a later moment.
    Please let us know how this version runs on your machine. Thanks! :thumb:
     
  6. Damnatus

    Damnatus Registered Member

    Joined:
    Dec 29, 2015
    Posts:
    16
    737 runs on my machine W10 16299.248, 3570k
     
  7. justme12

    justme12 Registered Member

    Joined:
    Oct 27, 2016
    Posts:
    9
    Location:
    s.shore,Massachusetts
    Build 737 issues:

    windows 1709 16299.251 i7-8550U 16.gb ram, running alongside EAM

    Slowing OS down. Just uninstalled the previous build due to this slowdown issue. It takes app 12 seconds for windows edge to load.
    Also I find typing a lag after a few letters. Once I uninstall, no problem. If I disable keystroke there is no change.
    *** Tried on alternate laptop - same scenario
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    I haven't tried the new release version, yet (nor 734 beta).
    Is the 734 beta issue of Credential Theft Protection interfering with several anti-virus products when reading LSASS process memory solved in build 737?
     
  9. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Yes it should!
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Ah, great, thanks! :thumb:
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Build 729 shows no update on right-click check at tray icon. Is this to be expected until update is spread around for a while following release? Thanks. I'll install over the top of 729 in the meantime. Will the update ever be possible more promptly via this checking method?

    Edit: This probably answers most of my query:
    Thanks Mark.
     
    Last edited: Mar 7, 2018
  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Yes, when the update is offered for automatic updating, at a later moment, the update will be available via "Check for update" at the tray icon.
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I may give this a try soon in VM to see what's changed since I tried it last. It's been about a year since I tried it.
     
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi,

    Could you please DM me your setup details, if both machines are hardware different it could possibly be related to your preferred software config as both share the same performance degradation.
     
  15. justme12

    justme12 Registered Member

    Joined:
    Oct 27, 2016
    Posts:
    9
    Location:
    s.shore,Massachusetts
    Sorry - how do I DM you and what particular setup details?
    ps
    I just did a fresh reinstall of Win10 for the heck of it and same situation. Thus, I have to remove HMPA
     
  16. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    With this release version, HMP.A is still generating a ROP mitigation for Glasswire, as I reported here in the beta thread. As a work-around, I disabled the Control-Flow Integrity mitigation.

    Otherwise, I have not experienced any issues.
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Where do I disable that?
     
  18. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Exploit mitigation > Applications > Glasswire > Code Mitigations > Control-Flow Integrity (uncheck)
     
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Aha thanks!

    I had not added Glasswire, it does not show under 'Running applications'.

    I cannot see now how to manually add an application (remind me?), and what template did you add it as?

    Edit: I can see how to add an exclusion, but not an application ...
     
  20. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    In its normal state, Glasswire will be running, but minimized to the notification area of the taskbar
    Double click its icon so that the Glasswire app pops up
    Open the HMP.A window: Exploit mitigation > Running applications > Glasswire (under Not Protected) > Choose Template (I chose Other)
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:
     
  22. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I plugged in my USB drive, to let VEEAM Agent backup the C:\ drive of my office machine.
    With Security Account Manager (SAM) enabled, I got a warning from HMPA, that Windows Defender was blocked...
    Protokollname: Application
    Quelle: HitmanPro.Alert
    Datum: 08.03.2018 01:17:52
    Ereignis-ID: 911
    Aufgabenkategorie:Mitigation
    Ebene: Fehler
    Schlüsselwörter:Klassisch
    Benutzer: Nicht zutreffend
    Computer: HiltiPC
    Beschreibung:
    Mitigation CredGuard

    Platform 6.3.9600/x64 v737 06_3c
    PID 2624
    Application C:\Program Files\Windows Defender\MsMpEng.exe
    Description Antimalware Service Executable 4.10

    SAM access denied.

    Range = LBA 23775456 :512
    Read = LBA 23775456 :64

    Thumbprint
    c3cef35a29c5dc7c0c6ff525fda51dec6036081b4056b821c6d4f7ca38445889
    Ereignis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-03-08T00:17:52.000000000Z" />
    <EventRecordID>202700</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HiltiPC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Program Files\Windows Defender\MsMpEng.exe</Data>
    <Data>CredGuard</Data>
    <Data>Mitigation CredGuard

    Platform 6.3.9600/x64 v737 06_3c
    PID 2624
    Application C:\Program Files\Windows Defender\MsMpEng.exe
    Description Antimalware Service Executable 4.10
     
  23. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Mark, does build 737 resolve the issues described for Vista in this post?

    I am still on build 604 on that PC.

    Thank you.
     
  24. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64: Installed build 737 over beta build 734, NO issues what so ever!
     
  25. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Working fine here ... Win 10 Pro x64 v1709 16299.251.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.