Thank E="Krusty, post: 2741362, member: 124773"]The 'Stable' build is stable on my machines but the 'Beta' build is, well a beta.[/QUOTE] Thank you i may try it
3.7.4 build 734 beta gives a CredGuard warning when opening the Nvidia settings panel from the Systray. Code: Mitigation CredGuard Platform 10.0.16299/x64 v734 06_5e PID 1220 Application C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe Description NVIDIA Container 3.0 Reading LSASS (872) process memory: 0000000000000000 L1128 Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FFFB34865A4 KernelBase.dll ReadProcessMemory +0x14 2 00007FFFB350BD86 KernelBase.dll GetModuleFileNameExA +0x2a6 3 00007FFFB350BBD0 KernelBase.dll GetModuleFileNameExA +0xf0 4 00007FFFB350B954 KernelBase.dll EnumProcessModulesEx +0x84 5 00007FFFAA4D9B72 nvapi64.dll eb03 JMP 0x7fffaa4d9b77 6 00007FFFAA4F7EE8 nvapi64.dll 7 000000005AE5C429 nvxdapix.dll 8 000000005ACDD841 nvxdapix.dll 9 000000005ACCD2B9 nvxdapix.dll 10 000000005AE3713A nvxdapix.dll Process Trace 1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [1220] "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c 2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [1856] "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Local 3 C:\Windows\System32\services.exe [836] 4 C:\Windows\System32\wininit.exe [752] wininit.exe Thumbprint 2f4b65d09160adda754c2bb0d737821c4f2fbc3f7eca31d8c94735b4ba9fd996
3.7.4 build 734 beta generated a ROP mitigation for Glasswire: Code: Mitigation ROP Platform 10.0.16299/x64 v734 06_2a PID 7556 Application C:\Program Files (x86)\GlassWire\GlassWire.exe Description GlassWire 1.2 Branch Trace Opcode To -------------------------------- -------- -------------------------------- GetLastError +0x9 RET +0x1a21a 0x74740859 KernelBase.dll 0x738CA21A hmpalert.dll 0x01D0FAC7 GlassWire.exe ~ RET* VirtualProtect() 0x76D06930 kernel32.dll 8bff MOV EDI, EDI 55 PUSH EBP 8bec MOV EBP, ESP 5d POP EBP ff253012d676 JMP DWORD [0x76d61230] 0x01BF9337 GlassWire.exe RET 0x01C39090 GlassWire.exe 0x01BF9337 GlassWire.exe RET 0x01C39090 GlassWire.exe 0x01BF9337 GlassWire.exe RET 0x01C0D9F2 GlassWire.exe 0x01C3D49A GlassWire.exe ~ RET* 0x01C873D8 GlassWire.exe 89eb MOV EBX, EBP 81c378000000 ADD EBX, 0x78 8b13 MOV EDX, [EBX] 81e201000000 AND EDX, 0x1 81fa00000000 CMP EDX, 0x0 0f840e000000 JZ 0x1c87402 89eb MOV EBX, EBP 81c378000000 ADD EBX, 0x78 81032609b97e ADD DWORD [EBX], 0x7eb90926 81c71c000000 ADD EDI, 0x1c 81c6ffff0000 ADD ESI, 0xffff 29fb SUB EBX, EDI 89e9 MOV ECX, EBP 01cf ADD EDI, ECX 89ff MOV EDI, EDI (96F423B02E959B5F) 0x01BF9337 GlassWire.exe RET 0x01C39090 GlassWire.exe 0x01BF9337 GlassWire.exe RET 0x01C0D9F2 GlassWire.exe 0x01CDC604 GlassWire.exe ~ RET* 0x01C0D86F GlassWire.exe 89fe MOV ESI, EDI 81e780000000 AND EDI, 0x80 89e8 MOV EAX, EBP 09fe OR ESI, EDI 89c6 MOV ESI, EAX bf00040000 MOV EDI, 0x400 05af000000 ADD EAX, 0xaf 8b00 MOV EAX, [EAX] 0508000000 ADD EAX, 0x8 ba00000000 MOV EDX, 0x0 81ef24000000 SUB EDI, 0x24 0fb708 MOVZX ECX, WORD [EAX] 81eeffffff7f SUB ESI, 0x7fffffff 81cf80000000 OR EDI, 0x80 89ef MOV EDI, EBP (137C2CA50A85A19B) 0x01C3D49A GlassWire.exe ~ RET* 0x01BF0EDA GlassWire.exe 89ee MOV ESI, EBP 81c6af000000 ADD ESI, 0xaf 8b36 MOV ESI, [ESI] 81c600000000 ADD ESI, 0x0 0fb70e MOVZX ECX, WORD [ESI] 89ea MOV EDX, EBP 81c233000000 ADD EDX, 0x33 2b0a SUB ECX, [EDX] 89ef MOV EDI, EBP 81c7af000000 ADD EDI, 0xaf 89ee MOV ESI, EBP 81c6af000000 ADD ESI, 0xaf 8b3f MOV EDI, [EDI] 81c708000000 ADD EDI, 0x8 8b36 MOV ESI, [ESI] 81c600000000 ADD ESI, 0x0 (C86B83924C1B4B35) 0x01D0BDF7 GlassWire.exe ~ RET* 0x01C3CC48 GlassWire.exe 89e9 MOV ECX, EBP 81c1af000000 ADD ECX, 0xaf 8b09 MOV ECX, [ECX] 81c100000000 ADD ECX, 0x0 0fb739 MOVZX EDI, WORD [ECX] 01ef ADD EDI, EBP 8b3f MOV EDI, [EDI] 21fa AND EDX, EDI 9c PUSHF 81f76e9c0e66 XOR EDI, 0x660e9c6e b800000000 MOV EAX, 0x0 89ee MOV ESI, EBP 81c6af000000 ADD ESI, 0xaf 8b36 MOV ESI, [ESI] 81c608000000 ADD ESI, 0x8 668b06 MOV AX, [ESI] (EEB0A8EEA57AC632) 0x01CDC604 GlassWire.exe ~ RET* 0x01BF0EDA GlassWire.exe 89ee MOV ESI, EBP 81c6af000000 ADD ESI, 0xaf 8b36 MOV ESI, [ESI] 81c600000000 ADD ESI, 0x0 0fb70e MOVZX ECX, WORD [ESI] 89ea MOV EDX, EBP 81c233000000 ADD EDX, 0x33 2b0a SUB ECX, [EDX] 89ef MOV EDI, EBP 81c7af000000 ADD EDI, 0xaf 89ee MOV ESI, EBP 81c6af000000 ADD ESI, 0xaf 8b3f MOV EDI, [EDI] 81c708000000 ADD EDI, 0x8 8b36 MOV ESI, [ESI] 81c600000000 ADD ESI, 0x0 (C86B83924C1B4B35) 0x01C28067 GlassWire.exe ~ RET* 0x01C8BD1C GlassWire.exe 89ef MOV EDI, EBP be00000000 MOV ESI, 0x0 89eb MOV EBX, EBP 81c3af000000 ADD EBX, 0xaf 81c733000000 ADD EDI, 0x33 8b1b MOV EBX, [EBX] 89f8 MOV EAX, EDI 81c30b000000 ADD EBX, 0xb 89ef MOV EDI, EBP 668b33 MOV SI, [EBX] 01ee ADD ESI, EBP ba00000000 MOV EDX, 0x0 89eb MOV EBX, EBP 81c3af000000 ADD EBX, 0xaf 81c70d000000 ADD EDI, 0xd 0b0f OR ECX, [EDI] (A155113306A40655) Stack Trace # Address Module Location -- -------- ------------------------ ---------------------------------------- 1 01DDC3B6 GlassWire.exe 51 PUSH ECX 60 PUSHA 0f8800000000 JS 0x1ddc3be 57 PUSH EDI 5f POP EDI 50 PUSH EAX 52 PUSH EDX 0f31 RDTSC 5a POP EDX 58 POP EAX 61 POPA 60 PUSHA 60 PUSHA 61 POPA 0f8a00000000 JP 0x1ddc3d0 60 PUSHA Process Trace 1 C:\Program Files (x86)\GlassWire\GlassWire.exe [7556] "C:\Program Files (x86)\GlassWire\GlassWire.exe" -hide 2 C:\Windows\explorer.exe [1288] 3 C:\Windows\System32\userinit.exe [5324] 4 C:\Windows\System32\winlogon.exe [948] winlogon.exe 5 C:\Windows\System32\smss.exe [784] \SystemRoot\System32\smss.exe 000000e4 00000080 Thumbprint f86ad803fc099b13b42c23c1fe2ca6c966b1d6eae05e25d8cfcc0f8e86a30da0
Great question. I added it a while back, but only experienced the mitigation (the one time) recently.
I'm using 3.7.3.b729 but even though I've added an exception to a specific .exe, when I try to open it, it's still blocked as "Malware" Do I need to reboot the PC for it to become active?
The feature "Real-time Anti-Malware" is blocking it and at the moment no exclusions can be created for it. It was planned last year but it hasn't appeared yet in newer versions. So, before you want to launch a blocked application you need to turn the Anti-Malware feature off.
Not that I'm aware of, however I did turn off exploit protection in Windows Defender (in the App and Browser Control section).
1 Does HMPA work well with Windows 10 RS4 April Update? 2 Is it compatible with the Core Isolation feature of this update? 3 What is the latest beta version of HMPA that is relatively issue-free?
3.7.6 build 739 hasn't been naughty after I upgraded to 1803 yesterday. So for me it seems that all is well.
Thanks, guys. Many security solutions are hampered if you enable Core isolation. Anyone know how it impacts HMPA?
Can you write a little more about this? What will it be like? What new features will it contain? etc., etc. About when will these versions appear? Thanks in advance for your answer.
HitmanPro.Alert 3.7.7 Build 746 BETA Changelog (compared to build 739) Improved General performance Improved Credential Theft Protection, LSASS protection Improved Java mitigation profile, removed obsolete protections for Java processes Improved Intruder detection for trickbot Improved Office & IE11 compatibility Added wmic.exe to Application Lockdown to block abuse used in SquiblyTwo attack Added Japanese language Fixed Bug in mono (.NET xPlatform lib) causing a CallerCheck Fixed IE Godmode False positives Fixed Potential BSOD in CryptoGuard Fixed LoadLib Alert in Firefox when loading NPAPI plugin(s) Fixed Windows 7 hanging on shutdown Fixed WipeGuard on Hyper-V guest systems Several other minor fixes and improvements Download (with drivers co-signed by Microsoft) http://test.hitmanpro.com/hmpalert3b746.exe Please let us know how this version runs on your machine. Thanks!
I'm trying the latest beta on Windows 10 x64 Version 1703 Educational Edition with all updates in Virtualbox. The first time I Iaunched Firefox HMPA notified me that FF was being protected. I've closed, and launched FF several times since, and HMPA is no longer notifying me that the browser is being protected. I verified that HMPA is still injecting into FF using Process Explorer so I think it's still protected. Should HMPA notify the user that their browser is being protected each time they launch their browser again? Edited 5/25/18 @ 11:39 I can see the border showing Safe Browsing, Exploit Mitigation, and Keystroke Encryption now. It's a little tough to being up due to the dimensions of my VM. I'm just needing to know if I should get a flyout prompt each time I open my browser notifying me that the browser is being protected.