HitmanPro.Alert has a free 30-day trial, with full functionality. After the 30-day trial, HitmanPro.Alert can still be used freely, but without a license the functionality will be limited.
Hello, i am getting some weird errors with the latest Kaspersky 2019 version and the latest hitmanpro alert. i will paste down below what i am getting. Any idea what to do? Thanks in advance. ------ This one is when my computer start, and kaspersky with hitmanpro alert starts aswell. Code: Mitigation CredGuard Platform 10.0.16299/x64 v746 06_5e PID 3892 Application C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe Description Kaspersky Anti-Virus 19 \REGISTRY\MACHINE\SAM\SAM\Domains\Account Process Trace 1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [3892] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe" -r 2 C:\Windows\System32\services.exe [1088] 3 C:\Windows\System32\wininit.exe [84] wininit.exe 4 C:\Windows\System32\smss.exe [1020] \SystemRoot\System32\smss.exe 0000007c 00000080 Thumbprint 368a1bad9d915f938d0b558b13bad211bf6c227c2d202e95f10b55dc77c94562 This one is when i try to update the virus database of kaspersky. Code: Mitigation CredGuard Platform 10.0.16299/x64 v746 06_5e PID 13580 Application C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe Description Kaspersky Anti-Virus 19 SAM access denied. Range = LBA 24423832 :144 Read = LBA 24423904 :32 Process Trace 1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [13580] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe" -host -hostId=78942014 -securityCookie=3892 2 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [3892] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe" -r 3 C:\Windows\System32\services.exe [1088] 4 C:\Windows\System32\wininit.exe [84] wininit.exe 5 C:\Windows\System32\smss.exe [1020] \SystemRoot\System32\smss.exe 0000007c 00000080 Thumbprint 368a1bad9d915f938d0b558b13bad211bf6c227c2d202e95f10b55dc77c94562
Er.. well, that is what I assume, as the info on the website is still the same, and Erik, Mark, or Ronny haven't mentioned any changes regarding trial and free use of HMPA.
In Settings>Advanced Interface, Risk Reduction (orange tile), Credential Theft Protection, do you have SAM (at bottom) enabled? Untick it. I am not sure what the latest status of HmP.A development is with regards to CTP>SAM ( I seem to recall there was some change recently?), perhaps @RonnyT or someone can chime in?
It's unchanged for the moment default off, unless you can live with an occasional alert, or your risk profile demands the locking of access to the SAM.
Oh, alright. Are you working on fixing this? Because it does not feel so good to have to disable a feature of a program just to be able to update another program. :/
Don't think it's too big an issue, SAM is pretty sensitive to a lot of stuff (search SAM on this thread) ... I have it switched off for Macrium Reflect to work.
Wise move. It breaks a lot of imaging software. They white listed some of it, but not sure now exactly what they got. Just leave it off.
In sandboxie running browser (C:\Program Files\Sandboxie\Start.exe" default_browser) that can be protected?
Doesn't work on Windows XP with May 2018 Update for Windows XP (KB4134651) (ntdll.dll / kernel32.dll patch); problem with loading hmpalert.dll
@erikloman @RonnyT maybe it was already asked: the option to manually add an program to be protected (like we have for the exclusions) would be appreciated, some apps like Sync doesn't register in Running Applications, so i can't add it.
Google just updated Chrome to a new point release to address a new zeroday in Flash. After the upgrade, I fired up Chrome (within the Comodo sandbox, aka the Virtual Kiosk) and HMP.A issued the ROP mitigation message below. I closed and re-opened Chrome and the message did not reappear. Code: Mitigation ROP Platform 10.0.17134/x64 v746 06_2a PID 5224 Application C:\program files (x86)\Google\Chrome\application\chrome.exe Description Google Chrome 67 Callee Type AllocateVirtualMemory 0x000015C6B5D04000 (503808 bytes) Branch Trace Opcode To ---------------------------------------- -------- ---------------------------------------- 0x00007FFBA1EBD400 chrome_child.dll RET 0x00007FFBA1ED5A4B chrome_child.dll 0x00007FFBA572CED6 chrome_child.dll RET 0x00007FFBA1EBD3F8 chrome_child.dll 0x00007FFBA1EFE2D5 chrome_child.dll RET 0x00007FFBA1EBD3E8 chrome_child.dll 0x00007FFBA1EBD400 chrome_child.dll RET 0x00007FFBA1ED5A36 chrome_child.dll 0x00007FFBA572CED6 chrome_child.dll RET 0x00007FFBA1EBD3F8 chrome_child.dll 0x00007FFBA1EFE2D5 chrome_child.dll RET 0x00007FFBA1EBD3E8 chrome_child.dll 0x00007FFBA1EBD400 chrome_child.dll RET 0x00007FFBA1ED59CF chrome_child.dll 0x00007FFBA572CED6 chrome_child.dll RET 0x00007FFBA1EBD3F8 chrome_child.dll 0x00007FFBA1EFE2D5 chrome_child.dll RET 0x00007FFBA1EBD3E8 chrome_child.dll RtlAcquireSRWLockExclusive +0x1c RET 0x00007FFBA1ED5989 chrome_child.dll 0x00007FFBE7BA11BC ntdll.dll RtlReleaseSRWLockExclusive +0xc ~ RET 0x00007FFBA1ED592A chrome_child.dll 0x00007FFBE7B9F40C ntdll.dll 0x00007FFBA1ED5B04 chrome_child.dll ~ RET 0x00007FFBA1ED5A1E chrome_child.dll 0x00007FFBA572CED6 chrome_child.dll RET 0x00007FFBA1ED5AFB chrome_child.dll 0x00007FFBA1EAC44F chrome_child.dll ~ RET* 0x00007FFBE4C96B7D bcryptprimitives.dll 458b4d2c MOV R9D, [R13+0x2c] 4503d0 ADD R10D, R8D 458bc6 MOV R8D, R14D 4489542410 MOV [RSP+0x10], R10D 41c1c819 ROR R8D, 0x19 4433c0 XOR R8D, EAX 418bc6 MOV EAX, R14D c1c806 ROR EAX, 0x6 4433c0 XOR R8D, EAX 410fc9 BSWAP R9D 33d6 XOR EDX, ESI 44894c2468 MOV [RSP+0x68], R9D 4503c8 ADD R9D, R8D 4123d6 AND EDX, R14D 33d7 XOR EDX, EDI 458bc2 MOV R8D, R10D (E3A1E084C298C8EA) Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FFBE49C33EB KernelBase.dll VirtualAlloc +0x4b 2 00007FFBA1EAC445 chrome_child.dll 4885c0 TEST RAX, RAX 0f95c0 SETNZ AL 4883c428 ADD RSP, 0x28 c3 RET 3 00007FFBA1ED5AEC chrome_child.dll 4 00007FFBA1ED5A1E chrome_child.dll 5 00007FFBA1ED592A chrome_child.dll 6 00007FFBA1ED5697 chrome_child.dll 7 00007FFBA2183CF5 chrome_child.dll 8 00007FFBA2183A15 chrome_child.dll 9 00007FFBA2183931 chrome_child.dll 10 000015C6B5C841C1 (anonymous; allocated by 00007FFBA1EAC445, chrome_child.dll) Loaded Modules ----------------------------------------------------------------------------- 00007FF791090000-00007FF79121B000 chrome.exe (Google Inc.), version: 67.0.3396.79 00007FFBE7B80000-00007FFBE7D61000 ntdll.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE7720000-00007FFBE77D2000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3B60000-00007FFBE3C9F000 hmpalert.dll (SurfRight B.V.), version: 3.7.7.746 00007FFBE4970000-00007FFBE4BE3000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE7670000-00007FFBE7711000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE7050000-00007FFBE70EE000 msvcrt.dll (Microsoft Corporation), version: 7.0.17134.1 (WinBuild.160101.0800) 00007FFBE6910000-00007FFBE696B000 sechost.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE7540000-00007FFBE7664000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17134.48 (WinBuild.160101.0800) 00007FFBE1FF0000-00007FFBE207B000 apphelp.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE6FA0000-00007FFBE6FA8000 PSAPI.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE5090000-00007FFBE64D0000 SHELL32.dll (Microsoft Corporation), version: 10.0.17134.81 (WinBuild.160101.0800) 00007FFBE4210000-00007FFBE4259000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE40F0000-00007FFBE41EA000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE64D0000-00007FFBE6579000 shcore.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE6970000-00007FFBE6C93000 combase.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE4C90000-00007FFBE4D0A000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE4260000-00007FFBE496D000 windows.storage.dll (Microsoft Corporation), version: 10.0.17134.81 (WinBuild.160101.0800) 00007FFBE6880000-00007FFBE68D1000 shlwapi.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE7850000-00007FFBE7878000 GDI32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3F50000-00007FFBE40E2000 gdi32full.dll (Microsoft Corporation), version: 10.0.17134.81 (WinBuild.160101.0800) 00007FFBE4BF0000-00007FFBE4C8F000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE79C0000-00007FFBE7B50000 USER32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE41F0000-00007FFBE4210000 win32u.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3F30000-00007FFBE3F41000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3EB0000-00007FFBE3ECF000 profapi.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3EE0000-00007FFBE3F2C000 powrprof.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3ED0000-00007FFBE3EDA000 FLTLIB.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBB7710000-00007FFBB77A0000 chrome_elf.dll (Google Inc.), version: 67.0.3396.79 00007FFBE3A60000-00007FFBE3A6A000 VERSION.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE1EE0000-00007FFBE1F03000 WINMM.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3DC0000-00007FFBE3DE8000 USERENV.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBD6C10000-00007FFBD6CED000 WINHTTP.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE1EB0000-00007FFBE1EDA000 WINMMBASE.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE36A0000-00007FFBE36AB000 CRYPTBASE.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE68E0000-00007FFBE690D000 IMM32.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBA1E30000-00007FFBA67D4000 chrome_child.dll (Google Inc.), version: 67.0.3396.79 00007FFBE6D00000-00007FFBE6DED000 COMDLG32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE78F0000-00007FFBE79B2000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17134.48 (WinBuild.160101.0800) 0000023977710000-000002397777C000 WS2_32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE6720000-00007FFBE6871000 ole32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE4FB0000-00007FFBE5007000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17134.81 (WinBuild.160101.0800) 00007FFBE3E90000-00007FFBE3EA2000 MSASN1.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE4D10000-00007FFBE4EF2000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBD1F00000-00007FFBD2169000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 00007FFBD0960000-00007FFBD096C000 Secur32.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBD7F20000-00007FFBD80E9000 dbghelp.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBDDA80000-00007FFBDDA99000 USP10.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBD37C0000-00007FFBD3844000 WINSPOOL.DRV (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE3250000-00007FFBE3288000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBDD6D0000-00007FFBDD89C000 urlmon.dll (Microsoft Corporation), version: 11.00.17134.81 (WinBuild.160101.0800) 00007FFBDA090000-00007FFBDA3AC000 DWrite.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE2A10000-00007FFBE2ACB000 dxgi.dll (Microsoft Corporation), version: 10.0.17134.81 (WinBuild.160101.0800) 00007FFBDA420000-00007FFBDA43A000 dhcpcsvc.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE6DF0000-00007FFBE6DF8000 NSI.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBE0720000-00007FFBE08D4000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17134.1 (WinBuild.160101.0800) 00007FFBE37B0000-00007FFBE37D5000 bcrypt.dll (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) 00007FFBDE680000-00007FFBDE922000 iertutil.dll (Microsoft Corporation), version: 11.00.17134.81 (WinBuild.160101.0800) 00007FFBE3D90000-00007FFBE3DC0000 SSPICLI.DLL (Microsoft Corporation), version: 10.0.17134.1 (WinBuild.160101.0800) Code Injection 0000023975F29000-0000023975F2A000 4KB C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [10892] 00007FFBE7C1A000-00007FFBE7C1B000 4KB 00007FFBE7C1C000-00007FFBE7C1D000 4KB 1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [10892] 2 C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe [9220] "C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe" -v "c:\program files (x86)\google\chrome\application\chrome.exe" 3 C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [5600] 4 C:\Windows\System32\svchost.exe [1668] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 5 C:\Windows\System32\services.exe [892] Process Trace 1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5224] "C:\program files (x86)\google\chrome\application\chrome.exe" --type=renderer --autoplay-policy=document-user-activation-required --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=true --default-tile-width=1024 --default-tile-height=1024 --enab 2 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [10892] 3 C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe [9220] "C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe" -v "c:\program files (x86)\google\chrome\application\chrome.exe" 4 C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [5600] 5 C:\Windows\System32\svchost.exe [1668] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 6 C:\Windows\System32\services.exe [892] Thumbprint b9efd008482727a22acbbb0924e97a88fb53bac714071033f50de3d0336f2a61
not malware . utility as rmprep for usb Malware found: Mal/Generic-S G:\Downloads\_zalmann\UTmake_v2.0\UTmake\UTmake.exe Mitigation MalwareBlocked Platform 6.1.7601/x64 v746 06_1e PID 8012 Application G:\Downloads\_zalmann\UTmake_v2.0\UTmake\UTmake.exe Description Mal/Generic-S SHA256: e4477cae9a662796841026dc6dc1bdf7a5f3d99d4351e63edba604b2f64dd800
I may try that. @RonnyT One thing I have sometimes noticed on Exploit Mitigations>Applications>Exclusions is that only some (e.g. the first half of excluded apps) show on the GUI (though they are 'there' if I click or right-click on empty spaces where they should be). When I find the bottom right space to add an exclusion and add one, all apps pop back up again. Strange, maybe it's just my setup.
You could run into an occassional mitigation-alert. It is a known issue with Sandboxie and Hmp.Alert. The devs are aware of this.
Until now, there was no problem with this setting. Sandboxie (v.5.25.4 beta) and Hitmanpro.Alert (v.3.7.7.746 beta)
I have always had problems between HMPA and SBIE, must be mostly a Win 8 thing. That's why I decided not to use HMPA anymore.
Using Win10 1803 myself: like once a month an alert. I can live with that. Even after a mitigation I can still use the sandboxed Firefox.
The beta has been working rather nice for me, thought it had fixed the issue of garbled input into the Windows start menu when searching for something but then it happened again yesterday. Basically if I hit the windows key and start typing for example "Chrome" it'll turn into gibberish like "f4Xcr2" instead, this issue is fixed by disabling and re-enabling the keyboard encryption.