HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    196
    Last edited: May 7, 2018
  2. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
    @markloman @erikloman
    Is the current version of HMPA 3.7.6 build 739 compatible with HVCI (Hypervisor Code Integrity)?

    It looks like Windows 10 RS4 enables parts of VBS (virtualization-based security) by default (like mentioned here: https://techcommunity.microsoft.com...Making-a-leap-forward-in-platform/td-p/167303).
    I planned to enable the new feature called "Memory integrity" (which basically is HVCI) but to check for compatibility I first used the "Device Guard and Credential Guard hardware readiness tool": https://www.microsoft.com/en-us/download/details.aspx?id=53337
    (Windows Defender Device Guard is btw the old name for using code integrity - which has been renamed to WDAC (Windows Defender Application Control) - and protecting it with HVCI - which in turn needs VBS to work properly. Yeah, I know... acronyms...)

    After I ran it with
    Code:
    DG_Readiness_Tool_v3.4.ps1 -Capable -HVCI
    I had to reboot (because it enables Driver Verifier).
    Afterwards HMPA was not starting anymore during startup. Event log showed the following:
    Code:
    Der Dienst "hmpalertsvc" ist vom Dienst "hmpalert" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
    Ein an das System angeschlossenes Gerät funktioniert nicht.
    (Which basically says that the "hmpalertsvc" service can't run because service "hmpalert" does not start.)

    After running
    Code:
    DG_Readiness_Tool_v3.4.ps1 -Capable -HVCI
    again I basically got the result that my system would be compatible:
    ###########################################################################
    Readiness Tool Version 3.4 Release.
    Tool to check if your device is capable to run Device Guard and Credential Guard.
    ###########################################################################
    ###########################################################################
    OS and Hardware requirements for enabling Device Guard and Credential Guard
    1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home
    2. Hardware: Recent hardware that supports virtualization extension with SLAT
    To learn more please visit: https://aka.ms/dgwhcr
    ###########################################################################

    Checking if the device is DG/CG Capable
    ====================== Step 1 Driver Compat ======================
    Driver verifier already enabled
    ====================== Step 2 Secure boot present ======================
    Secure Boot is present
    ====================== Step 3 OS Architecture ======================
    64 bit arch.....
    ====================== Step 4 Supported OS SKU ======================
    This PC edition is Supported for DeviceGuard
    ====================== Step 5 Virtualization Firmware ======================
    Virtualization firmware check passed
    ====================== Step 6 NX Protector ======================
    NX Protector is absent
    ====================== Step 7 SMM Mitigation ======================
    SMM Mitigation is absent
    ====================== End Check ======================
    ====================== Summary ======================
    Device Guard / Credential Guard can be enabled on this machine.

    The following additional qualifications, if present, can enhance the security of Device Guard / Credential Guard on this system:
    NX Protector is absent
    SMM Mitigation is absent

    To learn more about required hardware and software please visit: https://aka.ms/dgwhcr
    (For anyone trying trying this too, I would suggest to run "verifier /reset" (in Admin-CMD) afterwards and reboot to make sure that Driver Verifier is disabled again. This will make HMPA work again.)

    But I still did not proceed with enabling HVCI (aka "Memory integrity") because of the following (you can also read online of many compatibility issues when enabling this feature):
    If you check the "DeviceGuardCheckLog.txt" under "C:\DGLogs" you can see a detailed list of all drivers loading during startup. Together with some few other drivers I noticed that the "hmpalert.sys" modul was loaded and directly unloaded again. (Just like some other possibly incompatible drivers like "magdrvamd64.sys" which is part of Samsung Magician, a tool for Samsung SSD. Whereas for example the "epp.sys" driver from Emsisoft at least runs but shows some issues under "Code Integrity Statistics".)

    --> So my guess would be that in the current version HMPA is not yet compatible with HVCI.
    (Just to be clear: I never actually activated HVCI but simply used the DG Readiness Tool which enabled the Driver Verifier with the code integrity option flag 0x02000000. This was enough to block HMPA from running.)

    By the way (just to put some well-meant pressure on you ;)): Malwarebytes Anti-Exploit and Comodo Internet Security were both updated lately for HVCI compliance.

     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Installed latest hmp alert on a new laptop. No problems so far.
     
  4. emil emil

    emil emil Registered Member

    Joined:
    May 5, 2016
    Posts:
    28
    False detection
    CrystalBit Solutions

    ~virus total results removed as per policy
    https://www.wilderssecurity.com/thr...-posting-of-jotti-virus-total-results.180057/



    https://www.crystalidea.com/uninstall-tool

    Malware found:
    App/CryIdUn-ins
    D:\Загрузки\uninstalltool_setup (1).exe
    Mitigation MalwareBlocked

    Platform 6.1.7601/x86 v739 06_2a
    PID 5340
    Application D:\Загрузки\uninstalltool_setup (1).exe
    Description App/CryIdUn-ins

    SHA256: ac15c79443963696e223c70d923be9c1f23dad83ef646a7c63c5ec1018d2792d
     
    Last edited by a moderator: May 10, 2018
  5. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    I recently discovered that HMP.A is not running on my computer.

    When I try to launch it from the Start Menu I get the message:
    "The following service is not running: HitmanPro.Alert service. Please reboot the computer to resolve this issue." I rebooted, but to no effect.

    I then opened the Services MMC and attempted to manually start the HMP.A service and received the following message:
    "Windows could not start the HitmanPro.Alert service on the Local Computer. Error 1068: The dependency service or group failed to start."

    I then looked in the Event Viewer and found a couple of errors generated by the Service Control Manager:
    "The HitmanPro.Alert service service depends on the HitmanPro.Alert Support Driver service which failed to start because of the following error:
    The specified procedure could not be found."

    "The HitmanPro.Alert Support Driver service failed to start due to the following error:
    "The specified procedure could not be found."

    When I dug a little deeper, I found the following error message that had been repeating periodically since May 2nd, the day after I upgraded Windows to 1803:
    "The hmpalertsvc service depends on the hmpalert service which failed to start because of the following error:
    A device attached to the system is not functioning."

    I attempted to uninstall and re-install HMP.A, but it did not resolve the problem.

    Please assist.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Was the uninstall successful - any error messages? - and did you reboot before reinstalling?
     
  7. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Hi Victek,

    Thank you for the quick reply. The quick answers are yes, no, and yes.
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    You could try uninstalling again using something like Revo to make sure nothing is being left behind.
     
  9. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Just tried it. No luck.
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I have a license key for HMP. Is that same license key good for HMPA?
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    No. A HMP.A key includes HMP but a HMP key does not include HMP.A.
     
  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @TomAZ,
    It is as Krusty says.
    However, if you bought your HMP license before 2016, the invoice said "This license works on HitmanPro.Alert and HitmanPro".
    Since 2016, new HMP licenses no longer include HMPA, so for HMPA you need a HMPA license.
    I don't know the exact date in 2016 this change came in effect.
     
  13. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    This is my situation exactly. So, if I purchase a HMPA license, do I enter the license key in HMPA -- or in HMP -- or both??
     
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    If you have a HMPA license, enter the key in HMPA.
    After activating the license in HMPA, you can open HMP, and you will see the license is automatically picked up in HMP.
     
  15. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Thank you -- that's exactly what I wanted to know.
     
  16. cantoris

    cantoris Registered Member

    Joined:
    Apr 3, 2005
    Posts:
    9
    In case this helps anyone else, I just had to disable "Risk Reduction" - "Process Protection" - "Asynchronous Procedure Calls" in order for Far Cry 5 to be able to launch via UPlay. I'm guessing it's something to do with EasyAntiCheat. I don't know if you can turn off a mitigation on a per-process basis.
     
  17. jjc225

    jjc225 Registered Member

    Joined:
    Nov 25, 2010
    Posts:
    282
    I need to move my license for Hitman Pro Alert from one computer to another. How do I do this? I see no way of contacting support to ask how to do this.
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Send a dm to Erik or Mark Loman.
     
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    As deugniet says.
    Apart from @erikloman or @markloman, also @RonnyT may be able to help.
    Sending a direct message is done by "Start a Conversation".
    Also there is the e-mail contact option offered at the HitmanPro.Alert Support page, for instance, under "I get error message maximum number of activations. What should I do?"
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Thanks, Krusty.
    I always forget whether or not we're supposed or allowed to mention that on Wilders.
    That's why I was referring to the support page the way I did.
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    :) No problem. I got away with it once before so figured it was OK, but if not you can always do this;
    support@hitmanpro.com
    Code:
    [PLAIN]support@hitmanpro.com[/PLAIN]
     
    Last edited: Jun 17, 2018
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    And RonnyT of course ;)
     
  24. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    I meant, that support address is semi-hidden on the website, so I'm not sure if we're free to mention it on Wilders.
    I guess I must be overly careful. ;)
     
  25. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Hi guys,

    After activating HMP.A on my new Lenovo X1 Tablet (3rd gen) I noticed that the expiry date does not match the date on my desktop.
    Desktop has 272 days left
    X1 has 268 days left.

    Is it possible to check which license key is active?
    Already checked the registry but I couldn't find it.
    Thanks in advance for your help.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.