What kind of setup are your running? afaik there is only support for Win XP POS and that one isn't on our supported list.
A problem after today’s Norton Live Update and beta 746 (Norton 22.14.2.13). Beta 746 cpu usage of 20% and taskmanager takes 1-2 minutes to appear. To shutdown W10 1803 1734.112 it also takes minutes (Afsluiten...). After several reboots same behaviour. The taskmanager tells me that Hmp.Alert’s status is “onderbroken”.
Open Norton and go to Settings > Antivirus > Scans and Risks tab > scroll down to Items to Exclude from Auto-Protect, SONAR and Download Intelligence Detection > Configure > Add Files > now navigate to hmpalert.exe. On my machines that is in the Program Files (x86) folder, Apply > OK. Done! FYI, I found long ago that it is updates to SONAR that cause the high CPU.
Something else is going on with your machine, deugniet. No problems here on two Win10 x64 1803 machines.
samsung data migration uninstall issue Mitigation Anti-VM Platform 6.1.7601/x64 v746 06_1e PID 5772 Application C:\Users\Emil\AppData\Local\Temp\{A28166A9-802C-49EF-A1B3-994C36F1C2E2}\setup.exe Description InstallScript Setup Launcher Unicode 3.1 VMware Process Trace 1 C:\Users\Emil\AppData\Local\Temp\{A28166A9-802C-49EF-A1B3-994C36F1C2E2}\setup.exe [5772] C:\Users\Emil\AppData\Local\Temp\{A28166A9-802C-49EF-A1B3-994C36F1C2E2}\setup.exe -runfromtemp -l0x0419 -removeonly /z "UNINSTALL" -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{3B304604-0BF5-488E-AB95-F2F2E31206F3}\" -tempdis 2 C:\Program Files (x86)\InstallShield Installation Information\{3B304604-0BF5-488E-AB95-F2F2E31206F3}\setup.exe [7848] "C:\Program Files (x86)\InstallShield Installation Information\{3B304604-0BF5-488E-AB95-F2F2E31206F3}\setup.exe" -runfromtemp -l0x0419 -removeonly /z "UNINSTALL" 3 C:\Windows\SysWOW64\dllhost.exe [9040] C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9} 4 C:\Windows\System32\svchost.exe [936] C:\Windows\system32\svchost.exe -k DcomLaunch Thumbprint 1fce7edbf180ed72f50d12643292a827e1a01163d3a8b953c57faa6b57e7132b
Malware found: App/Generic-MP C:\Users\Emil\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe Mitigation MalwareBlocked Platform 6.1.7601/x64 v746 06_1e PID 5996 Application C:\Users\Emil\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe Description App/Generic-MP SHA256: b5c2ac003b3e1077465332a234607e8e5caeaa699fabf5a0351f780f701cf3a3
D-link wireless uninstall false alert Mitigation Anti-VM Platform 6.1.7601/x64 v746 06_1e PID 6448 Application C:\Users\Emil\AppData\Local\Temp\{106D677B-20FD-4285-A473-4EC98929E4C5}\setup.exe Description InstallScript Setup Launcher 1.0 VMware Process Trace 1 C:\Users\Emil\AppData\Local\Temp\{106D677B-20FD-4285-A473-4EC98929E4C5}\setup.exe [6448] C:\Users\Emil\AppData\Local\Temp\{106D677B-20FD-4285-A473-4EC98929E4C5}\setup.exe -runfromtemp -l0x0419 -removeonly -media_path:"C:\Program Files (x86)\InstallShield Installation Information\{98B82958-1DCA-4504-BE88-C91F1C7A7225}\" -tempdisk1folder:"C:\Us 2 C:\Program Files (x86)\InstallShield Installation Information\{98B82958-1DCA-4504-BE88-C91F1C7A7225}\setup.exe [7952] "C:\Program Files (x86)\InstallShield Installation Information\{98B82958-1DCA-4504-BE88-C91F1C7A7225}\setup.exe" -runfromtemp -l0x0419 -removeonly 3 C:\Program Files\Uninstall Tool\UninstallTool.exe [8824] 4 C:\Program Files\Uninstall Tool\UninstallToolExec.exe [8688] 5 C:\Windows\explorer.exe [2184] 6 C:\Windows\System32\userinit.exe [2936] Thumbprint 1fce7edbf180ed72f50d12643292a827e1a01163d3a8b953c57faa6b57e7132b
I just got this while trying to update the firmware on my PC. Code: Log Name: Application Source: HitmanPro.Alert Date: 24/06/2018 8:39:27 AM Event ID: 911 Task Category: Mitigation Level: Error Keywords: Classic User: N/A Computer: David-HP Description: Mitigation Lockdown Platform 10.0.17134/x64 v746 06_5e PID 9780 Application C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe Description Intel Platform ME Firmware Update 11.8.50 Filename C:\SWSetup\SP87520\SETUP.EXE Created By C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe Command line: "C:\SWSetup\SP87520\SETUP.EXE" FLASH Process Trace 1 C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe [9780] 2 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDIA.exe [10008] "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDIA.exe" hpdia://RemoteFile=https://ftp.hp.com/pub/softpaq/sp87501-88000/sp87520.exe&FileTitle=HP+Consumer+Desktop+/+Notebook+PC+ME+Firmware+Update&LC=en&CC=AU&Source=IMEFW87520 3 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe [8672] "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe" online 00000080-3000-2000-4000-000000000002 "en-US" /Device:CNV6380RZB 4 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [9332] "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /actionsPending 5 C:\Windows\System32\svchost.exe [1380] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 6 C:\Windows\System32\services.exe [848] 7 C:\Windows\System32\wininit.exe [720] wininit.exe Thumbprint c66452e3ddc5ac30b04769928fbe88e502be4471c8720833ff6524a0a7208cd3 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2018-06-23T22:39:27.142607800Z" /> <EventRecordID>18919</EventRecordID> <Channel>Application</Channel> <Computer>David-HP</Computer> <Security /> </System> <EventData> <Data>C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe</Data> <Data>Lockdown</Data> <Data>Mitigation Lockdown Platform 10.0.17134/x64 v746 06_5e PID 9780 Application C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe Description Intel Platform ME Firmware Update 11.8.50 Filename C:\SWSetup\SP87520\SETUP.EXE Created By C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe Command line: "C:\SWSetup\SP87520\SETUP.EXE" FLASH Process Trace 1 C:\Users\David\Downloads\HP Downloads\HP Consumer Desktop Notebook PC ME Firmware Update - sp87520.exe [9780] 2 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDIA.exe [10008] "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDIA.exe" hpdia://RemoteFile=https://ftp.hp.com/pub/softpaq/sp87501-88000/sp87520.exe&FileTitle=HP+Consumer+Desktop+/+Notebook+PC+ME+Firmware+Update&LC=en&CC=AU&Source=IMEFW87520 3 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe [8672] "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFViewer.exe" online 00000080-3000-2000-4000-000000000002 "en-US" /Device:CNV6380RZB 4 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [9332] "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /actionsPending 5 C:\Windows\System32\svchost.exe [1380] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule 6 C:\Windows\System32\services.exe [848] 7 C:\Windows\System32\wininit.exe [720] wininit.exe Thumbprint c66452e3ddc5ac30b04769928fbe88e502be4471c8720833ff6524a0a7208cd3</Data> </EventData> </Event>
Hi Krusty, Under with Exploit Mitigation profile do you have HPSF.exe? If it's under "Other" please disable 'application lockdown' and reboot the machine to try again.
I'm suddenly unable to run a scan with either the beta version or the regular version. Windows 10, fully up to date. Issue persists even after full uninstall and reinstall using Revo. Protections still seem to be in place, just doesn't let me run a manual scan. Anyone else run into this?
Does it show 'Scan failed' immediately or does it show 'Downloading...' first? Can you reach http://get.hitmanpro.com with your browser? if so is your firewall blocking Hitmanpro.Alert (hmpalert.exe) access to the internet? If it shows 'scan failed' directly open explorer navigate to %temp% and delete the hitmanpro.exe that's located there and try again.
Actually not able to reach that website using any browser at all on this system. It auto downloads another without a problem on a secondary system. Not sure what changed. Any suggestion for what to tweak?
Do you suspect the other machine to be infected? I'd download via the working system, copy to the infected one with a clean USB drive and scan the possible infected machine, mark that USB drive as unreliable until you are sure it hasn't been infected by the suspicious machine. On the infected machine can you try to see what a ping get.hitmanpro.com resolves? Open a command-box and type: ping get.hitmanpro.com This should generate ouput like this Pinging get.hitmanpro.com [213.189.27.250] with 32 bytes of data: Reply from 213.189.27.250: bytes=32 time=14ms TTL=118 Reply from 213.189.27.250: bytes=32 time=14ms TTL=118 Reply from 213.189.27.250: bytes=32 time=14ms TTL=118 Reply from 213.189.27.250: bytes=32 time=18ms TTL=118 if you get something else there is malware either tricking you via c:\windows\system32\drivers\etc\hosts file or you DNS got tricked.
Hi Ronny, Yes, HP Support Assistant is protected by the "Other" profile. I'm sure disabling "Application Lockdown" would have worked but I temporarily uninstalled HMP.A until I had upgraded the firmware. I must remember that for next time. Thanks.
I do not believe either machine to be infected. MBAM 3, Rogue Killer, and Windows Defender all seem to agree. I was able to ping the website after switching my VPN. Pinging and downloading a fresh copy of the file now work on and off VPN from all browsers. I am still unable to run a manual scan. The download bar never appears, and the status goes immediately to Failed. I deleted/restored the HOSTS file to default, and no change. Somewhat perplexed at this one.
Finally figured it out, as I remembered this has actually happened before. Might be a known issue, but MBAM Premium 3 was responsible for this. Disabling the real time web protection allows HMPA to update and scan without a problem. So, there you have it.
I had the same problem with MalwareBytes; after updating to the latest component package the web protection was blocking many legitimate websites without warning.
I do not have any HMP files in my Temp folder, only in my Program Files, as far as I can tell. Adding that EXE to the exclusions does not allow for connectivity.