HitmanPro.ALERT Support and Discussion Thread

My two systems that were running the previous stable release version 3.7.9.759 were automatically updated to 3.7.9.771, some hours ago. So I suppose 3.7.9.771 is no longer release candidate, but it is now the new current stable release version.

 

Yip, on one system here also.

 

HitmanPro.Alert 3.7.9 Build 771 Released

Changelog (compared to build 759)

Added

• Dynamic Shellcode Mitigation aka Heap Heap Protect, which helps prevent threat actors from loading unsafe code into memory). This mitigation is still in silent detection mode.
• Improved Shellcode mitigation (system-wide) to detect backdoor stage/payload on the heap
• Improved Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasion technique
• Reduction of false-positives for DEP alerts in case of crashing applications
• New LoLBin to Application Lockdown
• OpenWith.exe to the Office Template to help mitigate the CVE-2018-8495 exploit attack

Improved

• CryptoGuard to block specific variants of the Dharma ransomware, that include a specific needless action to thwart behavior monitoring
• Dynamic Heap Spray Mitigation to allow certain memory block patterns
• Dynamic Heap Spray compatibility issue's with .NET applications
• Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasions technique
• CryptoGuard compatibility on Windows 10 19H1 (i.e. current Windows Insider preview builds)
• 64-bit call stack parsing (improves stability)
• Code Cave Mitigation, now showing SHA-256 of the process in the Alert Info

Fixed

• Compatibility issue with ESET Smart Security in combination with Google Chrome
• WipeGuard can now handle disks with other sector sizes than 512
• Rare BSOD in WipeGuard when it was running out of stack
• Process Protection user interface menu now correctly disables the features when no valid license is present
• Automatic update when running HitmanPro.Alert in Anti-Ransomware (CryptoGuard) only
• Issue when Anti-Malware is enabled/disabled; the service stopped responding/system became unstable
• Minor update problem in CryptoGuard UI when an attack had occured
• Issue with pipe communication between service and client when volume name is changed
• Hollow Process Mitigation false positive with VMware ThinApps
• Issue that caused Visual Studio's vswhere.exe not to start correctly
• IAT/IAF hardcoded whitelisting not working properly
• Stability issue when report files get corrupted

Removed

• Menu option to enable/disable SMB CryptoGuard protection (crypto-ransomware attack from remote machine); it is always enabled on supported systems, i.e. 64-bit Windows

Download
https://dl.surfright.nl/hmpalert.exe

We've enabled the automatic updater so every user of HitmanPro.Alert is automatically upgraded to this new build.

Thank you everybody that have been testing our beta builds. And we're working on a lot more stuff so new beta's will be coming!

Cheers!
Mark

 

Thanks for posting, SHvFl.
I hope that RonnyT, Erik, or Mark will notice.
Regarding what that person wrote, "I checked their site for contact info and didn't see any," yes, it is rather inconvenient the support address isn't visible on the HMPA support page. It is in 5 out of 11 of the FAQ answers, but that is hardly helpful if the FAQ questions don't match what someone has to ask or to report.

 

Can you give some more info about this, how did it try to bypass behavior monitoring?

 

When purchasing hmpa does hmp come with it or does it have to be purchased seperately?

 

HMP.A includes HMP.

 

Thats good to hear,thanks Krusty

 

Oh ... I was not aware of that. I have each purchased a license for HitmanPro and HitmanPro.Alert over 3 years at Black-Friday special and have activated both licenses. Had I known that, I would have bought two HitmanPro.Alert licenses. Is it possible to upgrade a HitmanPro license? @RonnyT, @markloman, @erikloman

 

Please send your reference id's and question to support@hitmanpro.com so we can handle it from there.

 

Thank you for the great support!

 

Does HitmanPro.Alert conflict with Kaspersky? it's been asserted that "they silently conflict and break functionality." Furthermore that "HMPA should not be run alongside AVs and Internet Suites that have BB and similar modules."

If there is/are such conflict(s) can it/they be remedied in program settings?

 

C:\Users\User\Downloads\flashplayer32pp_xa_install.exe
Lockdown

 

Looks like Comodo Dragon is on the wrong protection profile, can you check on the advanced interface --> applications and find it there.
If it's not under browsers this will happen, in that case untick the "Application lockdown" box for it and reboot the PC then it should work.

 

Is there a way to exclude mitigation Windows System Protection background tasks. Event Viewer Below. Having same issue with windows defender (not shown)

Log Name: Application
Source: HitmanPro.Alert
Date: 1/11/2019 3:44:26 PM
Event ID: 911
Task Category: Mitigation
Level: Error
Keywords: Classic
User: N/A
Computer: Spiderman
Description:
Mitigation CredGuard
Platform 10.0.17134/x64 v771 06_9e
PID 4020
Feature 00170F30000001A2
Application C:\Windows\System32\SrTasks.exe
Description Microsoft® Windows System Protection background tasks. 10
SAM access denied.
Range = LBA 21631520 :256
Read = LBA 21631520 :256
Process Trace
1 C:\Windows\System32\SrTasks.exe [4020]
C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation
2 C:\Windows\System32\svchost.exe [1416]
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="HitmanPro.Alert" />
<EventID Qualifiers="0">911</EventID>
<Level>2</Level>
<Task>9</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-01-11T21:44:26.232734100Z" />
<EventRecordID>19958</EventRecordID>
<Channel>Application</Channel>
<Computer>Spiderman</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\System32\SrTasks.exe</Data>
<Data>CredGuard</Data>
<Data>Mitigation CredGuard

 

As RonnyT replied, in a similar case, March 31, 2018:

 

You are correct it was under office i think and not browser. This seems to happen after a Dragon update.

 

HitmanPro.Alert 3.7.9 Build 773 Released

Changelog (compared to build 771)

Changed

• Changed name for "Dynamic Shellcode Mitigation" back to "Heap Heap Protect". (This mitigation is still in silent detection mode).

Improved

• Heap Heap Protect
• CodeCave

Fixed

• Trend Micro Intruder/Safe Browsing incompatibility

Download
https://dl.surfright.nl/hmpalert.exe

We've enabled the automatic updater so every user of HitmanPro.Alert is automatically upgraded to this new build.
Cheers!
Ronny

 

Build 773 seems to be working nicely here, no issues

 

Hi members,

I've just downloaded and installed HitmanPro (Version 3.8.0 Built 295) and HitmanPro.Alert (Version 3.7.9.773), but NOW Windows 10 Home, built 1803 doesn't starts anymore. Only automatic windows repair helps to start. After that modified start mode, audio doesn't works...
Any help will be appreciated.

Many Thanks,

Erik

 

Hi Erik,
Did you change any of the default settings in HitmanPro.Alert?
If so, which setting or settings did you change?
If you changed any of the default settings in HMPA, does restoring the settings to default help?

 

Hi,
I haven't changed any defaults.

 

Thanks, that's good, so that can't be the cause of your issues, I suppose.

Additional questions:
Did you run a HitmanPro scan and did that find any threats, and did you use HMP to remove those?
If so, what did HitmanPro find and what was removed?
If you don't remember, you can find the log in HitmanPro.

Also:
What other anti-virus/ anti-malware applications are active on your system?

Perhaps other members or the developers have other thoughts about what to ask, and what could be the cause of your issues.

 

Hi Erik,

I noticed you mentioned you also had Hitman Pro installed. After a scan was run was anything removed or in quarantine ?

 

Thanks, Ronald.
That's about the same as I asked in:

I could imagine something was removed that shouldn't be.
If so, I hope it can be restored from quarantine.