Your previous screenshot showed it in \Program files (x86)\JDownloader hence I assumed 32bit. I ran a fresh install in the user profile folder, and the machine did not have Java installed, I also see sandboxie running is anything for JDownloader configured to run sandboxed?
"I also see sandboxie running is anything for JDownloader configured to run sandboxed?" JDownloader is not running in the sandbox.
I updated the YetAnotherFaviconDownloader.plgx plugin of KeePass 2 (KeePass 2.41) from 1.2 to 1.2.1.0 and then alerted HitmanPro.Alert (3.7.9 build 777). https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/releases Code: Napló neve: Application Forrás: HitmanPro.Alert Dátum: 2019. 04. 01. 6:08:21 Eseményazonosító:911 Feladatkategória:Mitigation Szint: Hiba Kulcsszavak: Klasszikus Felhasználó: n.a. Számítógép: DESKTOP-J0VB0BC Leírás: Mitigation Lockdown Timestamp 2019-04-01T04:08:21 Platform 10.0.17763/x64 v777 06_9e PID 9212 Feature 00171A361FBF01B6 Application C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe Created 2018-09-11T05:00:14 Modified 2019-01-09T09:58:38 Description KeePass 2.41 Filename C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Command line: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\3nfoa03i.cmdline" Loaded Modules ----------------------------------------------------------------------------- 0000000000DE0000-0000000001104000 KeePass.exe (Dominik Reichl), version: 2.41.0.0 00007FFC1C520000-00007FFC1C70D000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC1A710000-00007FFC1A7C3000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC0E140000-00007FFC0E1A4000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC187D0000-00007FFC18A63000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18140000-00007FFC18326000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.777 00007FFC1A1D0000-00007FFC1A273000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19DC0000-00007FFC19E5E000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 00007FFC1A120000-00007FFC1A1BE000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C050000-00007FFC1C172000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC0DFA0000-00007FFC0E03C000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC1BF70000-00007FFC1BFC2000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1A3E0000-00007FFC1A70D000 combase.dll (Microsoft Corporation), version: 10.0.17763.253 (WinBuild.160101.0800) 00007FFC18A90000-00007FFC18B8A000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC186C0000-00007FFC1873E000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19E60000-00007FFC19E89000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC195B0000-00007FFC1974A000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.316 (WinBuild.160101.0800) 00007FFC194C0000-00007FFC19560000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC1A830000-00007FFC1A9C7000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC18A70000-00007FFC18A90000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19D90000-00007FFC19DBE000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18520000-00007FFC18531000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC13570000-00007FFC1357A000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD6300000-00007FFBD6CED000 clr.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD6E90000-00007FFBD6F87000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFBD4D60000-00007FFBD62F1000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC1A280000-00007FFC1A3D5000 ole32.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC16970000-00007FFC16A0C000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBED930000-00007FFBED94C000 StartMenuXHook.dll (OrdinarySoft.), version: 5.8.1.0 00007FFBEC0B0000-00007FFBEC159000 COMCTL32.dll (Microsoft Corporation), version: 5.82 (WinBuild.160101.0800) 00007FFC185F0000-00007FFC18607000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17770000-00007FFC177A3000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC187A0000-00007FFC187C6000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17D80000-00007FFC17D8C000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD4110000-00007FFBD4D51000 System.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD3710000-00007FFBD410B000 KeePass.ni.exe (Dominik Reichl), version: 2.41.0.0 00007FFBD3520000-00007FFBD3709000 System.Drawing.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFBD25D0000-00007FFBD351D000 System.Windows.Forms.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC1C3E0000-00007FFC1C488000 ShCore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD1B80000-00007FFBD25D0000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD6D60000-00007FFBD6E8B000 System.Configuration.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFBD12F0000-00007FFBD1B7C000 System.Xml.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC1A9D0000-00007FFC1BEC0000 shell32.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC19560000-00007FFC195AA000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18B90000-00007FFC192DA000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18540000-00007FFC18564000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18570000-00007FFC185CD000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC07580000-00007FFC077F9000 comctl32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 00007FFC16D80000-00007FFC16DAE000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC192E0000-00007FFC194BB000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC185D0000-00007FFC185E2000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD11C0000-00007FFBD12EB000 clrjit.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC07570000-00007FFC0757C000 secur32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18450000-00007FFC1847F000 SSPICLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C180000-00007FFC1C2EA000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC19F20000-00007FFC19FEB000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFBF14B0000-00007FFBF1655000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFBF8B50000-00007FFBF8E4F000 DWrite.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFBD1120000-00007FFBD11B9000 RichEd20.DLL (Microsoft Corporation), version: 5.31.23.1231 00007FFBD8EB0000-00007FFBD8EC9000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD10E0000-00007FFBD1119000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 00007FFC13B00000-00007FFC13CB8000 WindowsCodecs.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 00007FFC1BEC0000-00007FFC1BF62000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 00007FFBED110000-00007FFBED166000 dataexchange.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC15400000-00007FFC1567E000 d3d11.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC15DA0000-00007FFC15F63000 dcomp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC170B0000-00007FFC17172000 dxgi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC16A90000-00007FFC16C9D000 twinapi.appcore.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC16A40000-00007FFC16A68000 RMCLIENT.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFBD1030000-00007FFBD10D4000 tiptsf.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFA310000-00007FFBFA3A5000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC144E0000-00007FFC14802000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 00007FFC15F70000-00007FFC16052000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.194 00007FFC173F0000-00007FFC17421000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC13F60000-00007FFC140B3000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC14F50000-00007FFC14F63000 wtsapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17460000-00007FFC174B8000 WINSTA.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC0E880000-00007FFC0EA56000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.379 (WinBuild.160101.0800) 00007FFC07820000-00007FFC07AC8000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.379 (WinBuild.160101.0800) 00007FFC14D70000-00007FFC14F18000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.348 (WinBuild.160101.0800) 00007FFC03AD0000-00007FFC03ADE000 httpapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C2F0000-00007FFC1C35D000 ws2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17BB0000-00007FFC17C17000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC17960000-00007FFC17A26000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC19E90000-00007FFC19E98000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17910000-00007FFC1794D000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC073C0000-00007FFC073CA000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC0A720000-00007FFC0A799000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBEE2A0000-00007FFBEE2A9000 IconCodecService.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17E10000-00007FFC17E35000 wldp.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18740000-00007FFC18799000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18420000-00007FFC18448000 USERENV.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [9212] 2019-04-01T04:08:19 2 C:\Windows\explorer.exe [6312] 2019-04-01T04:08:01 3 C:\Windows\System32\userinit.exe [6168] 2019-04-01T04:08:00 Thumbprint f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5 Esemény XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2019-04-01T04:08:21.484434600Z" /> <EventRecordID>18192</EventRecordID> <Channel>Application</Channel> <Computer>DESKTOP-J0VB0BC</Computer> <Security /> </System> <EventData> <Data>C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe</Data> <Data>Lockdown</Data> <Data>Mitigation Lockdown Timestamp 2019-04-01T04:08:21 Platform 10.0.17763/x64 v777 06_9e PID 9212 Feature 00171A361FBF01B6 Application C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe Created 2018-09-11T05:00:14 Modified 2019-01-09T09:58:38 Description KeePass 2.41 Filename C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Command line: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\3nfoa03i.cmdline" Loaded Modules ----------------------------------------------------------------------------- 0000000000DE0000-0000000001104000 KeePass.exe (Dominik Reichl), version: 2.41.0.0 00007FFC1C520000-00007FFC1C70D000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC1A710000-00007FFC1A7C3000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC0E140000-00007FFC0E1A4000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC187D0000-00007FFC18A63000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18140000-00007FFC18326000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.777 00007FFC1A1D0000-00007FFC1A273000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19DC0000-00007FFC19E5E000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 00007FFC1A120000-00007FFC1A1BE000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C050000-00007FFC1C172000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC0DFA0000-00007FFC0E03C000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC1BF70000-00007FFC1BFC2000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1A3E0000-00007FFC1A70D000 combase.dll (Microsoft Corporation), version: 10.0.17763.253 (WinBuild.160101.0800) 00007FFC18A90000-00007FFC18B8A000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC186C0000-00007FFC1873E000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19E60000-00007FFC19E89000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC195B0000-00007FFC1974A000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.316 (WinBuild.160101.0800) 00007FFC194C0000-00007FFC19560000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC1A830000-00007FFC1A9C7000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC18A70000-00007FFC18A90000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC19D90000-00007FFC19DBE000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18520000-00007FFC18531000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC13570000-00007FFC1357A000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD6300000-00007FFBD6CED000 clr.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD6E90000-00007FFBD6F87000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFBD4D60000-00007FFBD62F1000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC1A280000-00007FFC1A3D5000 ole32.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC16970000-00007FFC16A0C000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBED930000-00007FFBED94C000 StartMenuXHook.dll (OrdinarySoft.), version: 5.8.1.0 00007FFBEC0B0000-00007FFBEC159000 COMCTL32.dll (Microsoft Corporation), version: 5.82 (WinBuild.160101.0800) 00007FFC185F0000-00007FFC18607000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17770000-00007FFC177A3000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC187A0000-00007FFC187C6000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17D80000-00007FFC17D8C000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD4110000-00007FFBD4D51000 System.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD3710000-00007FFBD410B000 KeePass.ni.exe (Dominik Reichl), version: 2.41.0.0 00007FFBD3520000-00007FFBD3709000 System.Drawing.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFBD25D0000-00007FFBD351D000 System.Windows.Forms.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC1C3E0000-00007FFC1C488000 ShCore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD1B80000-00007FFBD25D0000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFBD6D60000-00007FFBD6E8B000 System.Configuration.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFBD12F0000-00007FFBD1B7C000 System.Xml.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC1A9D0000-00007FFC1BEC0000 shell32.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC19560000-00007FFC195AA000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18B90000-00007FFC192DA000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18540000-00007FFC18564000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18570000-00007FFC185CD000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC07580000-00007FFC077F9000 comctl32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 00007FFC16D80000-00007FFC16DAE000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC192E0000-00007FFC194BB000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC185D0000-00007FFC185E2000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD11C0000-00007FFBD12EB000 clrjit.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC07570000-00007FFC0757C000 secur32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC18450000-00007FFC1847F000 SSPICLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C180000-00007FFC1C2EA000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC19F20000-00007FFC19FEB000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFBF14B0000-00007FFBF1655000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFBF8B50000-00007FFBF8E4F000 DWrite.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFBD1120000-00007FFBD11B9000 RichEd20.DLL (Microsoft Corporation), version: 5.31.23.1231 00007FFBD8EB0000-00007FFBD8EC9000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBD10E0000-00007FFBD1119000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 00007FFC13B00000-00007FFC13CB8000 WindowsCodecs.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 00007FFC1BEC0000-00007FFC1BF62000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 00007FFBED110000-00007FFBED166000 dataexchange.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC15400000-00007FFC1567E000 d3d11.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC15DA0000-00007FFC15F63000 dcomp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC170B0000-00007FFC17172000 dxgi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC16A90000-00007FFC16C9D000 twinapi.appcore.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC16A40000-00007FFC16A68000 RMCLIENT.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFBD1030000-00007FFBD10D4000 tiptsf.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFA310000-00007FFBFA3A5000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC144E0000-00007FFC14802000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 00007FFC15F70000-00007FFC16052000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.194 00007FFC173F0000-00007FFC17421000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC13F60000-00007FFC140B3000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC14F50000-00007FFC14F63000 wtsapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17460000-00007FFC174B8000 WINSTA.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC0E880000-00007FFC0EA56000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.379 (WinBuild.160101.0800) 00007FFC07820000-00007FFC07AC8000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.379 (WinBuild.160101.0800) 00007FFC14D70000-00007FFC14F18000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.348 (WinBuild.160101.0800) 00007FFC03AD0000-00007FFC03ADE000 httpapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC1C2F0000-00007FFC1C35D000 ws2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17BB0000-00007FFC17C17000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC17960000-00007FFC17A26000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC19E90000-00007FFC19E98000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17910000-00007FFC1794D000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC073C0000-00007FFC073CA000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC0A720000-00007FFC0A799000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBEE2A0000-00007FFBEE2A9000 IconCodecService.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17E10000-00007FFC17E35000 wldp.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18740000-00007FFC18799000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC18420000-00007FFC18448000 USERENV.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [9212] 2019-04-01T04:08:19 2 C:\Windows\explorer.exe [6312] 2019-04-01T04:08:01 3 C:\Windows\System32\userinit.exe [6168] 2019-04-01T04:08:00 Thumbprint f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5</Data> </EventData> </Event>
Exclusion does not work with Media Player Classic - Black Edition software. Without it, the video player does not start. Can I manually add a program to exclusions? Need help quickly. Please! Windows 10 v.1809 build: 17763.404. HitmanPro.Alert version 3.7.9 build 777 Forrás MPC-BE x64 Összegzés Működésképtelenné vált Dátum 2019. 04. 03. 7:30 Állapot Jelentés elküldve Leírás A hibát okozó alkalmazás elérési útja: C:\Program Files\MPC-BE x64\mpc-be64.exe Probléma-aláírás Problémaesemény neve: APPCRASH Alkalmazásnév: mpc-be64.exe Alkalmazásverzió: 1.5.3.4488 Alkalmazás időbélyegzője: 5ca1b2bc Hiba – modul neve: hmpalert.dll Hiba – modul verziója: 3.7.9.777 Hiba – modul időbélyegzője: 5c8f9e4f Kivételkód: c0000005 Kivétel – eltolás: 00000000000db458 Operációs rendszer verziója: 10.0.17763.2.0.0.256.48 Területibeállítás-azonosító: 1038 További információk 1: 2a05 További információk 2: 2a05f37aac27d31c6bbf06b3253ae4b6 További információk 3: 77fe További információk 4: 77fede194f50b7dfaca06fae569b711e További adatok a problémáról Gyűjtőazonosító: 09adb07d017514686f9d0814c8faf144 (2277985871883596100) If I delete from Media programs, this error will occur. Forrás MPC-BE x64 Összegzés Működésképtelenné vált Dátum 2019. 04. 03. 8:06 Állapot Jelentés elküldve Leírás A hibát okozó alkalmazás elérési útja: C:\Program Files\MPC-BE x64\mpc-be64.exe Probléma-aláírás Problémaesemény neve: APPCRASH Alkalmazásnév: mpc-be64.exe Alkalmazásverzió: 1.5.3.4488 Alkalmazás időbélyegzője: 5ca1b2bc Hiba – modul neve: hmpalert.dll Hiba – modul verziója: 3.7.9.777 Hiba – modul időbélyegzője: 5c8f9e4f Kivételkód: c000041d Kivétel – eltolás: 0000000000052d8b Operációs rendszer verziója: 10.0.17763.2.0.0.256.48 Területibeállítás-azonosító: 1038 További információk 1: 68d5 További információk 2: 68d5121a275e299af7c721e6f63ef20b További információk 3: 3043 További információk 4: 3043f11465d05212fdc6a359a988a736 További adatok a problémáról Gyűjtőazonosító: 16001b00b946cde2dd736d643afbfb89 (2122160126675385225) If I uninstall HitmanPro.Alert, then everything OK, Media Player Classic - Black Edition works well.
From your post, it's not clear to me whether you tried this: Click Add exclusion, navigate to MPC-BE, select mpc-be64.exe, and add it as exclusion by clicking "Megnyitás" (Open). On Windows 7 x64 with HMPA 3.7.9.775 that stil works for MPC-BE. I haven't tested on Windows 10 with HMPA 3.7.9.777.
The pictures show that I started with this and it doesn't work. The file was not included in the exclusions. That's one of my problems.
Of course it didn't show whether or not you clicked "Megnyitás" (Open), so I had to ask. I don't know why adding mpc-be64.exe doesn't work, on your installation. I hope that others on Windows 10 using MPC-BE can test it, and that someone can come up with an explanation and a solution for your problem.
Judging from your previous issue and the actual issue, I guess you have overdone with tweaking. When your system is borked, better start from scratch...
I can't use the PasswordChang Assistant.plgx (https://sourceforge.net/projects/passwordchangeassistant/) plugin because it has triggered HitmanPro.Alert. Code: Napló neve: Application Forrás: HitmanPro.Alert Dátum: 2019. 04. 07. 6:28:46 Eseményazonosító:911 Feladatkategória:Mitigation Szint: Hiba Kulcsszavak: Klasszikus Felhasználó: n.a. Számítógép: DESKTOP-J0VB0BC Leírás: Mitigation Lockdown Timestamp 2019-04-07T04:28:46 Platform 10.0.17763/x64 v777 06_9e PID 11200 Feature 00171A361FBF01B6 Application C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe Created 2018-09-11T05:00:14 Modified 2019-01-09T09:58:38 Description KeePass 2.41 Filename C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Command line: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\2g0zl43l.cmdline" Loaded Modules ----------------------------------------------------------------------------- 00000000005F0000-0000000000914000 KeePass.exe (Dominik Reichl), version: 2.41.0.0 00007FFC55260000-00007FFC5544D000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC52530000-00007FFC525E3000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC47280000-00007FFC472E4000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51EF0000-00007FFC52183000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC50E80000-00007FFC51066000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.777 00007FFC54540000-00007FFC545E3000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC54DC0000-00007FFC54E5E000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 00007FFC525F0000-00007FFC5268E000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52E30000-00007FFC52F52000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC46FB0000-00007FFC4704C000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC54D00000-00007FFC54D52000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC548B0000-00007FFC54BDC000 combase.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51B90000-00007FFC51C8A000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51C90000-00007FFC51D0E000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC55200000-00007FFC55229000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC522F0000-00007FFC5248A000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51AF0000-00007FFC51B90000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC52B20000-00007FFC52CB7000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC521C0000-00007FFC521E0000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC545F0000-00007FFC5461E000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51260000-00007FFC51271000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4B3F0000-00007FFC4B3FA000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17D50000-00007FFC1873D000 clr.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC06550000-00007FFC06647000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFBFF140000-00007FFC006D1000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC550A0000-00007FFC551F5000 ole32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC4F690000-00007FFC4F72C000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27F20000-00007FFC27F3C000 StartMenuXHook.dll (OrdinarySoft.), version: 5.8.1.0 00007FFC27E60000-00007FFC27F09000 COMCTL32.dll (Microsoft Corporation), version: 5.82 (WinBuild.160101.0800) 00007FFC51330000-00007FFC51347000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC504B0000-00007FFC504E3000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52190000-00007FFC521B6000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50AC0000-00007FFC50ACC000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFE4F0000-00007FFBFF131000 System.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC10140000-00007FFC10B3B000 KeePass.ni.exe (Dominik Reichl), version: 2.41.0.0 00007FFC26490000-00007FFC26679000 System.Drawing.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFBFD5A0000-00007FFBFE4ED000 System.Windows.Forms.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC54C50000-00007FFC54CF8000 ShCore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFCB50000-00007FFBFD5A0000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC34870000-00007FFC3499B000 System.Configuration.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC0F3D0000-00007FFC0FC5C000 System.Xml.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC52F60000-00007FFC54450000 shell32.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC51AA0000-00007FFC51AEA000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51350000-00007FFC51A9A000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51300000-00007FFC51324000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC512A0000-00007FFC512FD000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC40640000-00007FFC408B9000 comctl32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 00007FFC4F780000-00007FFC4F7AE000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51D10000-00007FFC51EEB000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51280000-00007FFC51292000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27650000-00007FFC2777B000 clrjit.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC40620000-00007FFC4062C000 secur32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51160000-00007FFC5118F000 SSPICLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52CC0000-00007FFC52E2A000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC547E0000-00007FFC548A4000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC25EB0000-00007FFC26055000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC32570000-00007FFC3286F000 DWrite.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC347D0000-00007FFC34869000 RichEd20.DLL (Microsoft Corporation), version: 5.31.23.1231 00007FFC4C4D0000-00007FFC4C4E9000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC06510000-00007FFC06549000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 00007FFC4C810000-00007FFC4C9C8000 WindowsCodecs.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 00007FFC54F90000-00007FFC55032000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 00007FFC25030000-00007FFC25086000 dataexchange.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4E140000-00007FFC4E3BE000 d3d11.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4EAD0000-00007FFC4EC93000 dcomp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4FDF0000-00007FFC4FEB2000 dxgi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4F8B0000-00007FFC4FABD000 twinapi.appcore.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC4F7B0000-00007FFC4F7D8000 RMCLIENT.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFC30450000-00007FFC304F4000 tiptsf.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC33EF0000-00007FFC33F85000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4CAE0000-00007FFC4CE02000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 00007FFC4ECA0000-00007FFC4ED82000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.194 00007FFC50240000-00007FFC50271000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4D1A0000-00007FFC4D2F3000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC4DC90000-00007FFC4DCA3000 wtsapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50190000-00007FFC501E8000 WINSTA.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC329A0000-00007FFC32B76000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.404 (WinBuild.160101.0800) 00007FFC408E0000-00007FFC40B88000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.404 (WinBuild.160101.0800) 00007FFC4DAB0000-00007FFC4DC58000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.348 (WinBuild.160101.0800) 00007FFC2E7D0000-00007FFC2E7DE000 httpapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC54450000-00007FFC544BD000 ws2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC508F0000-00007FFC50957000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC506A0000-00007FFC50766000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC54BE0000-00007FFC54BE8000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50650000-00007FFC5068D000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC30820000-00007FFC3082A000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC30870000-00007FFC308E9000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27570000-00007FFC27579000 IconCodecService.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50B50000-00007FFC50B75000 wldp.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC52290000-00007FFC522E9000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC51190000-00007FFC511B8000 USERENV.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC34570000-00007FFC345BF000 System.Numerics.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC26390000-00007FFC26483000 System.Security.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC504F0000-00007FFC504FA000 DPAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [11200] 2019-04-07T04:28:45 2 C:\Program Files\Far Manager\Far.exe [7224] 2019-04-07T04:28:38 3 C:\Windows\explorer.exe [6256] 2019-04-07T03:56:08 4 C:\Windows\System32\userinit.exe [6096] 2019-04-07T03:56:08 32.6s 5 C:\Windows\System32\winlogon.exe [896] 2019-04-07T03:55:58 winlogon.exe Thumbprint f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5 Esemény XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2019-04-07T04:28:46.379613800Z" /> <EventRecordID>19765</EventRecordID> <Channel>Application</Channel> <Computer>DESKTOP-J0VB0BC</Computer> <Security /> </System> <EventData> <Data>C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe</Data> <Data>Lockdown</Data> <Data>Mitigation Lockdown Timestamp 2019-04-07T04:28:46 Platform 10.0.17763/x64 v777 06_9e PID 11200 Feature 00171A361FBF01B6 Application C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe Created 2018-09-11T05:00:14 Modified 2019-01-09T09:58:38 Description KeePass 2.41 Filename C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe Command line: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\2g0zl43l.cmdline" Loaded Modules ----------------------------------------------------------------------------- 00000000005F0000-0000000000914000 KeePass.exe (Dominik Reichl), version: 2.41.0.0 00007FFC55260000-00007FFC5544D000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC52530000-00007FFC525E3000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC47280000-00007FFC472E4000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51EF0000-00007FFC52183000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC50E80000-00007FFC51066000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.777 00007FFC54540000-00007FFC545E3000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC54DC0000-00007FFC54E5E000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 00007FFC525F0000-00007FFC5268E000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52E30000-00007FFC52F52000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.379 (WinBuild.160101.0800) 00007FFC46FB0000-00007FFC4704C000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC54D00000-00007FFC54D52000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC548B0000-00007FFC54BDC000 combase.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51B90000-00007FFC51C8A000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51C90000-00007FFC51D0E000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC55200000-00007FFC55229000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC522F0000-00007FFC5248A000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51AF0000-00007FFC51B90000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC52B20000-00007FFC52CB7000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC521C0000-00007FFC521E0000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC545F0000-00007FFC5461E000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51260000-00007FFC51271000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4B3F0000-00007FFC4B3FA000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC17D50000-00007FFC1873D000 clr.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC06550000-00007FFC06647000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFBFF140000-00007FFC006D1000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC550A0000-00007FFC551F5000 ole32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC4F690000-00007FFC4F72C000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27F20000-00007FFC27F3C000 StartMenuXHook.dll (OrdinarySoft.), version: 5.8.1.0 00007FFC27E60000-00007FFC27F09000 COMCTL32.dll (Microsoft Corporation), version: 5.82 (WinBuild.160101.0800) 00007FFC51330000-00007FFC51347000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC504B0000-00007FFC504E3000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52190000-00007FFC521B6000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50AC0000-00007FFC50ACC000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFE4F0000-00007FFBFF131000 System.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC10140000-00007FFC10B3B000 KeePass.ni.exe (Dominik Reichl), version: 2.41.0.0 00007FFC26490000-00007FFC26679000 System.Drawing.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFBFD5A0000-00007FFBFE4ED000 System.Windows.Forms.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC54C50000-00007FFC54CF8000 ShCore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFBFCB50000-00007FFBFD5A0000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC34870000-00007FFC3499B000 System.Configuration.ni.dll (Microsoft Corporation), version: 4.7.3324.0 built by: NET472REL1LAST_C 00007FFC0F3D0000-00007FFC0FC5C000 System.Xml.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC52F60000-00007FFC54450000 shell32.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC51AA0000-00007FFC51AEA000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51350000-00007FFC51A9A000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC51300000-00007FFC51324000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC512A0000-00007FFC512FD000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC40640000-00007FFC408B9000 comctl32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 00007FFC4F780000-00007FFC4F7AE000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51D10000-00007FFC51EEB000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51280000-00007FFC51292000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27650000-00007FFC2777B000 clrjit.dll (Microsoft Corporation), version: 4.7.3362.0 built by: NET472REL1LAST_C 00007FFC40620000-00007FFC4062C000 secur32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC51160000-00007FFC5118F000 SSPICLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC52CC0000-00007FFC52E2A000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC547E0000-00007FFC548A4000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC25EB0000-00007FFC26055000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC32570000-00007FFC3286F000 DWrite.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFC347D0000-00007FFC34869000 RichEd20.DLL (Microsoft Corporation), version: 5.31.23.1231 00007FFC4C4D0000-00007FFC4C4E9000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC06510000-00007FFC06549000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 00007FFC4C810000-00007FFC4C9C8000 WindowsCodecs.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 00007FFC54F90000-00007FFC55032000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 00007FFC25030000-00007FFC25086000 dataexchange.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4E140000-00007FFC4E3BE000 d3d11.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4EAD0000-00007FFC4EC93000 dcomp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4FDF0000-00007FFC4FEB2000 dxgi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4F8B0000-00007FFC4FABD000 twinapi.appcore.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC4F7B0000-00007FFC4F7D8000 RMCLIENT.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFC30450000-00007FFC304F4000 tiptsf.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC33EF0000-00007FFC33F85000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4CAE0000-00007FFC4CE02000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 00007FFC4ECA0000-00007FFC4ED82000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.194 00007FFC50240000-00007FFC50271000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC4D1A0000-00007FFC4D2F3000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFC4DC90000-00007FFC4DCA3000 wtsapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50190000-00007FFC501E8000 WINSTA.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC329A0000-00007FFC32B76000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.404 (WinBuild.160101.0800) 00007FFC408E0000-00007FFC40B88000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.404 (WinBuild.160101.0800) 00007FFC4DAB0000-00007FFC4DC58000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.348 (WinBuild.160101.0800) 00007FFC2E7D0000-00007FFC2E7DE000 httpapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC54450000-00007FFC544BD000 ws2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC508F0000-00007FFC50957000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.292 (WinBuild.160101.0800) 00007FFC506A0000-00007FFC50766000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.404 (WinBuild.160101.0800) 00007FFC54BE0000-00007FFC54BE8000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50650000-00007FFC5068D000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC30820000-00007FFC3082A000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC30870000-00007FFC308E9000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC27570000-00007FFC27579000 IconCodecService.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC50B50000-00007FFC50B75000 wldp.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC52290000-00007FFC522E9000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.348 (WinBuild.160101.0800) 00007FFC51190000-00007FFC511B8000 USERENV.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFC34570000-00007FFC345BF000 System.Numerics.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC26390000-00007FFC26483000 System.Security.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFC504F0000-00007FFC504FA000 DPAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [11200] 2019-04-07T04:28:45 2 C:\Program Files\Far Manager\Far.exe [7224] 2019-04-07T04:28:38 3 C:\Windows\explorer.exe [6256] 2019-04-07T03:56:08 4 C:\Windows\System32\userinit.exe [6096] 2019-04-07T03:56:08 32.6s 5 C:\Windows\System32\winlogon.exe [896] 2019-04-07T03:55:58 winlogon.exe Thumbprint f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5</Data> </EventData> </Event> Is this a real alarm or false? If it is false, then how can I stop it? HitmanPro.Alert alerts you to many KeePass plugins. See my comment above. https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-57#post-2817938
(Mitigation Lockdown) - Untick "Application Lockdown" for your protected application (KeePass) before you want to update the KeePass plugins else you will see the alert again.
Thanks, this works for both plugins. But a question arises in me. Surely is this a good solution? Where do I know this was just a false alarm? The alarm might have been real and I risk the security of my computer with this trick. On the other hand, it would be good to have a list of programs that need some trick (example: function reduction of the HitmanPro.Alert, exclusion) to work correctly with HitmanPro.Alert.
"Application Lockdown" simply prevents protected applications from launching of files, no matter if the file it wants to launch is a legitimate file or malware. (more correctly: a file which is created by a protected application will be locked and further launching of it is prevented - even if the locked file is launched by an application which is not protected by HMP.A) As soon as you see "Mitigation Lockdown" in the alert while the application wanted to update itself or its plugins, etc. you know that it is a false alarm. Unticking of Application Lockdown is "the only solution" if you want to allow your protected application from updating itself. Your system and your applications are still protected by HMP.A if you untick it a single mitigation. All other mitigations of HMP.A are still active.
HitmanPro.Alert 3.7.9 Build 779 Release Candidate Changelog (compared to build 777) Improved Heap Heap Protect mitigation, boosting compatibility with games and certain compressed binaries. In addition, we've improved detection of threats that allocate memory in another running application (code injection / process migration). Improved detection of binaries backdoored by Shellter Pro (part of Code Cave mitigation). Improved Hardware Assisted Control Flow Integrity (HA-CFI) on mainstream Intel microprocessor hardware. Differentiated between exploits that trigger CallerCheck (a per-application mitigation) and packers that blindly call kernel32, which also triggers CallerCheck but are now reported as Kernel32Trap (a system-wide mitigation). Improved compatibility with Windows System Restore. Fixed a potential BSOD when the HitmanPro.Alert Service shuts down. Fixed memory corruption in PipeWorker which could be triggered when the user manually added a large amount of other applications under exploit protection. Fixed compatibility with the Windows Store version of Forza Horizon 4. Download https://dl.surfright.nl/hmpalert3b779.exe We found a minor issue with the previous build 777 (which was not visible to the normal user) so we're preparing this newer build to become the new general availability build. Please let us know how this build runs on your machine! Thanks everybody
This release works fine, but can you tell us why 0Patch 'patches' HMP.A? https://www.wilderssecurity.com/threads/0patch.386344/page-3#post-2821064 Thanks.
I just installed 0Patch and it seems it is patching every application that loads urlmon.dll. More information here: https://blog.0patch.com/2019/04/microsoft-edge-uses-secret-trick-and.html "...security researcher John Page published details and a proof-of-concept for a vulnerability in Internet Explorer that he had previously reported to Microsoft but received a response that "...a fix for this issue will be considered in a future version of this product or service."
Cool! Just curious if we are protected without 0Patch. I'm guessing yes? HMP.A is awesome protection, Mark.
I just rebooted into Build 779 and reloaded all my typical applications. I also perused the Event Viewer. I did not experience or find any issues.
No problems upgrading/updating build 779 RC. Btw... got a warning from Firefox 66.0.3 after downloading this build (see attached textfile). Win10 1809 build 17763.437 x64/Norton Security v22.17.0.183