HitmanPro.Alert BETA

Are you sure it’s HMP.A and not the extensions fiasco that Firefox is currently experiencing?

 

Good question but it is not the same issue, which I believe has been resolved. I was not impacted by the issue as far as I know since I had certain flags turned on/off in about:config.

Again this was on Nightly, so not sure if it was something particular to my setup or not.

 

For the users that are using Keepass and have plugins installed the following happened.

We triggered a so called "Lockdown" alert, this is NOT an indication of malware (so you cannot compare this to an anti-virus alert).
It means an application is introducing new code on the machine, and when lockdown is active on a mitigation this is not allowed.

The cause is Keepass seems to compile plugins on the fly by invoking the C# compiler (csc.exe)
This csc.exe is a so called Lolbin (abused because you can compile code on the fly) and was added to the protections, as a mitigated application tries to spawn this process it will trigger a lockdown.

See similar issues here
https://github.com/KoenZomers/KeePassOneDriveSync/issues/87

We have put a workaround in place to mitigate these lockdowns and will make changes in the next build.

 

Thanks for this very informative post.

 

Thank you for the explanation.

 

Beta 3.80 839 CPT1,
Window 7x64

Did a reflect restore and Macrium started asking for a license code. Never has happened before.
A HMPA pop-up RPD or RDP disabled or locked down for this session (A black message bar).

So, this beta is a no-go!

 

This is a preview build. I don't know, how SufRight /Sophos determine the differences between Preview and Beta, but for me the preview phase is before the beta phase (this is the way, Microsoft is handling it f. e.).
It was your own choice to install it and if you did it on your productive system, it was / is your own mistake.

So, this beta is not a no-go - it's just a preview (not stable) build.

 

IT IS A NO-GO FOR ME!

 

No issue on my two Win10 x64 1809 machines.

 

No issues on WIN10x64 1903

 

I always get random characters when I try to type something in the save dialog of Firefox 67, in Windows 10 1903, with keystroke encryption enabled.

My text is shown correctly if I disable HPM.A's keystroke encryption.

 

Same here, on two machines running WIN10-1903.

Random characters in "save as" dialog. (not only related to Firefox)

 

Same here (Win 10 1903 and build 839 CTP1).

 

I thought this was just me, but I'm also getting random letters in the Save As dialog box using Chrome.
Using W10 1903 3.7.9 b779

 

What is the most current stable version of HMPA?

 

Tom, it's 3.7.9.775. Be aware that you now need to provide an email address to download it from their site, but as I found out last night, it doesn't have to be a real email address.

https://www.hitmanpro.com/en-us/downloads.aspx

RonnyT has the download link in his signature though.

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-616#post-2827199

Edit: Oops! Thanks @mood .

 

The current stable is v3.7.9.779:

 

Any known issues with this version? Thought I had read something about a Macrium Reflect slowdown when doing an Image backup. Maybe I'm dreaming or just mis-read

 

That's the new cryptoguard version in the latest beta. This is the beta thread btw.

 

Was wondering if anyone else noticing something on beta. Recently installed 779 and the logo for "Exploit Protection Assisted by Hardware" is no longer showing. Not sure if this is due to Hitmanpro beta update or update to Windows build 1903.

 

Build 839 running fine here so far.(1809)

Any more info on this?
With ProcessExplorer I can see that High Entropy ALSR can still be enabled.

For me, on Windows 1809 the logo shows for both 779 and 839.

 

Trying out beta 839 over here, on Windows 10 1809. I haven't used HMPA in a while, and it is performing impressively.

The only issue I have seen is the known issue of slow backups in Macrium Reflect. And it seems to me that the backups too big. I know this sounds weird, but after installing HMPA, I got a 3gb incremental backup. This was just five minutes after the previous backup.

 

I ran a manual scan and it got stuck at 98%. Probably because of my flaky internet connection. But the internet is back, and the scan did not continue. HMPA at 0% CPU.

The system is sometimes almost frozen. In the middle of typing this message, I had to wait a minute, because I could not input.

The scan went down to 90%, and after a few minutes, it started slowly progressing, and reached conclusion.

 

I noticed with beta 839, if Cryptoguard is set to v5, qBittorrent download speeds are lower than with v4.