HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    HitmanPro.Alert 3.7.10 Build 787 Released


    Updated successfully,. no problems after installing (Windows 10 versie 1903)
     
  2. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Ah, I was confused with the 3.8 version for HitmanPro, but yes there will be a new CTP/Beta 8xx release of Alert soon.
     
  3. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    :geek:
     
    Last edited: Aug 30, 2019
  4. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Unfortunately I had to temporarily uninstall HMPA, as I encountered other issue I'm seeing (besides above) where HMPA will inevitably update to build 787 on reboot, and it's also turning off the Windows Audio Service, and OS is unable to find way of resolving. Can't find a link to previous release build (785), so I'll go and try to install the 783 Beta file, as I've never seen any of these issues with 785, or before.
     
  5. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi Dermot7,
    Can you please DM me what other security software is loaded on your machine?
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    None RonnyT (as I said in post #15542).

    I have 2 questions, having installed the 783 build...How to stop HMPA updating on reboot?
    HMPAupdateAA.PNG

    And secondly, what happened here, a strange self-FP?

    HMPhmpa.sysA.PNG HMPhmpa,sysB.PNG
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Another update (FF69.0) and the green fly-out is back. o_O
     
  8. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    It would be helpful to have that option in settings.
     
  9. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Absolutely Page, just what I thought also, as, for various reasons a user may wish to stay with a particular build, yet also be able to shut-down or reboot the machine.
    I'd forgotten that I could, at least temporarily use sleep mode! :) Doh.......
     
  10. guest

    guest Guest

    A little change in the registry needs to be done:
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Very helpful information to have, mood, and TY. But my clear preference in this case is a settings option that can be toggled ON and OFF, with ease and without risk of doing any registry damage. There are those of us who consider registry hacks to be a very last line of action. :thumb:

    Perhaps a dev would be good enough to respond to this request to provide users with a simple on/off setting instead of forcing updates on reboot.
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.7.10 Build 789 Released

    Changelog (compared to build 787)
    • Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change.
    • Improved compatibility with Webroot security software, fixing application crashes.
    • Improved compatibility with Bitdefender security software, fixing application crashes.
    • Improved compatibility with Trend Micro security software, fixing application crashes.
    • Improved compatibility of CTFGuard with VMware ThinApp.
    Download
    https://dl.surfright.nl/hmpalert.exe

    We're automatically updating everyone to this new build :thumb:
     
  13. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    196
    Updated and no problems. Thanks !
     
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Well, so much for that request. :rolleyes:
     
  15. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Build 789 seems to have fixed the problems I was seeing, thank you. :)

    I do believe Page42's request is a good idea, and merits consideration, please. :thumb:
     
  16. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Well I"m not a dev, but we'll sure take that in to consideration
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    That'd be excellent. TY
     
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    That's not going to happen.
     
  19. Sand

    Sand Registered Member

    Joined:
    Apr 28, 2016
    Posts:
    26
    Mitigation CodeCave
    Timestamp 2019-09-09T20:32:31

    Platform 10.0.17763/x64 v789 06_5e
    PID 9196
    Feature 001F0A30000001A2
    Application C:\Users\x\AppData\Local\Discord\app-0.0.305\Discord.exe
    Created 2019-07-18T21:21:22
    Modified 2019-03-07T14:26:10
    Description Discord 0.0

    Process Protection / Code Cave Mitigation: Cold heels


    Process : 00A40000
    EP : 04730230
    EP section : 00A41000 - 0476CD74
    SPC : 02E02689 - 02E0440B


    Loaded Modules
    -----------------------------------------------------------------------------
    00A40000-058AD000 Discord.exe (Discord Inc.),
    version: 0.0.305
    777E0000-7797C000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.475 (WinBuild.160101.0800)
    74D50000-74E40000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.10.789
    76B20000-76C00000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.475 (WinBuild.160101.0800)
    75AD0000-75CCA000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.652 (WinBuild.160101.0800)
    75CE0000-75D5E000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    767C0000-76880000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.475 (WinBuild.160101.0800)
    76F40000-76FB9000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77710000-777CF000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    74E50000-74E70000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74E40000-74E4A000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77420000-77482000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    757A0000-757C3000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    77590000-776F6000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    77510000-77590000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75860000-75982000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.404 (WinBuild.160101.0800)
    753C0000-75559000 USER32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    774F0000-77507000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    756A0000-75736000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    75F40000-761B8000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.652 (WinBuild.160101.0800)
    76880000-76886000 PSAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74E70000-753BE000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    757D0000-7580B000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75580000-75609000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    761C0000-767BC000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.678 (WinBuild.160101.0800)
    75AB0000-75ACC000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75DC0000-75E14000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76920000-76964000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77410000-7741F000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75560000-75572000 cryptsp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75610000-7566F000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75E20000-75F1C000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.503 (WinBuild.160101.0800)
    759B0000-75AAA000 COMDLG32.dll (Microsoft Corporation),
    version: 10.0.17763.652 (WinBuild.160101.0800)
    75670000-75695000 IMM32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76980000-76B19000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76970000-7697E000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    63CD0000-63FE0000 ffmpeg.dll (),
    version:
    63FE0000-641EF000 COMCTL32.dll (Microsoft Corporation),
    version: 6.10 (WinBuild.160101.0800)
    6F770000-6FBE1000 WININET.dll (Microsoft Corporation),
    version: 11.00.17763.678 (WinBuild.160101.0800)
    6EDA0000-6EDC4000 WINMM.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    6F730000-6F763000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    660C0000-66114000 OLEACC.dll (Microsoft Corporation),
    version: 7.2.17763.1 (WinBuild.160101.0800)
    67750000-67759000 msdmo.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    660B0000-660BB000 HID.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    643B0000-6453F000 dbghelp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74C30000-74C38000 VERSION.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74C40000-74C63000 USERENV.dll (Microsoft Corporation),
    version: 10.0.17763.557 (WinBuild.160101.0800)
    72C00000-72D7E000 PROPSYS.dll (Microsoft Corporation),
    version: 7.0.17763.348 (WinBuild.160101.0800)
    64970000-64987000 USP10.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    66D10000-66FA0000 DWrite.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    742A0000-742C6000 dwmapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74BA0000-74BAF000 WTSAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    64900000-6496B000 WINSPOOL.DRV (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    75990000-759A9000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    6ECE0000-6ED9E000 WINHTTP.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    64850000-648F4000 dxgi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    66120000-66291000 d3d9.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    64830000-6484C000 dxva2.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    63AA0000-63CC9000 d3d11.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    69DF0000-69FAC000 urlmon.dll (Microsoft Corporation),
    version: 11.00.17763.592 (WinBuild.160101.0800)
    6C310000-6C31A000 Secur32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    67270000-67292000 ncrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    64540000-64730000 UIAutomationCore.DLL (Microsoft Corporation),
    version: 7.2.17763.1 (WinBuild.160101.0800)
    6D350000-6D364000 dhcpcsvc.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77700000-77707000 NSI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    64820000-64826000 MSIMG32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    66FA0000-6701B000 UxTheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    6EBE0000-6EC03000 WINMMBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    6D4A0000-6D6CF000 iertutil.dll (Microsoft Corporation),
    version: 11.00.17763.652 (WinBuild.160101.0800)
    67240000-6726C000 NTASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    677C0000-67806000 Bcp47Langs.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    SHA256:
    41990851960e6d7c51a3854b7d9d6e01f5bf6a310fda8629f856d0fa68d84dc9

    Process Trace
    1 C:\Users\x\AppData\Local\Discord\app-0.0.305\Discord.exe [9196] 2019-09-09T20:32:31
    "C:\Users\x\AppData\Local\Discord\app-0.0.305\Discord.exe" --type=gpu-process --enable-features=SharedArrayBuffer --no-sandbox --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQ
    2 C:\Users\x\AppData\Local\Discord\app-0.0.305\Discord.exe [9568] 2019-09-09T20:32:30
    3 C:\Users\x\AppData\Local\Discord\Update.exe [1764] 2019-09-09T20:32:29 312ms
    "C:\Users\x\AppData\Local\Discord\Update.exe" --processStart Discord.exe
    4 C:\Windows\explorer.exe [6852] 2019-09-09T20:31:56
    5 C:\Windows\System32\userinit.exe [5068] 2019-09-09T20:31:56 23.1s
    6 C:\Windows\System32\winlogon.exe [6728] 2019-09-09T20:31:10
    C:\Windows\System32\WinLogon.exe -SpecialSession
    7 C:\Windows\System32\smss.exe [980] 2019-09-09T20:31:10 21ms
    \SystemRoot\System32\smss.exe 000000b8 00000084 C:\Windows\System32\WinLogon.exe -SpecialSession

    Thumbprint
    d2ad0574425b20b4542094f432859918766ec139c38335b6b9be45b3f73bad0d
     
  20. Barry77

    Barry77 Registered Member

    Joined:
    Dec 22, 2018
    Posts:
    5
    Location:
    Netherlands
    Hello,
    i have the problem, that my system hangs up periodically. Then the errors with the id 153, source disk and id 129, source storahci occur In the Windows event log.
    I've spent a lot of time finding the cause of the hangs and errors, but never considered HMP.A. Then I've deactivated the HMPA-service and since then the hang and errors did not appear anymore. I've got Sandboxie installed and the Windows Defender and all its modules are disabled and i don't use any other AV.

    First, i've used v3.8.839 CTP and then v3.7.10.789 on this system: Windows 10 Pro x64 1903.18362.356, B450 chipset-board with a Ryzen 2700x, 32 Gb DDR4 RAM, 970 EVO Plus 500 GB M.2 SSD, Sandisk Ultra 256 GB SSD and a 300GB Seagate HDD
     
    Last edited: Sep 13, 2019
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Yet another update, this time Norton, and once again no green fly-out. Is Sophos / SurfRight at all interested in this??

    It would be nice to hear that they were at least looking into it. :doubt::doubt:
     
  22. Barry77

    Barry77 Registered Member

    Joined:
    Dec 22, 2018
    Posts:
    5
    Location:
    Netherlands
    No support here anymore? Do i have to post in the Sophos forums?
     
    Last edited: Sep 16, 2019
  23. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Not all settings are recommended at installation. Why?

    1. Safety notification (when installed: once per logon session, recommended: At application start)
    2. Vaccination (when installed: Passive vaccination, recommended: Active vaccination)
    3. BADUSB (when installed: Disabled, recommended: Enabled)

    When can I have a problem switching my default settings to the suggested values?
     
    Last edited: Sep 15, 2019
  24. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I just noticed that in the main HMPA Dashboard, I had one (1) Alert from a few days ago. Is there any way to find out just what that was and what caused it?
     
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Clicking "Number of alerts" or "Last alert" in the HMPA user interface will open Windows Event Viewer and a "HitmanPro.Alert Events" module will be added to Windows Event Viewer. Be patient, as this takes a moment.
    As soon as the "HitmanPro.Alert Events" module is added to Event Viewer, opening that entry should show HMPA events.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.