875 RC released, 873 Beta users will see auto-update available anytime soon. https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-641#post-2927937
ExpressVPN is protected by HitmanPro.Alert, but I don't see it listed under "Your application". HitmanPro.Alert version: 3.8.6 build: 875
Hi @feerf56 Do you have the aplication or/and ExpressVPN Add-On for Firefox/other? Maybe HMPro.A detect the Add-On into a browser. it's an idea
Is this problem ever going to be fixed? Mentions of it many time over the last few years. Has to be unchecked to play Steam. Windows 10x 64 1909
I'm running Windows 10 x64 1909 and have no issues with running Steam. Did you add Steam as a protected app? Mine isn't out of the box.
Then that is the problem. Adding software manually to HMPA is a recipe for errors. Just stick to the pre-defined software list.
Ok, didn't expect that. What version of Steam are you running? I run: @RonnyT Is this indeed a known issue for some that I don't know about? Is there some other setting @Circuit can check?
Your photo show "Code Cave Mitigation" mine is "DLL Hijacking" that gives the problem. Happening since started using Windows 10. Never a problem on Windows 7. Always keep steam up to date looks like you run the beta client, mine is Jul 10 2020, version 1594863892
I'm not in the Steam beta program, just got a newer version when I started Steam today: "Code Cave Mitigation" is just highlighted by my mouse cursor. Here a screenshot without it: I don't know if enabling Steam as a protected app is really necessary. Hopefully we'll get an answer to that soon.
HmP.A v3.8.6 build 875. (Posting here, but not sure if it shouldn't be in the other thread). Win 10 Pro v1909 build 18363.959 When running MiTeC Task Manager Deluxe x64: MITRE ATT&CK Supply Chain Compromise - ID: T1195, Tactic: Initial Access May be true, though I think the app is trustworthy ... clean on VT anyway. Code: Mitigation HeapHeapProtect Timestamp 2020-08-01T09:49:48 Platform 10.0.18363/x64 v875 06_45 PID 21256 Feature 003D0A30000001A6 Application C:\WSCC\MiTeC Utilities\x64\TMX64.exe Created 2020-08-01T09:48:00 Description Task Manager DeLuxe 3.0 Callee Type AllocateVirtualMemory C:\WINDOWS\System32\advapi32.dll Shellcode (HHA) (0x00007000 bytes) Owner of CALLER: (anonymous; allocated by 0000000001071F02, TMX64.exe) OwnerModule Name TMX64.exe Thumbprint a2a4976fe6b207bbcf4c21af966fe96f50ac2a6d98357e72763a725bb28d0bdb SHA-256 7fcc9a4b035970b0bce9307d371bf5d7aa2437b782cca79ee79d66428f4cb3a2 SHA-1 58400bebc7da5b1699e20a0a3e75969b1c44683b MD5 cb78fd5af7ca803830bcdba865081b97 000000000135F789 ff5718 CALL QWORD [RDI+0x18] 000000000135F78C eb01 JMP 0x135f78f 000000000135F78E b785 MOV BH, 0x85 000000000135F790 c07202e9 SAL BYTE [RDX+0x2], 0xe9 000000000135F794 e107 LOOPZ 0x135f79d 000000000135F796 0000 ADD [RAX], AL 000000000135F798 eb02 JMP 0x135f79c 000000000135F79A a3d84c8d1d77170000 MOV [0x17771d8d4cd8], EAX 000000000135F7A3 eb02 JMP 0x135f7a7 000000000135F7A5 a2bf8b4f14eb017633 MOV [0x337601eb144f8bbf], AL 000000000135F7AE d274030b SAL BYTE [RBX+RAX+0xb], CL 000000000135F7B2 54 PUSH RSP 000000000135F7B3 b84903cbeb MOV EAX, 0xebcb0349 000000000135F7B8 0228 ADD CH, [RAX] 000000000135F7BA 3541b80008 XOR EAX, 0x800b841 000000000135F7BF 0000 ADD [RAX], AL ----- SNIP HERE ----- AAAeAQDwNQEAAAAAifc1AQAAAAAA8DUBAAAAAAAwCgCLjCSAAAAASIXJdAhJi9XoRwUAAE2F9nRdQYoGSf/GhMB0UzwNdPI8CnTuSf/OSYvWigJI/8KEwHQIPA10BDwKde/GQv8ASYvOTYuUJCgBAABB/1IYg/gLdRxJi85Ii5QkkAAAAEiF0nQMTYuUJCgBAABB/1IQSf/HM9K53fVTzUUzwLJDQf+UJAACAABIi8sz0kG4AIAAAEyL0EH/VCQYSYvHSIPEUFtBX0FeQV1BXMNBvwQAAADrwFVBVEFVQVZIg+wISIvsSIPsUEiJTTBIiVU4TIlFQEyLFbKq//9IuYQBAIAAAAAAQf+SMAIAAJySNLN9xBamLV9TBU0ob+BfGs8K9gtCu901+49I4g6vpIa6g6IWc8flfpYnQgiqBr6/hJ/7HCxgeTVnwqm5Eq/uDEkXNlsPlqt+9/+OGRfRJroWCIqOq1YoYaLwnAM1Xe9pKvQ5/UL3v/hC5o7lPVL02LKPl5LB0+ba0Au6J7oh5+AhQfyDLCv5pkhVtOK1gwQY3E6NWQcAXWY9l7k7gUvIdiliqEtN+VwmfMPWrfyJEdUHvwla26bQMHtDVdXIQPJz5pD5P9uNS5GSGe6DGyUxGC4FxJ6Uw13sJwoQajhyoiOewfhbSYdo8ZByhxHWe0KxZSj7l3Sars3vsfx2fRvWPp//jfkPRUn33obcsQN4rNL9MV1shZM4ak+BJFO2rS8bIDfPxPJ3aEXU6lr4CAhaCxJfnTTMtxWYUg5JphQr2unuNHG9QFGmgXtSfoPFPzBhPaiXhlF+IvNAXv+332YUOd6VZkwu0pgge0q4B8MM8O4JF9s2O5yyf6fws+j4ssIPdBJMixUWqf//SLmEAQCAAAAAAEH/kmACAABJi8VIjWUIQV5BXUFcXcNVQVRBVUFXSIHsKAEAAEiL7EiD7FBIiY1QAQAASImVWAEAAEyJhWABAABMixXFqP//SLkwAgCAAAAAAEH/kjACAACGFEdfzbgx+z/O2yFKl1iuPGdf7QO6iYhPpSKvNVh/MGH+kzOy+LVU0ldRhmF1Vd9/n1hzvZTFP/HeYefCaxHZSbyOphsQmb7fWKBfXuqVeE7Ng/MYHvuQwR+/sNp2kxl06DlJA15hAcx21HNyaG9sXWx+CcGjiI2RxfH1M5Caxhwr8Rtn/qq1sb0tNvCgRbVDrek642kwCYPewKK6babfNDOIzX895v10DIayDQKmOFnuSwvMGne7hKArSIh4eXayD06oLrqnm+RBRulCDk2dBlo/et5PrZQqBEEB4BPKuyMfZW0arSwHw5KZI2c1MoLsYte3iavFx4ilj6onE3CzoZYFUptE7WKz0QJH0cU2LydNo4/PqEaW4mVrvF3/+//feONz5n0835nsFp5oxs3b83Kcd5VCLh3YDH0r/xLjCmjg56eVEQGTw1eP+ls98PkI4O0HPVuID82WSgf8bRENt0f4u+P4UQpFAvakgvqw0GcDFqeYdgmIMKWQ/TgRWLqyiQWtMZauMZJMky37VP5w5ok/NvuTx1W4wf01b2MUZSmWhWCYkccn7AinKTFaqYYwjRrs9kPQhFhnXMQJC1RGgRUlAfkuo1kb+rDPdAGtrh+EEScGIbcoZZfsdds9IX3F6g1moQYn+bMPx++urLHRfHP8FlpAt1Sd7+ymG+tkGjBEvcB7+A1tN7VOH4OZFGvPUnYXqq1b9b6ksE/B+n28koUtB428Thl+9a1I33FE60yLFX2m//9IuTACAIAAAAAAQf+SYAIAAEmLx0iNpSgBAABBX0FdQVxdw0yLwYoCSP/ChMB0Dzx6d/M8K3LviAFI/8Hr6MYBAEiLwUkrwMNMi8GKAkj/woTAdBc8WnfzPEFzCDw5d+s8MHLniAFI/8Hr4MYBAEiLwUkrwMNBVEiD7FBIiUwkYEiJVCRoTIsl8aX//02LlCQoAQAAQf9SGIP4C3U3SItMJGBIi1QkaE2LlCQoAQAAQf9SEE2LlCTQAQAATYXSdBRIi0wkaDPSQf/ShcB0BjPA/8DrAjPASIPEUEFcw0FUQVVXQVZIg+xYTIsljqX//0iL+UyL8TPSufwDmXVFM8CyQ0H/lCQAAgAATIvoZoM/AHQ4SP/HSP/HZosHZoXAdCpmg/hcdRxmg3/+OnQVM9JJi85miRdNi9VB/1QkGGbHB1wASP/HSP/H685Ig8RYQV5fQV1BXMMAAAAAAAAAOLUsAQAAAADpKA4AAFXrAhUBVusDLVInV+sCoRZT6wJoikFV6wJLeEFW6wL2S0FX6wKiaEiD7BDrArixSIvs6wH/SIPsUOsDLiYUSIlNUOsBZUiJVVjrA/ZLwEyJRWDrAz7KxcdFBAAAAADrAWfHRQgAAAAA6wLav0yLPYD////rA2OTQESLagTrAimrTQOvUAIAAOsC8r5Ji/jrAj6MTYvx6wK/uIsa6wFP6IkRAADrAyWHG4XAcQHT6bEEAADrA/IRZEgBVTjrA99kIzPJfgNHA7VIi1U46wJrMkG4ADAAAOsD2wWTQblAAAAA6wLIm0yLVQDrAf9B/1cY6wG3hcByAunhBwAA6wKj2EyNHXcXAADrAqK/i08U6wF2M9J0AwtUuEkDy+sCKDVBuAAIAADrAbhMi1UQ6wIZfEH/VxjrAfBIhcBwK+kyBAAA6wKBkjPScnq5tl3mGesDIpSRTTPAfweyR+sCJohB/5cAAgAA6wMle6HpBRQAAOsCNvdIg8Eo6wFL/8jrAb0PhQYSAADp/wYAAJDrAguKD4TXBQAA6ZUAAACQ6wL2JLgiAwAA6wG56TcFAADrA2kMzet862B06wPo0Gu6EgAAAOsDFawbSIvO6wE1A1UE6wG0Qf9XeOsCK6GFwHMBFA+EnwMAAOl9CwAAkOsCIqhMjUb76wEtTCvH6wFGTYvI6wF5SffZ6wPBV9xB98AAAACAcQEVTQ9EyOsCAHxJgfn///9/6wJBvulXAgAA6wIKr0iDxxzrAmnnSP/L6wEAD4UTBwAA6fYDAACQ6wFqZoP4CusDC5cpdDvrAbaQ6Z8AAACQ6wGPM9Jw27njE7Qd6wIjqk0zwHMCyHGyR+sCaA1B/5cAAgAA6wO9tU/p5RIAAOsB4UmJfQDrA0QLb0iNNUwVAADrA6JcBrmPAAAA6wLcBPOk6wNmZHYz0nBDucR+NlnrAcpNM8BxAmvnskfrAiCQQf+XAAIAAOsBsUiLz+sBEUyL0OsCJnpB/1cY6wH2SI1/aOsBhulWBQAA6wMzoyy4MAMAAOsBSOn6BQAA6wEmx0UAAAAAAOsCS49Ii01Q6wK+4kGKBusD3qa/qAhwww+F5A0AAOmgBAAAkOsBdYtBPOsCQIFIA8jrATmBOVBFAADrAwKSaw+F+wYAAOmlBAAAkOsCPfj3RwgQAAAAcQG6dC7rAdiQ6Yb9//+Q6wK6rSvQ6wF+AVUE6wND37TpWAEAAOsCCVTpPRIAAOsDC7LgTI0d2BQAAOsCyAGLTxTrAgu5M9J0AkhOSQPL6wIxZ0G4AA4AAOsBO0yLVRDrAik9Qf9XGOsDR/edSIXAcwK/kOnVAQAA6wLBHTPScOS5lASy2esBfU0zwHkB5rJH6wERQf+XAAIAAOsBLkyL0OsCAYBB/1cY6wG5SbhIjQUBAAAAw+sDAK3pSYl9AOsDCJHHTIkH6wGjTYuXmAAAAOsBD0iNTwjrAXFIi9DrAqNlQf9SIOsDuljGTYuXmAAAAOsBckiNTwjrAumnQf9SMOsDMY66SI18RwrrARLpqQ4AAOsCTOQPh5ACAADpVgEAAJDrAg+sTYuXmAAAAOsBEUmLQijrA7gicUmJRQDrAiqA6SURAADrARVNi1do6wM9JSZNhdJynQ+EhA0AAOnoEAAAkOsDAYZMZoP4AusBog+EB////+nGCAAA6wFMSYPGDOsCaxRJg8UI6wEJ/8vrA4Ewiw+FCv7//+sk4PYI6wE7RANBCOsCCYBBO9DrAtuqD4NR/P//6RIMAADrAvapSIvH6wNHTr5IK0Vg6wHSSIXAcocPhWIRAADpww0AAJDrAqBjK8LrA2laHClFBOsDhIyu64nrAsK4D4QTAgAA6VgDAACQ6wHHD4XzAwAA6eUCAACQ6wK+mEmJfQDrAanpX/z//+sDPZhgTYuXmAAAAOsDTigtSYtCMOsC05pJiUUA6wPBhhzpIRAAAOsB/g+FrQMAAOm0DAAAkOsCwf5Ii8LrAhX2SCtEJGjrAkIY6U4OAADrA6IE1cYH6esC6H5EiUcB6wGFSIPHCOsB80iD5/xzA2tSiINFAAjrAduDZQD8cwE06cMPAADrArjiQWsAIOsBcEgD0OsBf0mDwBzrAcb/yesDQopldePpfvr//+sCqTRIi00o6wFFSItVOOsCKZhBuCAAAADrASJMjY2AAAAA6wK7K0yLVQjrARNB/1cY6wO6F9a5AAEAAOsBZYsVaxEAAOsB3UkDl1ACAADrAdtEiwVTEQAA6wJBEUnB4APrAj3eTI1NYOsBjUH/l7gAAADrAt2dTItFQOsDIYfxTItNSOsCEJ9Mi1VQ6wO+EttMi11Y6wEaTDlFYOsCQXvpnwoAAOsCPahIjaWQAAAA6wIuNVvrAmiIQVzrAUhf6wJpRkFf6wLAy13rA7gbecPrA2gm7unDDgAA6wJOfEjHB/8lAADrA/e3mUiJdwbrAUVIg8cR6wMTbItIg+f8cDuDRQAR6wI2NYNlAPxzAsgn6YgOAADrAkUCSIvI6wJHKjPSd/NB/9DrASjpjAsAAOsBArgEAwAA6wHk6Wr////rAoSniEUM6wEx6Yf7///rA0X/ojPSeMO5pBqG0OsCaWZNM8B+AwC2orJH6wIKQkH/lwACAADrAYvpvQ0AAOsCTqJBi0AG6wJrVEH2AAFzATEPhWAFAADpqwMAAJDrAbSoEHMCuYwPhacEAADp6goAAJDrA0/AbmaD+AfrATwPhJX8///pTw4AAOsBNmaBeQRkhusDuuvmD4VAAgAA6UUCAACQ6wOikZ+LUVjrA0EufUiNiYgAAADrAbWLAesDKIFohcBzA4NufQ+EDwIAAOn4BAAAkOsBHemCDQAA6wJjYunSCgAA6wOiSnxMi1Ug6wGBQf9XGOsBs4P4V+sCD2YPhPoJAADpHPv//5DrA8FpCjPAf6zD6wG7D4SqAwAA6fYCAACQ6wOiSgVNi5fQAAAA6wI5U0mLFMLrAgKESYlVAOsD3LAQ6RQNAADrAqnshdJxArs3D4Sq/v//6fIBAADrAwuI0A+EiQgAAOkXAwAAkOsBhPdHCAgAAABxAQUPhHkBAADpsPj//5DrAgFzSIvI6wOhkzwz0nUR/8LrAQNB/1dw6wI+QemDDQAA6wMzlJ5Ii01Q6wHrSIvQ6wIlpugsDQAA6wEchcBzAsFOD4UPDAAA6ZAHAACQ6wOpXmj3RwgCAAAAcQITnw+E5gEeAgDrAwuI0A+EiQgeAgDpFwMeAgCQ6wGE90ceAgge ----- END SNIP ----- Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FF87B052238 KernelBase.dll VirtualAlloc +0x48 2 000000000135F78C (anonymous; TMX64.exe) eb01 JMP 0x135f78f Loaded Modules (36) ----------------------------------------------------------------------------- 0000000000400000-0000000001076000 TMX64.exe (MiTeC), version: 3.6.0.0 00007FF87DFC0000-00007FF87E1B0000 ntdll.dll (Microsoft Corporation), version: 10.0.18362.815 (WinBuild.160101.0800) 00007FF87C2D0000-00007FF87C382000 KERNEL32.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87AB50000-00007FF87AC61000 hmpalert.dll (SurfRight B.V.), version: 3.8.6.875 00007FF87AFF0000-00007FF87B294000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87DB50000-00007FF87DCE4000 user32.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87BFF0000-00007FF87C011000 win32u.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87D5E0000-00007FF87D606000 GDI32.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87BE00000-00007FF87BF96000 gdi32full.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87BD60000-00007FF87BDFE000 msvcp_win.dll (Microsoft Corporation), version: 10.0.18362.815 (WinBuild.160101.0800) 00007FF87B2A0000-00007FF87B39A000 ucrtbase.dll (Microsoft Corporation), version: 10.0.18362.815 (WinBuild.160101.0800) 00007FF87D980000-00007FF87DA23000 advapi32.dll (Microsoft Corporation), version: 10.0.18362.752 (WinBuild.160101.0800) 00007FF87DAB0000-00007FF87DB4E000 msvcrt.dll (Microsoft Corporation), version: 7.0.18362.1 (WinBuild.160101.0800) 00007FF87D540000-00007FF87D5D7000 sechost.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87C1B0000-00007FF87C2D0000 RPCRT4.dll (Microsoft Corporation), version: 10.0.18362.628 (WinBuild.160101.0800) 00007FF87CE50000-00007FF87D536000 shell32.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87C020000-00007FF87C06A000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.18362.387 (WinBuild.160101.0800) 00007FF87C3A0000-00007FF87C449000 shcore.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87D610000-00007FF87D945000 combase.dll (Microsoft Corporation), version: 10.0.18362.900 (WinBuild.160101.0800) 00007FF87BCE0000-00007FF87BD60000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.18362.836 (WinBuild.160101.0800) 00007FF87B550000-00007FF87BCD2000 windows.storage.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87AEF0000-00007FF87AF13000 profapi.dll (Microsoft Corporation), version: 10.0.18362.693 (WinBuild.160101.0800) 00007FF87AE80000-00007FF87AECA000 powrprof.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87AE70000-00007FF87AE80000 UMPDC.dll (), version: 00007FF87C450000-00007FF87C4A2000 shlwapi.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87AF20000-00007FF87AF31000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87BFA0000-00007FF87BFB7000 cryptsp.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87D950000-00007FF87D97E000 IMM32.DLL (Microsoft Corporation), version: 10.0.18362.387 (WinBuild.160101.0800) 00007FF8530D0000-00007FF85317F000 a2hooks64.dll (Emsisoft Ltd), version: 2019.02.0.1903 00007FF879DB0000-00007FF879DE1000 ntmarta.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF878FD0000-00007FF879069000 uxtheme.dll (Microsoft Corporation), version: 10.0.18362.449 (WinBuild.160101.0800) 00007FF87C070000-00007FF87C1A5000 MSCTF.dll (Microsoft Corporation), version: 10.0.18362.900 (WinBuild.160101.0800) 00007FF87C8E0000-00007FF87C9A5000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.18362.959 (WinBuild.160101.0800) 00007FF87A130000-00007FF87A163000 rsaenh.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) 00007FF87BFC0000-00007FF87BFE6000 bcrypt.dll (Microsoft Corporation), version: 10.0.18362.267 (WinBuild.160101.0800) 00007FF87A790000-00007FF87A79C000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.18362.1 (WinBuild.160101.0800) Process Trace 1 C:\WSCC\MiTeC Utilities\x64\TMX64.exe [21256] 2020-08-01T09:49:48 2 C:\Windows\System32\svchost.exe [1516] 2020-08-01T08:54:42 C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule 3 C:\Windows\System32\services.exe [972] 2020-08-01T08:54:38 4 C:\Windows\System32\wininit.exe [892] 2020-08-01T08:54:38 wininit.exe 5 C:\Windows\System32\smss.exe [752] 2020-08-01T08:54:37 823ms \SystemRoot\System32\smss.exe 000000c4 00000084 6 C:\Windows\System32\smss.exe [608] 2020-08-01T08:54:36 \SystemRoot\System32\smss.exe Dropped Files Thumbprints c73f6197a94f0c79e48e73f4b05df77f95de6076cdc5650f2e555d1ba9b33b55 (code) a2a4976fe6b207bbcf4c21af966fe96f50ac2a6d98357e72763a725bb28d0bdb (ownermodule) cc4c06c5081d14b94f7a5d248aa6208a7725bf208e1a637ddeceb62aa653545b (pfn)
I have one that is questionable as well. I'm trying to run the latest version of the .NET Version Detector found here. Code: Malware found: Trojan.GenericKD.43420259 D:\Users\XXX\Desktop\PortableApps\dotnet.exe Mitigation MalwareBlocked Timestamp 2020-08-01T18:41:04 Platform 10.0.18363/x64 v875 06_2a PID 1852 Application D:\Users\XXX\Desktop\PortableApps\dotnet.exe Created 2019-05-08T09:08:45 Description Trojan.GenericKD.43420259 Process Trace 1 C:\Windows\explorer.exe [1852] 2020-07-30T17:33:18 C:\WINDOWS\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding 2 C:\Windows\System32\svchost.exe [1052] 2020-07-28T14:02:07 C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p 3 C:\Windows\System32\services.exe [972] 2020-07-28T14:02:07 4 C:\Windows\System32\wininit.exe [900] 2020-07-28T14:02:07 wininit.exe 5 C:\Windows\System32\smss.exe [728] 2020-07-28T14:02:04 3.0s \SystemRoot\System32\smss.exe 000000cc 00000084 6 C:\Windows\System32\smss.exe [552] 2020-07-28T14:02:01 \SystemRoot\System32\smss.exe Dropped Files Thumbprints 31d5f4e863ad99df8cb35d43fda4f48e8eabbd5822af7e7201404cd99f6e9d76
That's probably their anti-cheat engine doing tricks, if you wish to run this stuff protected you'll either have to use "Suppress Alert" or disable the "Control flow" protection for it. (the steam issue is different, but I need more details there as this is not an issue on most machines, only in certain scenario's it seems, on which drive is steam installed?).
What is the process starting ExpressVPN I'm guessing it's getting it from a parent protected process.
Everything was fine and everything is fine. I just saw the "error". There was no crash or anything I would have noticed. I only saw the "problem" when I opened the Diagnostic Data Viewer.