HitmanPro.Alert BETA

Lots of failures here:

• Update failed
• Uninstall failed (succeeded after yet another reboot)
• Install failed
• Program is locked
• Product key (valid for 1 more month) is not accepted: "A generic error occurred"

So I'm currently without HitmanPro.Alert protection

 

Auto update went well on my machine.

 

Updated with no problems

 

Received the auto update the day of release and rebooted a couple of days later. No issues have popped up.

 

HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022)

My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a boot loop after the install of Microsoft update KB5013943 released on May 10th 2022.

What to do

Option 1
Let the system BSOD and auto restart
After 3 times, you are presented with Advanced repair options button
Select Advanced repair options to enter winRE
Select Troubleshoot > Advanced options > Command Prompt
Type C:
Hit Enter
Type cd \windows\system32\drivers
Hit Enter
Type ren hmpalert.sys hmpalert.old
Hit Enter
Type Exit
The system should boot normally after renaming the hmpalert.sys driver

Option 2
Let the system BSOD and auto restart
After 3 times, you are presented with Advanced repair options button
Select Advanced repair options
Select Troubleshoot > Advanced options > Uninstall Updates
Choose Uninstall latest feature update (KB5013943)

FAQ

 

Do you have the same issues when installing build 923?
(download link in my signature).

 

That issue is gone.

However, on a Windows 11 PC of a family member, which is already running 3.8.19.923, I have now have the KB5013943 issue you posted above. I have uninstalled HitmanPro.Alert and HitmanPro and will try to update Windows again.

I gifted a license to this family member (purchased that during a Black Friday some time ago) and it was about to expire in 2 weeks anyway. I was in doubt whether to renew, but don't think I will on this PC. Unfortunately the program has caused more troubles than it prevented... (more than once)

I would like to continue testing on my own (Windows 10) PC (still have a test license for that).

 

Yes, KB5013943 installs fine with HitmanPro.Alert uninstalled...

 

https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-82#post-3079410

 

The product does what it's designed for it blocks LoLBins abused by malware e.g. cscript and powershell executions.
In this case I can't judge what it's trying to do as I don't have access to the script it's trying to execute, the name suggests something that would enumerate installed fonts but it's just a name of the file (code could do something totally different).

Did the epub load in the end? it could be it just works but not with the desired font?
Does it trigger these with all epubs? or just specific this one?

The Electron app is not registered as browser and/or handler to open e.g. html so for that the extensions that it does register match Office.
There is nothing holding you back to remove this application from the Office profile and add it to the browsers one would you prefer to (though i would keep it under office).

Should you decide you want to allow these actions you can use the below steps:
To be able to allow this please open HitmanPro.Alert -> Click on "Last event" find the offending alert(s) -> Action -> Suppress Alert
Make sure all offending alerts for the detected application now have the "Suppressed" message behind them and you should be good to go!

 

All epubs trigger these.
After that Koodo Reader just shows a blank window.

And I found that opening Koodo Reader directly (instead of opening the epub file) also triggers a similar alert.

Maybe it has something to do with the system language (Simplified Chinese) I use.

 

Build 943 released with the BSOD fix on Win11 KB5013943

 

If you trust the application/vendor then it seems fine to whitelist/suppress the alerts so you can use the reader (if only one epub triggered that would have been suspicious)

 

HitmanPro.Alert 3.8.21 Build 945 Release Candidate

Changelog (compared to 943)

• Improved Syscall
  
• Improved WipeGuard
• Improved CryptoGuard5
• Improved HollowProcess
• Improved ROP detection on crashing processes
• Improved HeapHeapHooray also covers powershell_ise now
• Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
• Several other changes under the hood

Download
https://dl.surfright.nl/hmpalert3b945.exe

Please let us know how this version runs on your machine, thanks!

 

No problems upgrading build 945 RC.

 

All good upgrade from build 943 to 945.
Thank you!

 

@RonnyT
Thx all good

 

All good so far, Win 10.

 

Installed on Friday, no problems so far.

 

Running fine here. Rebooted yesterday.

 

Manually updated to HitmanPro.Alert 3.8.21 Build 945 no problems.

Windows 11 Pro versie 21H2 22000.739

 

I cannot run Sandboxie Plus. What can I do? Version: HitmanPro.Alert 3.8.21 Build 945

 

@feerf56

You should revert back to Sandboxie Plus v1.1.3 for now because v1.2.0 is still an experimental version.

 

@feerf56

Or if you want to use Sandboxie Plus 1.2.0 untick Local Privilege Mitigation in HmP.Alert.

 

Thanks, I chose this one.