HitmanPro.ALERT Support and Discussion Thread

It's actually a handy solution because when installed, it can be added to the right-click context menu in file explorer, where it can be run manually to check files:
"Scan with HitmanPro".

Or run a full HitmanPro scan from an icon on the desktop or quick launch bar.

 

BTW, which features are free? I understood that certain functions will keep working even if you don't trial HMPA and if you decide not to buy a yearly license, is this correct? I installed HMPA after quite a long time and it still looks quite good with a couple of interesting features you won't find in other behavior blockers. And you can even disable features that might cause problems.

 

I agree, but it would be better if HMP was integrated into HMP.A instead of HMP.A just downloading the HMP executable everytime a scan is started.

 

HitmanPro.Alert (3.8.8 build 889) has blocked update process of Windows10 [January 12, 2021—KB4598242 (OS Builds 19041.746 and 19042.746)]. All without any warning.
I was intuitively forced to uninstall HMPA. Only then the Windows update was possible.

 

FWIW no such issue here.

 

Same here, no problems.

 

The Windows 10 upgrade was fine for me.

 

Actually, I've installed HMPA after quite a long time and it now has a ''tamper protection'' feature, you won't be able to terminate the HMPA GUI and service when this feature is enabled.

 

A valid point raised in another thread: https://www.wilderssecurity.com/threads/iobit-forums-hacked.435960/page-2#post-2984099

@RonnyT ... for your consideration - please?

 

The trend among AV programs seems to no longer be ask first, but just quarantine first. Then you can restore the file from quarantine and exclude from future detection if you wish. Maybe there are exceptions, but I haven't seen any.

Avira broke their "ask" feature years ago, so even though their UI still allowed you to select "ask", it sent detected files straight to quarantine. This included their paid Pro version.

 

The reason why I mentioned my request is that I continue to this issue below, even though I have 'suppressed alert'?

HeapHeapProtect

The application, one of its loaded modules, or another process, has attempted to allocate memory with executable permissions to introduce additional code not part of the base program.

MITRE ATT&CK

Supply Chain Compromise - ID: T1195, Tactic: Initial Access

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-651#post-2973301

 

I had problems with HMPA older builds on win 7 /64 . I added a game to Mitigations /Other leave all boxes checked but never added games as Browser. My keyboard was acting weird so I had to do Alt+ Tab than Ctrl AL Del and that usually saved the problem and if sometimes that didn't solved the problem I will unplug USB cable of keyboard and plug back, back in game all ok. However my keyboard is a Merc and is seen as 2 keyboards from hardware point of view.
HMP A give me this problems because the game I'm talking about was known by me before having HMP A. The game was installing hidden USB devices- so in HMPA I had always the Bad USB module on and I think because of that I was having problems with weird buttons mapping. Basically the game was installing a bad USB and mess with the driver so half of my keyboard was unusable. HMPa never thrown an warning but was stopping the game doing that so - the keyboard malfunction. And again Alt Tab than Ctrl Alt Del usually solved the problem.
So in my case wasn't keystroke encryption. Initially when this problems appeared I disabled Bad USB module cause I didn't know what to do but, at some point I accidentally found ALT TAB and CTRL ALT DEL working.

Games will do install hidden devices to pose as USB devices or even keyboard. Even those games aren't Browser games and have all the files legit.

 

I mitigate Steam as Other not Browser or Media and leaved all boxed checked no problems on the HMPa build before .889 . Played 3 titles no problems. Win 10 20H2.

However Uplay is a dirty one and I had problems with it . But I'm not surprised Uplay does some fishy things.
First Uplay was added by HMPa automatically to mitigation but don't know if Browser or something else. Even that HMPa support says why I added Uplay to mitigation. I didn't initially and I took it off. I added Uplay to mitigations myself later on to test.
However HMPA will stop some child processes of Uplay if was mitigated but was doing it silently-- and that's a problem in HMPa, it should block whatever but warn the user what and why so we can have the ability to decide what to add to exclusions.
Lately Uplay had a very big patch and is worst than before. You can see in logs Uplay logs stuff like " disable shipping -tracing on machine is enable" this look like - don't do too much on this machine as we are traced by MS.

 

I do add games as protected/ mitigated as Others. Why ? Cause a lot of games are doing a lot of dirty stuff. And those games modifies their own .exe addresses in RAM than further OS more likely Services(Print, BITS, Cryptographic) of OS followed by corruptions of WINSX and Wbem. I've seen this a lot done by one game on win 7 and 10. At least in win 10 SFC works better than in win 7. Adding them as protected apps will stop the games of modifying their own RAM usage and corruptions of instructions and that will stop further chain of corruption to your OS.
My point of having HMPa is TO mitigate games not exclude them.

Infections form other apps installers or uninstalls on my machine is next to 0.00001%
Infection to trough bad Browsing maybe a 2 %
Infections from games is the rest of the percentage.
So why should I not mitigate the games?

Example : 1 month ago(I think 18 Dec) Win 10 /64 20H2, HmP A and KTS(Kaspersky I.S.) present. War Thunder game update itself but somehow all the servers is connecting to for the update are shut down by his own executable, seen in the log. Done that in the past 2years ago when I had Comodo.
Closed the game but didn't noticed remained in processes as 32 bit process. Open another one. Same thing, update doesn't work.
KTS interface freeze . KTS services seems alive. Very strange. HMPa doesn't respond. Windows Defender strangely calls Hydra( I think Panda AV engine) or KTS who did that. Whole system unresponsive >>> cold reset.
And all over again after restart except no more Hydra process in Taskbar.
2 days later noticed that I forgot to mitigate both executables of War Thunder in HMPA and also SFC found corruptions WINSX folders and a lot of double permissions.

I'm not blaming HMPa or KTS, but I blame windows for not telling me that another instance is running.
Just an example of a game with clean .exe files on Virus Total and valid certificates can do. An this is on win 10 imagine on win 7.

HMPa in build .889 win 10 20H2 is flashing EAC require to play War Thunder. something to do with bootstrap. Yeah EAC is child process of the game which is mitigated by me. I ignored EAC. Before .889 this flashing by HMPA of EAC was not present.
However I like EAC because sometimes acts as an AV.
EAC stopped the game cause wshom.ocx are suspicious. Checked location and hash of the files flashed by EAC. I said : hmmm strange.
Few days later I found traces of shells regarding wshom.ocx.

Since than I mitigate all .exe of shell present on my OS.

Some games will use any little gate and undefended little .exe files that will have some good privileges.

 

From the right-click menu on the tray icon I accidentally clicked, "Hide Icon". I couldn't find any way to unhide the tray icon so had to reinstall. There must be an easier way I'm missing.

 

Maybe right click tray and taskbar settings.

 

I have ASLR and DEP enabled in W10. Should i disable them in HMPA.

 

What is the current opinion on running HMPA fully enabled with either Bitdefender Free or Bitdefender Plus? Any potential for conflicts?

 

Good point, this must be fixed. In fact, this should be handled by Windows itself.

 

I used Bitdefender Internet Security with the previous version of HMPa with no issues. But only for about 12-15 days cause the 30 days trial from Bitdefender expired abruptly telling me to type my new license key.
However, I prefer ESET simply cause I can rule HIPS

 

Are there any known conflicts between Avast premium and HMPA? Namely with Avast's sandbox?

 

I don't have any complaints or bug reports. I just want the devs to know that I want password protection of the settings and also password protection against un-installation.

The tamper protection doesn't cover a guest user acting maliciously.

 

I haven't noticed any update to hitmanpro.alert recently. Has development stopped on it?

 

Perhaps now that Erik is no longer there...

 

Also looks pretty quiet over on the HMPA Beta thread...

https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-71#post-2972202