HitmanPro.ALERT Support and Discussion Thread

Erik,
In Ctp4 I get still a blue flyby in IE9 in my Vista system.
Was there something changed in Ctp4 about this "bug" in Ctp3 ?
Can you approve that is it safe to change the reg to the full path of iexplore.exe ?

 

I'll try this the next time I install. I would prefer an additional option for the tray icon to temporarily (say 15 min.) disable HMPA before it reactivates itself. A lot of AVs and Firewalls offer you this feature. Makes it easier for problem determination.

 

I just already tried it in Ctp4 here in my Vista system.
After stopping the service I did some tests and did not get the flyby any more.
So I think it workes, but...... after starting the service again I got a BSOD (blue screen).
So we first need an answer from Erik if and when it is supported without BSOD.

 

I just installed HMPA on my Win7 system and stopping the service does seem to disable it. I did not get a BSOD restarting the service and the fly-out did come back. The problem I see with this is there is no indication from HMPA that it has been disabled. Either a change in color of the tray icon or by some other means. Yes the fly-out will no longer show, but some people may only want the fly-out once per session and they will have no idea if the service was disabled at some point during their session.

 

I'm still having the same slow-down on Win7 with the fileman exe I sent. The overall system does not seem to be affected as was the case with XP. Also no BSODs so far. When I disable the alert service, fileman screen appears instantly. Seems like there's an interaction problem with some Win32 console mode programs before their display appears. I have another program called fileview that reacts the same way. I'll give Win8 a try next.

 

I had a similar problem several times last week.

However, I was not running HPA3 (HPA2 instead). I was also running Sandboxie though. Maybe this helps pinpointing?

Please post what you find out.

 

Wish that was true.

Many iTunes crashes today. Unfortunately after using it for a while and no clear indication of what action in iTunes triggers these crashes.

 

OOOPs, 1st Win7 BSOD after a clean reboot and starting Firefox. I sent you the dump Erik. Also, I do not see the green boarder around the browser GUI like I did on the XP system. Active vaccination is on.

 

I agree that disabling the service should to be visible in the HMPA screen.
But i think it is not a big omission, because everyone who knows how the disable a service, will remember this after a wile.
And after only stopping the service it wil again be started at the next reboot.

 

Erik, the BSOD after starting the service in Vista comes from address hmpalert.sys+f36b as far I can see.
I will try it again in a few hours in an "empty" system to prove that it is repeatable.

 

The point I was making was if the service was disabled by something else other than the user himself such as malware, etc..

 

Are you sure you are running build 90? Can you send a dump?

 

As some of you noticed is that we have a BSOD issue in CTP4. All seem related to the same bug. We are working on a fix.

Keep the reports coming in.

 

Error:

Logboeknaam: Application
Bron: Application Error
Datum: 4-10-2014 14:28:25
Gebeurtenis-id:1000
Taakcategorie: (100)
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: *****
Beschrijving:
Naam van toepassing met fout: hmpalert.exe, versie: 3.0.15.90, tijdstempel: 0x542e7ef5
Naam van module met fout: hmpalert.exe, versie: 3.0.15.90, tijdstempel: 0x542e7ef5
Uitzonderingscode: 0xc0000005
Foutoffset: 0x001cc501
Id van proces met fout: 0xaac
Starttijd van toepassing met fout: 0x01cfdfceb0ef22f4
Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pad naar module met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Rapport-id: ef90db90-4bc1-11e4-911f-001f16aa0c13
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-10-04T12:28:25.000000000Z" />
<EventRecordID>147973</EventRecordID>
<Channel>Application</Channel>
<Computer>sjaak2-PC</Computer>
<Security />
</System>
<EventData>
<Data>hmpalert.exe</Data>
<Data>3.0.15.90</Data>
<Data>542e7ef5</Data>
<Data>hmpalert.exe</Data>
<Data>3.0.15.90</Data>
<Data>542e7ef5</Data>
<Data>c0000005</Data>
<Data>001cc501</Data>
<Data>aac</Data>
<Data>01cfdfceb0ef22f4</Data>
<Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
<Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
<Data>ef90db90-4bc1-11e4-911f-001f16aa0c13</Data>
</EventData>
</Event>

 

BSOD. Sent minidump by mail. Dont know if its HmP.Alert.

 

it is running just perfect

 

Do you have a dump of this crash?

 

No crash, only a recurring HmP.Alert-event in Event viewer.

During boot a BSOD, I sent you a mail with dmp-file.

Logboeknaam: System
Bron: Microsoft-Windows-WER-SystemErrorReporting
Datum: 4-10-2014 17:36:12
Gebeurtenis-id:1001
Taakcategorie: Geen
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
De computer is opnieuw opgestart na een bugcontrole. De bugcontrole is 0x000000d1 (0x0000000000008088, 0x0000000000000002, 0x0000000000000008, 0x000000000000808. Er is een dump opgeslagen in: C:\Windows\MEMORY.DMP. Rapport-id: 100414-29374-01.
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WER-SystemErrorReporting" Guid="{ABCE23E7-DE45-4366-8631-84FA6C525952}" EventSourceName="BugCheck" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-10-04T15:36:12.000000000Z" />
<EventRecordID>879320</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">0x000000d1 (0x0000000000008088, 0x0000000000000002, 0x0000000000000008, 0x000000000000808</Data>
<Data Name="param2">C:\Windows\MEMORY.DMP</Data>
<Data Name="param3">100414-29374-01</Data>
</EventData>
</Event>

 

I will send you a mail with the Wuala-link (memory.dmp (zipped 161 mb)).

 

Ive got the BSOD dump. Still looking for a service dump.

 

Hi erikloman
Thanks you for getting back.

Sorry no, do not have the dump files because have Automatically restart unchecked also not using any paging file [to save hits to SSD [and space] [have 32gb of memory]].

Will temporary recheck Automatically restart and give the OS some paging file.

With regards
Take Care
TheQuest

 

Got a BSOD after logging into Windows and opening Chrome. BlueScreenView faulted HMP.Alert's driver and ntoskrnl. As soon as I rebooted and logged in, I got another BSOD, but this time it wasn't HMP.Alert, I think. I have the minidumps, but can't attach them here.

 

To clarify, when I say "white-listing" I mean that HMPA will perhaps look at from where malware (the payload) is trying to load. So for example if malware (that is triggered by some exploit) is trying to launch from c:\Temp, HMPA will stop it. And some more info about the "Network Lockdown" feature would be nice, but you're a bit busy, so it can wait.

 

At the moment I'm not, I installed it on Win XP SP2, but the protection does not work. I did test it on Win 8 months ago, and it worked quite smoothly.