HitmanPro.ALERT Support and Discussion Thread

I think this has to do with 'Administrator rights' during the uninstall/install process.

 

Thanks for your reply, L10090. I did/do have Admin rights, but I can no longer install/use HMP.A.

UPDATE: System Restore did the trick. Now I can install HMP.A but FF just won't start, no matter what version of HMP.A I use.

As soon as I disable Exploit Protection for FF in HMP.A, Firefox starts without any problems. I have exactly the same problem with IE - Internet Explorer can only be launched if exploit protection for IE is disabled in HMP.A. What's wrong here? Can this be fixed?

Security Setup: Windows 10, running KIS 2016, MBAM (Premium) and HMP.A 3.0.50.198 (RC) (or any other version of HMP.A with the same weired result).

Here are some more details from Event Viewer:

Fehlerbucket , Typ 0
Ereignisname: APPCRASH
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: firefox.exe
P2: 40.0.3.5716
P3: 55dda065
P4: hmpalert.dll
P5: 3.1.0.310
P6: 55e9879c
P7: c00000fd
P8: 0000e9d3
P9:
P10:

Angefügte Dateien:

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_firefox.exe_46f9e967610375d60865f3ed4ae408daa825457_3210e41f_1db0782a

Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: f9a45ad1-3764-455c-8280-0804a4991412
Berichtstatus: 524384
Bucket mit Hash:

Here's some more information taken from the WER file AppCrash_firefox.exe_46f9e967610375d60865f3ed4ae408daa825457_3210e41f_1db0782a mentioned above:

Version=1
EventType=APPCRASH
EventTime=130861340556161289
ReportType=2
Consent=1
UploadTime=130861476039792732
ReportIdentifier=64268918-55a5-11e5-93f3-001d92b1fc74
IntegratorReportIdentifier=f9a45ad1-3764-455c-8280-0804a4991412
NsAppName=firefox.exe
Response.type=4
Sig[0].Name=Anwendungsname
Sig[0].Value=firefox.exe
Sig[1].Name=Anwendungsversion
Sig[1].Value=40.0.3.5716
Sig[2].Name=Anwendungszeitstempel
Sig[2].Value=55dda065
Sig[3].Name=Fehlermodulname
Sig[3].Value=hmpalert.dll
Sig[4].Name=Fehlermodulversion
Sig[4].Value=3.1.0.310
Sig[5].Name=Fehlermodulzeitstempel
Sig[5].Value=55e9879c
Sig[6].Name=Ausnahmecode
Sig[6].Value=c00000fd
Sig[7].Name=Ausnahmeoffset
Sig[7].Value=0000e9d3
DynamicSig[1].Name=Betriebsystemversion
DynamicSig[1].Value=10.0.10240.2.0.0.768.101
DynamicSig[2].Name=Gebietsschema-ID
DynamicSig[2].Value=1031
DynamicSig[22].Name=Zusatzinformation 1
DynamicSig[22].Value=fe23
DynamicSig[23].Name=Zusatzinformation 2
DynamicSig[23].Value=fe23d242bc79d47fd08cacc659c5e8a6
DynamicSig[24].Name=Zusatzinformation 3
DynamicSig[24].Value=2a5b
DynamicSig[25].Name=Zusatzinformation 4
DynamicSig[25].Value=2a5be7d6fd0f429f16afee41aa273c4d
UI[2]=C:\Program Files\Mozilla Firefox\firefox.exe
UI[3]=Firefox funktioniert nicht mehr
UI[4]=Windows kann online nach einer Lösung für das Problem suchen.
UI[5]=Online nach einer Lösung suchen und das Programm schließen
UI[6]=Später online nach einer Lösung suchen und das Programm schließen
UI[7]=Programm schließen
LoadedModule[0]=C:\Program Files\Mozilla Firefox\firefox.exe
LoadedModule[1]=C:\WINDOWS\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\WINDOWS\system32\KERNEL32.dll
LoadedModule[3]=C:\Windows\system32\hmpalert.dll
LoadedModule[4]=C:\WINDOWS\system32\KERNELBASE.dll
LoadedModule[5]=C:\Program Files\Mozilla Firefox\mozglue.dll
LoadedModule[6]=C:\WINDOWS\SYSTEM32\VERSION.dll
LoadedModule[7]=C:\WINDOWS\system32\msvcrt.dll
LoadedModule[8]=C:\Program Files\Mozilla Firefox\MSVCR120.dll
LoadedModule[9]=C:\Program Files\Mozilla Firefox\MSVCP120.dll
LoadedModule[10]=C:\Program Files\Mozilla Firefox\nss3.dll
LoadedModule[11]=C:\WINDOWS\system32\ADVAPI32.dll
LoadedModule[12]=C:\WINDOWS\system32\sechost.dll
LoadedModule[13]=C:\WINDOWS\system32\RPCRT4.dll
LoadedModule[14]=C:\WINDOWS\SYSTEM32\WINMM.dll
LoadedModule[15]=C:\WINDOWS\system32\USER32.dll
LoadedModule[16]=C:\WINDOWS\system32\GDI32.dll
LoadedModule[17]=C:\WINDOWS\SYSTEM32\WSOCK32.dll
LoadedModule[18]=C:\WINDOWS\system32\WS2_32.dll
LoadedModule[19]=C:\WINDOWS\system32\NSI.dll
LoadedModule[20]=C:\WINDOWS\SYSTEM32\WINMMBASE.dll
LoadedModule[21]=C:\WINDOWS\system32\cfgmgr32.dll
LoadedModule[22]=C:\WINDOWS\SYSTEM32\DEVOBJ.dll
LoadedModule[23]=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\inproc_agent.dll
LoadedModule[24]=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\product_info.dll
LoadedModule[25]=C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\klsihk.dll
LoadedModule[26]=C:\WINDOWS\system32\IMM32.DLL
LoadedModule[27]=C:\WINDOWS\system32\MSCTF.dll
LoadedModule[28]=C:\Program Files\Mozilla Firefox\sandboxbroker.dll
LoadedModule[29]=C:\Program Files\Mozilla Firefox\xul.dll
FriendlyEventName=Nicht mehr funktionsfähig
ConsentKey=APPCRASH
AppName=Firefox
AppPath=C:\Program Files\Mozilla Firefox\firefox.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=C7047F235D61F222C4E41B6441658657

Hope this helps to fix this problem.

 

Norton is only blocking other programs, in this case HMP.A, from accessing Nortons files. It is not blocking HMP.A from working.

 

This is a bug in 3.1. On some computers it causes this error. Expect a fix soon.

 

I refer to my [recent] posts on pages 11 and 12, here and the problems I had with EAM/EIS causing a BSOD in the snapshot which had HMPA installed, too.

I had to uninstall EIS in this snapshot, to regain access to that snapshot. So, far I haven't reinstalled EIS. I am not running any AV and firewall in this snapshot, for the moment I am relying relying on HMPA, SSM, Kerish Doctor and Kingsoft PC Doctor. The version of HMPA is 3.0.48 Build 196.

 

I'm also running Kerish Doctor with EIS and HMP.A and was plagued with BSODs for a while until I completely uninstalled Kerish Doctor with Revo and reinstalled. No issues with this combo since.

 

Hi faircot,

Thanks for your interest. I have not renewed my subscriptions to EAM/EIS since I am running XP, still...And, as @Fabian Wosar has pointed out XP will no longer be supported going forward with next major release of EAM/EIS. So, I don't think I will reinstall EIS in this snapshot.

 

Thank you, Erik.

 

Suddenly a green border when opening IE11 with build 310 (W10 build 10240 64 bits/Norton Security with Backup v22.5.2.15).

 

Any feedback on below? Like to know if I change the browser would it work?
ect..... suggestions?

Sandboxie versions:
> 5.01.12
> 5.01.13

With combination of Hitman Pro Alert and Sandboxie with Cyberfox Browser?
Please! Sent to the developers, and hopefully they will fix! This conflict from
above....

"What version of Windows are you running?"
Windows 10 X64 Bits Operating System.

Install the following:
Download
http://test.hitmanpro.com/hmpalert3b198rc.exe

Kind regards,

 

False Positive?

HitmanPro keeps identifying RestartExplorer.exe as malware. As far as I can tell, it's actually a component of ASUS Web Storage.
Have also scanned w/ESET, MalwareBytes, Webroot, SAS, ADWCleaner, JRT... no hits.

is this potential malware, or a false positive?

Thank you!

 

Can you post a log from HitmanPro? Just click on the Save Log at the end of a scan.

 

What is the best way to deploy HMP.A in an environment with +50, or even more clients?
Is there a deployment tool?
Is there a possibility to pre configure HMP.A, like with an config file?

This is what I've been asked today, by our chief service manager.

 

I just did a scan and now it's not coming up. Has there been a changed version of HitmanPro since my last post?
(Or did I possibly forget to check "ignore" after the last scan, and it was quarantined or deleted... Is there a way to check that?)

Thank you!

 

TrueCrypt 7.1a crashes with HitmanPro.Alert 3.1 installed (so I had to revert to 3.0).

Code:

Faulting application name: TrueCrypt.exe, version: 7.1.1.0
Faulting module name: ntdll.dll, version: 10.0.10240.16430
Exception code: 0xc00000fd

 

Yes, I also noted that. (Reason enough to not yet install 3.1 beta)

 

Yeah working on it. Fix will be available next week.

 

We can provide an MSI. 3.1 will come with an import/export feature. Also other business features.

 

Log posted below. Thank you.

Code:

HitmanPro 3.7.9.245
www.hitmanpro.com

  Computer name . . . . : XXXXXXXXXX
  Windows . . . . . . . : 6.3.0.9600.X64/8
  User name . . . . . . : XXXXXXXXXXX
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Paid (446 days left)

  Scan date . . . . . . : 2015-09-12 13:13:12
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 51s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 1
  Traces  . . . . . . . : 1

  Objects scanned . . . : 1,837,763
  Files scanned . . . . : 40,078
  Remnants scanned  . . : 409,634 files / 1,388,051 keys

Malware _____________________________________________________________________

  C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\RestartExplorer.exe
  Size . . . . . . . : 122,880 bytes
  Age  . . . . . . . : -0.0 days (2015-09-12 13:12:57)
  Entropy  . . . . . : 5.6
  SHA-256  . . . . . : D02801CA075570B87223813F97513785A9876DD44C3039D0482FAB68AE12B604
  > G Data . . . . . . : DeepScan:Generic.Malware.P!Pk!g.1427F165 (Engine A)
  Fuzzy  . . . . . . : 102.0

 

OK. Thanks!

 

Hitman Alert blocks Chrome 45 immediately. I have to put Chrome in the excluded programs to run it. Is that a known bug of the current version and will that be fixed, or is my computer doing something strange? (I had Chrome already installed, but even uninstalling and re-installing it, does not fix this).

Update: sorry, jumped the gun with this message. I tried the beta of 310, and this solved the problem. Chrome is no longer blocked on startup.

Update 2: doh. Actually my Chrome was starting again, due to the old exclusion rule I had already made. When I reset the setting to the standard, Chrome 45 got blocked again on start-up... So, currently exclusion rule added again and Hitman Pro Alert does not protect when using Chrome...

 

This is likely caused by other software on your machine. What other security software is installed and on what version of Windows? I look forward solving this. Thanks!

 

It seems hitman pro alert doesn't compatible with spy shelter premium ?, i always getting "attack intercepted" on both chrome and firefox! :
http://i.imgur.com/GTCJYzm.png

Running version 3.0.48 Build 196, please make it compatible with spy shelter premium.

Edit :

Adding all SpyShelter related exes on the Exploit Mitigation Exclude still causing those error.

 

I am using Kaspersky Internet Security 2016 and Windows 10 (64-bit). Could it be the new extension that KIS 2016 installs in Chrome triggers HMA to block Chrome?