HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Explorer.exe has various hardcoded mitigations.
     
  2. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Any progress on the below mentioned bug?

     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Have you tried disabling Network Lockdown?

    What other AV or security products are you using? The combination with HMPA might be a cause.

    I can offer remote assistance to see the mentioned issue and find the cause to come up with a solution (if needed). Just PM me to set this up.
     
  4. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I use Bitdefender and AdGuard. I submitted a ticket to your supportdesk a while ago, they confirmed the bug, but couldn't give an ETA.
     
  5. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I disabled every setting possible without succes, a remote session is fine by me. :)
     
  6. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    HitmanPro.Alert 3.1.10 Build 373 seems to be working here. Got the auto update alert and rebooted.

    Unfortunately I had an untimely, unrelated, blue screen crash due to my firewire audio driver. This is a known problem that hits me about once a month during a warm reboot.

    It seems that the HMP.Alert upgrade install got lost in the shuffle, and HMP.Alert was completely uninstalled.

    Did the manual update and all is OK now.
     
  7. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Most people write about problems here. I should just like to say that build 373 works as it should on my rig, quietly in the background. Many Thanks.
     
  8. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
    HitmanPro.Alert 3.1.10 Build 373 Released
    Thanks Eric and Mark, it’s all OK for me. :thumb::thumb::thumb:
     
  9. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Thanks =)
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    HMPA by default displays the "Standard interface". To switch to the Advanced interface left click/select the gear icon in the upper right corner and then select Advanced interface. On the Advanced interface you will see icons for protected browsers and other apps, and also the Risk reduction section that includes CryptoGuard (padlock icon).

    It may be that the browser is not being protected automatically because it is launching from a nonstandard location. You can add it manually by:
    1. Run it
    2. Click on the Exploit Mitigation tile in the Advanced interface
    3. Click on Running applications at the bottom
    4. Select the browser which should appear in the left Not Protected column
    5. Select Browsers from the Choose Template menu

    Afterward you should see the browser's icon in the Advanced Interface and also the colored border around it (assuming display colored border is enabled in the Safety Notification section).

    It appears that you have Norton Safe Search installed which uses Ask.com. I wouldn't characterize it as a risk, but personally I would uninstall Norton Safe Search because I associate Ask.com with unwanted toolbars, etc.


    CryptoGuard can be toggled On/Off on the Risk Reduction tile in the Advanced Interface.

    Hope this helps! :thumb:
     
  11. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    Working good here. No browser slowdowns to report. Just the age old problem with alt-tab when chrome is in the foreground.
     
  12. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64:
    HitmanPro.Alert build 372 auto updated to build 373 and is running fine, no issues so far!
     
  13. Man van het noorden

    Man van het noorden Registered Member

    Joined:
    Jun 26, 2014
    Posts:
    12
    Location:
    NL
    Automatically updated to build 373. Just as reported in #10013 also with this build I get a ROP message (see below) opening .VOB, .MPG, .MPEG and .AVI files (and probably there are more media type files) with Windows Media Player. I have to disable 'Control-Flow Integrity' for Windows Media Player to be able to watch the video.

    Mitigation ROP

    Platform 6.1.7601/x86 06_25
    PID 4120
    Application C:\Program Files\Windows Media Player\wmplayer.exe
    Description Windows Media Player 12

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 77324712 advapi32.dll RegQueryInfoKeyW +0xdb
    2 7731E09B advapi32.dll CryptGenRandom +0x153

    3 639CBE57 msmpeg2adec.dll
    8945e4 MOV [EBP-0x1c], EAX
    33f6 XOR ESI, ESI
    8b45dc MOV EAX, [EBP-0x24]
    3bc6 CMP EAX, ESI
    e8486ef4ff CALL 0x63912cae
    880b MOV [EBX], CL
    0a20 OR AH, [EAX]
    c40505a018c9 LES EAX, [0xc918a005]

    4 639C2683 msmpeg2adec.dll
    5 639CF28B msmpeg2adec.dll
    6 63946A61 msmpeg2adec.dll
    7 6394834E msmpeg2adec.dll
    8 61E82225 qdvd.dll
    9 61E822E6 qdvd.dll
    10 61E823CD qdvd.dll

    Process Trace
    1 C:\Program Files\Windows Media Player\wmplayer.exe [4120]
    "C:\Program Files\Windows Media Player\wmplayer.exe" /Play "D:\VTS_01_1.VOB"
    2 C:\Windows\explorer.exe [2800]
    C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
     
  14. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    I'm also getting the ROP with Windows Media Player 12 when opening .MPG and .AVI files

    5/31 - Update/correction: it seems that .AVI files will open fine ... for me, it's just the .MPG files that result in ROP in WMP 10. They will open without the error in VLC.

    Similar to:
    Mitigation ROP

    Platform 6.1.7601/x86 06_3a
    PID 4736
    Application C:\Program Files\Windows Media Player\wmplayer.exe
    Description Windows Media Player 12

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 767A4712 advapi32.dll RegQueryInfoKeyW +0xdb
    2 7679E09B advapi32.dll CryptGenRandom +0x153

    3 592088B1 msmpeg2adec.dll
    8945e4 MOV [EBP-0x1c], EAX
    33f6 XOR ESI, ESI
    8b45dc MOV EAX, [EBP-0x24]
    3bc6 CMP EAX, ESI
    e8eea3f4ff CALL 0x59152cae
    880b MOV [EBX], CL
    0a20 OR AH, [EAX]
    c40505a018c9 LES EAX, [0xc918a005]

    4 59207C7C msmpeg2adec.dll
    5 59211BAC msmpeg2adec.dll
    6 59186A61 msmpeg2adec.dll
    7 5918834E msmpeg2adec.dll
    8 58B2A566 quartz.dll
    9 58B2A746 quartz.dll
    10 58B2A6A0 quartz.dll
     
    Last edited: May 31, 2016
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems so far with build 373.
     
  17. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Is it a known issue that ESET's Banking browser doesn't start properly if HMP.A is installed? Does anyone know?
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Hope they can find something. There seems to have been a general issue with TP-Link routers, since build 356 first reported beginning of February.
    Edit: Disabling Network Lockdown makes no difference.
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is a known issue.
     
  20. guest

    guest Guest

    same here, no issue so far.
     
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Build 373 running fine here :)
    (Win7x64)
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    And here - Win 8.1 x64 (other than #10045).
     
  23. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    + 1 (10 TH2)
     
  24. Armadax

    Armadax Registered Member

    Joined:
    Sep 13, 2015
    Posts:
    19
    Location:
    Zuid-Holland
    One more here, no issues (win8.1 x64, Kaspersky KIS)
     
  25. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    i'm unable to reproduce it in Win10
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.