HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    Why does the "silence" get to you? Do you really believe that SurfRight and Sophos aren't already working hard to fix this issue? The alternative is that they are doing nothing about it, how realistic is that?

    My guess is that it'll take some time for Microsoft to process the required signature and Microsoft have probably been inundated with requests from software companies like SurfRight and Sophos caught out by the AU issue.

    I would imagine that a company the size of Sophos will be putting whatever pressure they can on Microsoft to get on with it.

    Edit: Here you go!

    https://www.wilderssecurity.com/thre...iscussion-thread.324841/page-444#post-2612881
     
    Last edited: Aug 24, 2016
  2. Secure_Guy

    Secure_Guy Registered Member

    Joined:
    May 4, 2016
    Posts:
    49
    Hello there.
    I have just installed HitmanPro.Alert 3.5.0.546 and am trialling it out.
    I also use KeePass.

    I know that HitmanPro.Alert can encrypt key strokes, which I can see why I type this on my browser (bottom right corner).

    HitmanPro.Alert detects KeePass when I start it up, and tells me that its protected by "Other" mitigation profile.
    However, why doesn't HitmanPro.Alert also encrypt key strokes when I am trying in KeePass?

    I also put KeePass into the "Browsers" mitigation profile, but even then, while typing in KeePass, I am not shown that key strokes are being encrypted like they are shown in my browser...

    How can I add other apps to be protected by HitmanPro.Alert keyboard encryption?

    PS: The Keystroke Encryption option is enabled.
     
  3. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    What other security software do you have on your machine? Does it also do keystroke encryption?
     
  4. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.5.1 Build 552 BETA

    Changes
    • Added support for Windows 10 version 1607 Anniversary Update (our drivers are now cross-signed by Microsoft).
    • Improved Keystroke Encryption.
    • Improved compatibility of CryptoGuard with roaming profiles on DFS mapped network drives.
    • Fixed Dynamic Heap Spray mitigation (solved false positive on websites with lots of JavaScript).
    • Several other minor fixes and improvements.
    Download
    http://test.hitmanpro.com/hmpalert3b552.exe

    Please let us know how this version runs on your machine. Thanks! :thumb:
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    Thanks very much, Mark.
    Great for Windows 10 users that HMP.A drivers are now cross-signed by Microsoft for Windows 10 Anniversary Update.
    All seems well on my Windows 7 x64.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    All's well here on my Win10 machines.

    Thanks!
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    No issues here either with 552
     
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    +1.
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    @markloman ,

    On closing Edge I got this ROP.

    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          24/08/2016 11:47:32 PM
    Event ID:      911
    Task Category: Mitigation
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Dave-PC
    Description:
    Mitigation   ROP
    
    Platform     10.0.14393/x64 06_25
    PID          8612
    Application  C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    Description  Microsoft Edge 11
    
    Callee Type  LoadLibrary
    
    Stack Trace
    #  Address          Module                   Location
    -- ---------------- ------------------------ ----------------------------------------
    1  00007FFE30B2CA1F KernelBase.dll           LoadLibraryExW +0x16f
    2  00007FFE30B55F3A KernelBase.dll           UnhandledExceptionFilter +0x21a
    3  00007FFE3383DA9B ntdll.dll              
    4  00007FFE33825946 ntdll.dll                __C_specific_handler +0x96
    5  00007FFE3383991D ntdll.dll                __chkstk +0x11d
    6  00007FFE337D86D3 ntdll.dll              
    7  00007FFE33838A3A ntdll.dll                KiUserExceptionDispatcher +0x3a
    
    8  00007FF72353F4A7 MicrosoftEdge.exe      
                        488b01                   MOV          RAX, [RCX]
                        488d542420               LEA          RDX, [RSP+0x20]
                        488b4038                 MOV          RAX, [RAX+0x38]
                        ff155fa32e00             CALL         QWORD [RIP+0x2ea35f]
                        85c0                     TEST         EAX, EAX
                        7908                     JNS          0x7ff72353f4c5
                        8bc8                     MOV          ECX, EAX
                        e85c13f8ff               CALL         0x7ff7234c0820
                        cc                       INT 3      
    
    9  00007FF72370A373 MicrosoftEdge.exe      
    10 00007FF723709CB5 MicrosoftEdge.exe      
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2016-08-24T13:47:32.613338500Z" />
        <EventRecordID>3614</EventRecordID>
        <Channel>Application</Channel>
        <Computer>Dave-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe</Data>
        <Data>ROP</Data>
        <Data>Mitigation   ROP
    
    Platform     10.0.14393/x64 06_25
    PID          8612
    Application  C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    Description  Microsoft Edge 11
    
    Callee Type  LoadLibrary
    
    Stack Trace
    #  Address          Module                   Location
    -- ---------------- ------------------------ ----------------------------------------
    1  00007FFE30B2CA1F KernelBase.dll           LoadLibraryExW +0x16f
    2  00007FFE30B55F3A KernelBase.dll           UnhandledExceptionFilter +0x21a
    3  00007FFE3383DA9B ntdll.dll              
    4  00007FFE33825946 ntdll.dll                __C_specific_handler +0x96
    5  00007FFE3383991D ntdll.dll                __chkstk +0x11d
    6  00007FFE337D86D3 ntdll.dll              
    7  00007FFE33838A3A ntdll.dll                KiUserExceptionDispatcher +0x3a
    
    8  00007FF72353F4A7 MicrosoftEdge.exe      
                        488b01                   MOV          RAX, [RCX]
                        488d542420               LEA          RDX, [RSP+0x20]
                        488b4038                 MOV          RAX, [RAX+0x38]
                        ff155fa32e00             CALL         QWORD [RIP+0x2ea35f]
                        85c0                     TEST         EAX, EAX
                        7908                     JNS          0x7ff72353f4c5
                        8bc8                     MOV          ECX, EAX
                        e85c13f8ff               CALL         0x7ff7234c0820
                        cc                       INT 3      
    
    9  00007FF72370A373 MicrosoftEdge.exe      
    10 00007FF723709CB5 MicrosoftEdge.exe      
    </Data>
      </EventData>
    </Event>
    Build 552.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Nice to see a new build. :thumb:

    It runs fine on my system although it didn't solve the peculiar problem where icons are not being displayed in the advanced UI under the blue and green tiles. See my screenshot here:

    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-437#post-2610465

    Uninstalling/re-installing doesn't help. Everything else is working correctly, e.g. flyouts, colored border, keystroke encryption indicator. TIA for any troubleshooting suggestions.
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Also running fine here on Win 7x64
     
  12. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Updated on Win 10 x64 latest and working well.
     
  13. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    42
    Location:
    The Netherlands
    Tried the new beta build. Seems the hitmanpro37.sys driver (1.3.8.12) is not yet accepted by Windows 10 Pro AU.

    I copied the following from the system event log:
    The description for Event ID 26 from source Application Popup cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys failed to load

    the message resource is present but the message is not found in the string/message table.


    Is this driver a left over from a previous beta?
    (Will check later today by uninstalling the beta unless I see an update here.)
     
    Last edited: Aug 24, 2016
  14. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    No, it's from the Hitman Pro scanner, which hasn't been updated yet.
     
  15. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    42
    Location:
    The Netherlands
    Correct, however after making sure no hitmanpro37.sys was part of my system it did get reinstalled running the latest offered HMPA beta.
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    How did you reintroduce HitmanPro? Did you click on the Scan Computer tile in the HitmanPro.Alert advanced UI?
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HMPA downloads the current public version of HMP (that contains hitmanpro37.sys), so that part needs an update too. We already have that part ready, it's just going through testing (quality control). Stay tuned, next week, new builds of HMPA and HMP will be both live and public (non-beta).
     
  18. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    42
    Location:
    The Netherlands
    Great to know. Staying tuned for updates.
    Is there a tweak available att to disable the Autoscan of the HMPro part during startup?
     
  19. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    The latest beta doesn't solve the problem I mentioned before regarding the incompatibility between HMPA and Bitdefender's Active Threat Control function. Bitdefender support simply says they aren't compatible with you and that I should uninstall HPMA. For easy reference I quoted the problem below.

     
  20. Lonesome Bob

    Lonesome Bob Registered Member

    Joined:
    Aug 24, 2016
    Posts:
    17
    Location:
    unknown
    I have MPC-HC running from a networked folder, M:\Players\MPC-HC\mpc-hc.exe and cannot seem to add this app to the exclusions list. I was able to add an exclusion for a locally installed copy found at C:\Program Files\MPC-HC\mpc-hc.exe though not for the network app. How do I exclude a network located app?

    MPC-HC (1.7.10) crashes when attempting to play video, excluding the app fixes that problem. I'm using HMPA 3.5.0 build 546 3-year subscription.
     
  21. plat1098

    plat1098 Guest

    ?

    Of course it is. I was wondering whether HMPA had been temporarily left by the wayside in favor of other situations. Clearly it hasn't so I'm a happy camper once more.
     
  22. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    maybe they do not even have the right to go on vacation?

    The last 2 weeks, in fact, have been enough to trigger a lot of speculation...
     
  23. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    False positive while using Iobit uninstaller:

    Mitigation CryptoGuard

    Platform 10.0.14393/x64 06_4e
    PID 6580
    Application C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    Description Uninstall Programs 6.0.2

    Filename C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    C:\Program Files\CyberLink\PhotoDirector5\Customizations\Generic\Setting\python27.dll
    C:\Program Files\CyberLink\PhotoDirector5\MUITransfer\FotoEnvRes.dll
    C:\Program Files\CyberLink\PhotoDirector5\EffectExtractor\EffectExtractor.exe
    C:\Program Files\CyberLink\PhotoDirector5\InstallerCopyRight.txt

    /E
     
  24. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64 with HMP.alert 3.5.1.552 beta is running without issues!
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    build 552 + KeePass master password dialog = no orange keystroke encryption bar.
    build 552 = no tamper protection.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.