HitmanPro.ALERT Support and Discussion Thread

I do use dr web and its been awhile sense I have been here .Will update my profile soon.Sorry guys

 

No need to be sorry, but making sure the security software information in your signature is up to date, can be helpful in determining any incompatibilities.

 

Hi all,

Ever since I updated Firefox to the latest 50.0 version I am getting warnings from HitmanPro / some intrusion alarm, stating I should NOT enter any confidential info into Firefox and run a full system scan first. Doing that scan, nothing is found. But starting Firefox again gives me just the same shooting error..

When I go to the Log file, this is what I get : many Firefox processes that do not ring a bell with me (see a copy of the log at the end of this post).
Does anyone experience similar problems? HMP once more on false positives, what do you think?

Any thoughts & help appreciated , thanks in advance!

( By the way: I'm on a paid HMP, however oddly enough there's no way of finding any proper customer support. It must be, I do not understand what a customer is ;-)

Spoiler

=================================== copy of log file ==========================================================================
Intruder

PID 14544
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 50

Detour Report
# Address Owner Disassembly
-- ---------- ------------------------ ------------------------
CreateThread
1 0x741E9B90 kernel32.dll JMP 0xff850656
2 0xFF850656 (anonymous) PUSH DWORD 0xff862930
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateToolhelp32Snapshot
1 0x741F7B50 kernel32.dll JMP 0xff8501d2
2 0xFF8501D2 (anonymous) PUSH DWORD 0xff8dfc30
JMP 0xff840000
3 0xFF840000 (anonymous)

GetStartupInfoA
1 0x741E9C10 kernel32.dll JMP 0xff850546
2 0xFF850546 (anonymous) PUSH DWORD 0xff8620c0
JMP 0xff840000
3 0xFF840000 (anonymous)

MapViewOfFile
1 0x741E8D60 kernel32.dll JMP 0x741e8d5b
2 0x741E8D5B kernel32.dll JMP 0x104791e5
3 0x104791E5 xul.dll

MoveFileExA
1 0x7420BB20 kernel32.dll JMP 0xff85036a
2 0xFF85036A (anonymous) PUSH DWORD 0xff860d10
JMP 0xff840000
3 0xFF840000 (anonymous)

MoveFileWithProgressA
1 0x741F3CB0 kernel32.dll JMP 0xff8503ae
2 0xFF8503AE (anonymous) PUSH DWORD 0xff860e78
JMP 0xff840000
3 0xFF840000 (anonymous)

SetUnhandledExceptionFilter
1 0x741EA940 kernel32.dll JMP 0x741ea93b
2 0x741EA93B kernel32.dll JMP 0x1017a4b1
3 0x1017A4B1 xul.dll

VirtualAlloc
1 0x741E7810 kernel32.dll JMP 0x741e780b
2 0x741E780B kernel32.dll JMP 0x1047a0e1
3 0x1047A0E1 xul.dll

WinExec
1 0x7420FF70 kernel32.dll JMP 0x6a190000
2 0x6A190000 (anonymous)

CreateServiceA
1 0x744D6580 ADVAPI32.dll JMP 0xff850986
2 0xFF850986 (anonymous) PUSH DWORD 0xff860950
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateServiceW
1 0x744D65A0 ADVAPI32.dll JMP 0xff8509a8
2 0xFF8509A8 (anonymous) PUSH DWORD 0xff8609c8
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptAcquireContextA
1 0x744C0640 ADVAPI32.dll JMP 0xff8509ca
2 0xFF8509CA (anonymous) PUSH DWORD 0xff8618c8
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptAcquireContextW
1 0x744C05A0 ADVAPI32.dll JMP 0xff8509ec
2 0xFF8509EC (anonymous) PUSH DWORD 0xff861940
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptCreateHash
1 0x744BFA00 ADVAPI32.dll JMP 0xff850a52
2 0xFF850A52 (anonymous) PUSH DWORD 0xff861aa8
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptEncrypt
1 0x744D6B00 ADVAPI32.dll JMP 0xff850a30
2 0xFF850A30 (anonymous) PUSH DWORD 0xff861a30
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptExportKey
1 0x744BFB30 ADVAPI32.dll JMP 0xff850a74
2 0xFF850A74 (anonymous) PUSH DWORD 0xff861c88
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptGenKey
1 0x744C3930 ADVAPI32.dll JMP 0xff850a0e
2 0xFF850A0E (anonymous) PUSH DWORD 0xff8619b8
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptGetHashParam
1 0x744BF7D0 ADVAPI32.dll JMP 0xff850a96
2 0xFF850A96 (anonymous) PUSH DWORD 0xff861d00
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptHashData
1 0x744BFB10 ADVAPI32.dll JMP 0xff850ab8
2 0xFF850AB8 (anonymous) PUSH DWORD 0xff861d78
JMP 0xff840000
3 0xFF840000 (anonymous)

CryptImportKey
1 0x744BFAF0 ADVAPI32.dll JMP 0xff850ada
2 0xFF850ADA (anonymous) PUSH DWORD 0xff861df0
JMP 0xff840000
3 0xFF840000 (anonymous)

ClearBrushAttributes
1 0x746E77D0 GDI32.dll JMP 0xff850b84
2 0xFF850B84 (anonymous) PUSH DWORD 0xff861b98
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateDIBSection
1 0x746BF210 GDI32.dll JMP 0x746bf20b
2 0x746BF20B GDI32.dll JMP 0x10478a6c
3 0x10478A6C xul.dll

NamedEscape
1 0x746936E0 GDI32.dll JMP 0xff850ba6
2 0xFF850BA6 (anonymous) PUSH DWORD 0xff861c10
JMP 0xff840000
3 0xFF840000 (anonymous)

SetBrushAttributes
1 0x746E7860 GDI32.dll JMP 0xff850b62
2 0xFF850B62 (anonymous) PUSH DWORD 0xff861b20
JMP 0xff840000
3 0xFF840000 (anonymous)

send
1 0x747F1F60 WS2_32.dll JMP 0xff850d82
2 0xFF850D82 (anonymous) PUSH DWORD 0xff862228
JMP 0xff840000
3 0xFF840000 (anonymous)

WSASend
1 0x747F33A0 WS2_32.dll JMP 0xff850da4
2 0xFF850DA4 (anonymous) PUSH DWORD 0xff8622a0
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateWindowExA
1 0x74AE6F40 USER32.dll JMP 0x105fcd30
2 0x105FCD30 xul.dll

CreateWindowExW
1 0x74AC9870 USER32.dll JMP 0x1012f0f0
2 0x1012F0F0 xul.dll

FindWindowA
1 0x74AE2910 USER32.dll JMP 0xff850c2e
2 0xFF850C2E (anonymous) PUSH DWORD 0xff860fe0
JMP 0xff840000
3 0xFF840000 (anonymous)

FindWindowExA
1 0x74B39BD0 USER32.dll JMP 0xff850c50
2 0xFF850C50 (anonymous) PUSH DWORD 0xff861058
JMP 0xff840000
3 0xFF840000 (anonymous)

FindWindowExW
1 0x74AE4120 USER32.dll JMP 0xff850c94
2 0xFF850C94 (anonymous) PUSH DWORD 0xff861148
JMP 0xff840000
3 0xFF840000 (anonymous)

FindWindowW
1 0x74ACF180 USER32.dll JMP 0xff850c72
2 0xFF850C72 (anonymous) PUSH DWORD 0xff8610d0
JMP 0xff840000
3 0xFF840000 (anonymous)

GetWindowInfo
1 0x74AC38F0 USER32.dll JMP 0x74ac38eb
2 0x74AC38EB USER32.dll JMP 0x110eaea5
3 0x110EAEA5 xul.dll

GetWindowLongA
1 0x74ADDF20 USER32.dll JMP 0xff850cb6
2 0xFF850CB6 (anonymous) PUSH DWORD 0xff8612b0
JMP 0xff840000
3 0xFF840000 (anonymous)

GetWindowLongW
1 0x74AC6FB0 USER32.dll JMP 0xff850cd8
2 0xFF850CD8 (anonymous) PUSH DWORD 0xff861328
JMP 0xff840000
3 0xFF840000 (anonymous)

SendNotifyMessageA
1 0x74B39EB0 USER32.dll JMP 0xff850d3e
2 0xFF850D3E (anonymous) PUSH DWORD 0xff861580
JMP 0xff840000
3 0xFF840000 (anonymous)

SendNotifyMessageW
1 0x74AE70B0 USER32.dll JMP 0xff850d60
2 0xFF850D60 (anonymous) PUSH DWORD 0xff8615f8
JMP 0xff840000
3 0xFF840000 (anonymous)

SetWindowLongA
1 0x74AE6F90 USER32.dll JMP 0xff850cfa
2 0xFF850CFA (anonymous) PUSH DWORD 0xff861490
JMP 0xff840000
3 0xFF840000 (anonymous)

SetWindowLongW
1 0x74AC3790 USER32.dll JMP 0xff850d1c
2 0xFF850D1C (anonymous) PUSH DWORD 0xff861508
JMP 0xff840000
3 0xFF840000 (anonymous)

SetWindowsHookExA
1 0x74AE4020 USER32.dll JMP 0xff850bc8
2 0xFF850BC8 (anonymous) PUSH DWORD 0xff8df5a0
JMP 0xff840000
3 0xFF840000 (anonymous)

SetWindowsHookExW
1 0x74ACFB20 USER32.dll JMP 0xff850bea
2 0xFF850BEA (anonymous) PUSH DWORD 0xff8df618
JMP 0xff840000
3 0xFF840000 (anonymous)

SetWinEventHook
1 0x74ACFC10 USER32.dll JMP 0xff850c0c
2 0xFF850C0C (anonymous) PUSH DWORD 0xff8dfd98
JMP 0xff840000
3 0xFF840000 (anonymous)

UserClientDllInitialize
1 0x74AC1D00 USER32.dll JMP 0xff850afc
2 0xFF850AFC (anonymous) PUSH DWORD 0xff863470
JMP 0xff840000
3 0xFF840000 (anonymous)

ChangeServiceConfigA
1 0x762FBB90 sechost.dll JMP 0xff850920
2 0xFF850920 (anonymous) PUSH DWORD 0xff860770
JMP 0xff840000
3 0xFF840000 (anonymous)

ChangeServiceConfigW
1 0x762DA110 sechost.dll JMP 0xff850942
2 0xFF850942 (anonymous) PUSH DWORD 0xff8607e8
JMP 0xff840000
3 0xFF840000 (anonymous)

CloseServiceHandle
1 0x762DD000 sechost.dll JMP 0xff850964
2 0xFF850964 (anonymous) PUSH DWORD 0xff860860
JMP 0xff840000
3 0xFF840000 (anonymous)

ControlService
1 0x762DA330 sechost.dll JMP 0xff8508dc
2 0xFF8508DC (anonymous) PUSH DWORD 0xff860680
JMP 0xff840000
3 0xFF840000 (anonymous)

ControlServiceExA
1 0x762FBD20 sechost.dll JMP 0xff850898
2 0xFF850898 (anonymous) PUSH DWORD 0xff860590
JMP 0xff840000
3 0xFF840000 (anonymous)

ControlServiceExW
1 0x762DA440 sechost.dll JMP 0xff8508ba
2 0xFF8508BA (anonymous) PUSH DWORD 0xff860608
JMP 0xff840000
3 0xFF840000 (anonymous)

DeleteService
1 0x762FC1F0 sechost.dll JMP 0xff8508fe
2 0xFF8508FE (anonymous) PUSH DWORD 0xff8606f8
JMP 0xff840000
3 0xFF840000 (anonymous)

OpenServiceA
1 0x762DA2B0 sechost.dll JMP 0xff850854
2 0xFF850854 (anonymous) PUSH DWORD 0xff8604a0
JMP 0xff840000
3 0xFF840000 (anonymous)

OpenServiceW
1 0x762DCF90 sechost.dll JMP 0xff850876
2 0xFF850876 (anonymous) PUSH DWORD 0xff860518
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateProcessA
1 0x7700BA80 KernelBase.dll JMP 0x48730000
2 0x48730000 (anonymous)

CreateProcessInternalA
1 0x7700BB40 KernelBase.dll JMP 0x39810000
2 0x39810000 (anonymous)

CreateProcessInternalW
1 0x76F8FBE0 KernelBase.dll JMP 0x463e0000
2 0x463E0000 (anonymous)

CreateProcessW
1 0x76F8FBA0 KernelBase.dll JMP 0x4f520000
2 0x4F520000 (anonymous)

CreateRemoteThread
1 0x7700AB20 KernelBase.dll JMP 0xff85005c
2 0xFF85005C (anonymous) PUSH DWORD 0xff8df690
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateRemoteThreadEx
1 0x76F7FDA0 KernelBase.dll JMP 0xff850678
2 0xFF850678 (anonymous) PUSH DWORD 0xff8629a8
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateThread
1 0x7700AB50 KernelBase.dll JMP 0xff85025a
2 0xFF85025A (anonymous) PUSH DWORD 0xff8dfe88
JMP 0xff840000
3 0xFF840000 (anonymous)

CreateWellKnownSid
1 0x76F8C900 KernelBase.dll JMP 0xff8504be
2 0xFF8504BE (anonymous) PUSH DWORD 0xff861e68
JMP 0xff840000
3 0xFF840000 (anonymous)

DefineDosDeviceW
1 0x7700C7D0 KernelBase.dll JMP 0xff850348
2 0xFF850348 (anonymous) PUSH DWORD 0xff860c20
JMP 0xff840000
3 0xFF840000 (anonymous)

DeleteFileA
1 0x76FA8620 KernelBase.dll JMP 0xff850436
2 0xFF850436 (anonymous) PUSH DWORD 0xff8616e8
JMP 0xff840000
3 0xFF840000 (anonymous)

DeleteFileW
1 0x76FA9D10 KernelBase.dll JMP 0xff850414
2 0xFF850414 (anonymous) PUSH DWORD 0xff861670
JMP 0xff840000
3 0xFF840000 (anonymous)

FindClose
1 0x76F8D420 KernelBase.dll JMP 0xff85049c
2 0xFF85049C (anonymous) PUSH DWORD 0xff861850
JMP 0xff840000
3 0xFF840000 (anonymous)

FindFirstFileExW
1 0x76F80800 KernelBase.dll JMP 0xff850458
2 0xFF850458 (anonymous) PUSH DWORD 0xff861760
JMP 0xff840000
3 0xFF840000 (anonymous)

FindNextFileW
1 0x76F7CB00 KernelBase.dll JMP 0xff85047a
2 0xFF85047A (anonymous) PUSH DWORD 0xff8617d8
JMP 0xff840000
3 0xFF840000 (anonymous)

HeapCreate
1 0x76F92200 KernelBase.dll JMP 0xff8505ac
2 0xFF8505AC (anonymous) PUSH DWORD 0xff862318
JMP 0xff840000
3 0xFF840000 (anonymous)

LoadLibraryA
1 0x76F7C9A0 KernelBase.dll JMP 0x6ab70000
2 0x6AB70000 (anonymous)

LoadLibraryW
1 0x76F80E70 KernelBase.dll JMP 0x63980000
2 0x63980000 (anonymous)

MapViewOfFile
1 0x76F8A900 KernelBase.dll JMP 0xff850634
2 0xFF850634 (anonymous) PUSH DWORD 0xff8628b8
JMP 0xff840000
3 0xFF840000 (anonymous)

MoveFileExW
1 0x76F950B0 KernelBase.dll JMP 0xff85038c
2 0xFF85038C (anonymous) PUSH DWORD 0xff860d88
JMP 0xff840000
3 0xFF840000 (anonymous)

MoveFileWithProgressW
1 0x76F950D0 KernelBase.dll JMP 0xff8503d0
2 0xFF8503D0 (anonymous) PUSH DWORD 0xff860ef0
JMP 0xff840000
3 0xFF840000 (anonymous)

OpenThread
1 0x76F7FD30 KernelBase.dll JMP 0xff850238
2 0xFF850238 (anonymous) PUSH DWORD 0xff8dfe10
JMP 0xff840000
3 0xFF840000 (anonymous)

VirtualAlloc
1 0x76F8C8A0 KernelBase.dll JMP 0xff850612
2 0xFF850612 (anonymous) PUSH DWORD 0xff8624f8
JMP 0xff840000
3 0xFF840000 (anonymous)

VirtualProtect
1 0x76F8C850 KernelBase.dll JMP 0x5acf0000
2 0x5ACF0000 (anonymous)

VirtualProtectEx
1 0x77006BC0 KernelBase.dll JMP 0x50960000
2 0x50960000 (anonymous)

WriteProcessMemory
1 0x76F9E910 KernelBase.dll JMP 0xff85027c
2 0xFF85027C (anonymous) PUSH DWORD 0xff8dff00
JMP 0xff840000
3 0xFF840000 (anonymous)

LdrLoadDll
1 0x774EE660 ntdll.dll JMP 0x5e888430
2 0x5E888430 mozglue.dll

NtAdjustPrivilegesToken
1 0x77516FE0 ntdll.dll JMP 0xff8503f2
2 0xFF8503F2 (anonymous) PUSH DWORD 0xff860f68
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateFile
1 0x77517120 ntdll.dll JMP 0xff85058a
2 0xFF85058A (anonymous) PUSH DWORD 0xff8621b0
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateMutant
1 0x77517650 ntdll.dll JMP 0xff850766
2 0xFF850766 (anonymous) PUSH DWORD 0xff863128
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateProcess
1 0x775176B0 ntdll.dll JMP 0xff8500c2
2 0xFF8500C2 (anonymous) PUSH DWORD 0xff8df7f8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateProcessEx
1 0x775170A0 ntdll.dll JMP 0xff8500e4
2 0xFF8500E4 (anonymous) PUSH DWORD 0xff8df870
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateSection
1 0x77517070 ntdll.dll JMP 0xff8507aa
2 0xFF8507AA (anonymous) PUSH DWORD 0xff863218
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateThread
1 0x775170B0 ntdll.dll JMP 0xff8500a0
2 0xFF8500A0 (anonymous) PUSH DWORD 0xff8df780
JMP 0xff840000
3 0xFF840000 (anonymous)

NtCreateThreadEx
1 0x77517710 ntdll.dll JMP 0xff85007e
2 0xFF85007E (anonymous) PUSH DWORD 0xff8df708
JMP 0xff840000
3 0xFF840000 (anonymous)

NtDuplicateObject
1 0x77516F90 ntdll.dll JMP 0xff8501b0
2 0xFF8501B0 (anonymous) PUSH DWORD 0xff8dfb40
JMP 0xff840000
3 0xFF840000 (anonymous)

NtLoadDriver
1 0x77517B40 ntdll.dll JMP 0xff850304
2 0xFF850304 (anonymous) PUSH DWORD 0xff860b30
JMP 0xff840000
3 0xFF840000 (anonymous)

NtMapViewOfSection
1 0x77516E50 ntdll.dll JMP 0xff850018
2 0xFF850018 (anonymous) PUSH DWORD 0xff8df4b0
JMP 0xff840000
3 0xFF840000 (anonymous)

NtOpenFile
1 0x77516F00 ntdll.dll JMP 0xff850568
2 0xFF850568 (anonymous) PUSH DWORD 0xff862138
JMP 0xff840000
3 0xFF840000 (anonymous)

NtOpenProcess
1 0x77516E30 ntdll.dll JMP 0xff85016c
2 0xFF85016C (anonymous) PUSH DWORD 0xff8dfa50
JMP 0xff840000
3 0xFF840000 (anonymous)

NtOpenProcessToken
1 0x77517D40 ntdll.dll JMP 0xff8504e0
2 0xFF8504E0 (anonymous) PUSH DWORD 0xff861ee0
JMP 0xff840000
3 0xFF840000 (anonymous)

NtOpenSection
1 0x77516F40 ntdll.dll JMP 0xff850788
2 0xFF850788 (anonymous) PUSH DWORD 0xff8631a0
JMP 0xff840000
3 0xFF840000 (anonymous)

NtQueryInformationToken
1 0x77516DE0 ntdll.dll JMP 0xff850502
2 0xFF850502 (anonymous) PUSH DWORD 0xff861f58
JMP 0xff840000
3 0xFF840000 (anonymous)

NtQueueApcThread
1 0x77517020 ntdll.dll JMP 0xff85018e
2 0xFF85018E (anonymous) PUSH DWORD 0xff8dfac8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSetContextThread
1 0x775182F0 ntdll.dll JMP 0xff85014a
2 0xFF85014A (anonymous) PUSH DWORD 0xff8df9d8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSetInformationProcess
1 0x77516D90 ntdll.dll JMP 0xff8502e2
2 0xFF8502E2 (anonymous) PUSH DWORD 0xff860ab8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSetSystemInformation
1 0x775184E0 ntdll.dll JMP 0xff850326
2 0xFF850326 (anonymous) PUSH DWORD 0xff860ba8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSetValueKey
1 0x775171D0 ntdll.dll JMP 0xff8507ee
2 0xFF8507EE (anonymous) PUSH DWORD 0xff863308
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSuspendProcess
1 0x775185F0 ntdll.dll JMP 0xff850216
2 0xFF850216 (anonymous) PUSH DWORD 0xff8dfd20
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSuspendThread
1 0x77518600 ntdll.dll JMP 0xff8501f4
2 0xFF8501F4 (anonymous) PUSH DWORD 0xff8dfca8
JMP 0xff840000
3 0xFF840000 (anonymous)

NtSystemDebugControl
1 0x77518610 ntdll.dll JMP 0xff8507cc
2 0xFF8507CC (anonymous) PUSH DWORD 0xff863290
JMP 0xff840000
3 0xFF840000 (anonymous)

NtTerminateProcess
1 0x77516E90 ntdll.dll JMP 0xff8502c0
2 0xFF8502C0 (anonymous) PUSH DWORD 0xff860a40
JMP 0xff840000
3 0xFF840000 (anonymous)

NtUnmapViewOfSection
1 0x77516E70 ntdll.dll JMP 0xff85003a
2 0xFF85003A (anonymous) PUSH DWORD 0xff8df528
JMP 0xff840000
3 0xFF840000 (anonymous)

NtWriteVirtualMemory
1 0x77516F70 ntdll.dll JMP 0xff850128
2 0xFF850128 (anonymous) PUSH DWORD 0xff8df960
JMP 0xff840000
3 0xFF840000 (anonymous)

RtlCreateProcessParametersEx
1 0x774C1E60 ntdll.dll JMP 0xff85029e
2 0xFF85029E (anonymous) PUSH DWORD 0xff8608d8
JMP 0xff840000
3 0xFF840000 (anonymous)

RtlEqualSid
1 0x774FFA10 ntdll.dll JMP 0xff850524
2 0xFF850524 (anonymous) PUSH DWORD 0xff861fd0
JMP 0xff840000
3 0xFF840000 (anonymous)

 

Any deals for Cyber Monday?

 

Glad to hear you got that resolved!

 

@ericloman

HMPA Beta 573 prevented the installation of latest Logitech Gaming Software,

Was not getting any type of warning. Tried many times disabling several programs and was only able to install after disabling HMPA.

On reboot, with HMPA still disabled, got a BADUSB warning for the connected Logitech keyboard.

Likely caused by the upgraded driver, since I have been using my Logitech keyboard for a long time, but again, HMPA was disabled - all components.

 

Does Bitdefender Antivirus plus, VoodooShield and HitmanPro.Alert work together?
Also, do Emsisoft Antimalware, VoodooShield and HitmanPro.Alert work together?
Do Bidefender antivirus plus, Emsisoft Antimalware, Voodooshield and HitmanPro.Alert all work together?

 

3rd option is out of the question.

 

Did you disable BadUSB in Risk Reduction?

 

I have yesterday purchased and installed HitmanPro.Alert. I am on Windows 10, all WIN updates installed. I had the same issue as mentioned earlier in this Thread. On my laptop the keyboard was after installation not functioning anymore. I was not able to type in any text in Google Search or similar. However when I started for example the Outlook program and started to type a mail, that all worked fine. After fiddling around I found out that switching off the keyboard encryption functionality in the Advanced configuration in the program gave me back my keyboard. It works again as normal. The keyboard encryption seems to create issues and is probably still buggy.

 

Question: How does BadUSB handle Yubikeys? I guess that is best answered with, how does BadUSB work? Does it not allow new keyboards or does it not allow a USB device that once advertised itself as X to change to keyboard? Or... Does it work in another way? I guess I just want to know if I'll be able to use the Yubikeys I ordered yesterday on a system where HMPA has BadUSB enabled?

 

I have a Yubikey Neo in constant use, as I use it for LastPass Password manager. It works as normal.

 

What other security software do you have? Zemana AntiLogger, for example, is known to create that kind of issue because of ID Theft Protection's incompatibility with HMP.A's Keystroke Encryption.

 

I have a whole bunch of programs now in the meantime, all running in parallel : ESET Smart Security Premium, Malwarebytes Anti-Malware and Anti-Exploit, Zemana Anti-Logger, WinAntiRansom and now HitmanPro.Alert. I have to admit I did not care much regarding compatibility of the various programs to each other. I was hoping that they get well along with each other as most of them are probably designed to work as second opinion programs.

 

Well, HitmanPro Alert is a standalone, and as such, it should not be used in conjunction with Malwarebytes Anti Exploit/Malwarebytes beta Endpoint program unless the AE module is disabled. Even then, I wouldn't trust that there are no conflicts. I can tell you I had major issues with HMP A's interference w/MB beta 3.03; it caused a lot of freezing, even with the AE module disabled. Make a decision: one or the other. Def. not both.

 

No eddiewood:

Didn't think of only disabling BadUSB. I disabled all components.

 

Is it just me or is there now a one minute delay (approx) when clicking the Scan Computer button before the download begins... b573

 

Am I correct in assuming that if I select Silent Audit (from the Action Mode menu) it effectively disables every part of HMP.A from blocking anything/everything it may find from that moment?

Does this need a reboot to make this change and do you need to restart any browsers you may have open for it to work within these browsers?

 

Disable either ZAL's ID Theft Protection or HMP.A's Keystroke Encryption.
Also, you should really consider ditching other programs.

 

HitmanPro.Alert 3.6.1 Build 574 Released

Changelog (compared to 562)

• Added thumbprint based suppression technology
• Improved CryptoGuard
• Improved BadUSB enable/disable
• Improved Application Lockdown
• Improved DEP mitigation reporting detaills
• Improved LoadLib mitigation
• Improved WipeGuard
• Improved SEHOP mitigation
• Improved compatibility with 32-bit Java desktop applications requiring 1GB+ memory
• Improved colored window border to support app windows (eg. KeePass)
• Fixed support for Windows XP
• Fixed Intruder detection on Websense DLL in 64-bit browser processes
• Fixed ROP detection in Photoshop Elements Editor
• Several minor improvements

Notes
This is a release. This build has Microsoft co-signed drivers which makes this build suitable for use on Windows 10 computers with Secure Boot enabled.

Download
http://dl.surfright.nl/hmpalert3.exe

 

Thanks very much.
But perhaps you meant to say "compared to 562"?
To my knowledge, 3.5.3.562 was the previous release version, and there was no 563 release, nor was there a 563 beta released.

Will automatic update start today (as with the 562 release),
or will automatic update start in about a week (as with several other releases)?

 

No problems upgrading build 574.

Win10 1607 build 14393.447 x64/Norton Security v22.8.1.14

 

@markloman
@erikloman
Does Hitman Pro Alert protect from the latest Javascript exploit for Firefox described here:
http://www.itnews.com.au/news/firefox-javascript-zero-day-under-active-exploit-443050
https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html
https://lists.torproject.org/pipermail/tor-talk/2016-November/042640.html

 

From the code I see that the following mitigations might get triggered:
HeapSpray, IAT Filtering, StackPivot, ROP, CallerCheck.

Will no more once we get this exploit working.

 

Many thanks for the fast response. Looking forward to good news on this