HitmanPro.ALERT Support and Discussion Thread

Could this be due to O&O ShutUp10 privacy tweaks?

 

I too use O&O Alkajak, and HMP.A
I have the 3.6.3 580 Beta installed,
is that the same version your getting that in ?
Never mind I just noticed your sig
Ignore me today lol

 

Do you get the same alert? I am using the same versions as you.

 

No, I haven't yet, but I was asking so I would know weather or not
to keep an eye out.
Thanks Alkajak

 

I am really curious to know what compatibility issues there might be when HMPA and MBAM 3 are run at same time. I am a re-seller of both and have hundreds of installed users running both HMPA and MBAM at same time. Now MBAM is pushing the 3.0 release to the currently installed users.

I need to know about the compatibility or the side effects of the two anti-exploit and anti-ransom on the same computer. Am I going to have to install one or the other? I asked MBAM to give me an option to install without those modules, but they don't care to say if they will or not. and now they released 3.0 anyway, so there's my answer.

 

You should disable the Exploit Protection in MB 3.0 but you will see a huge warning pop up at every boot which you will need to close, even then there will be an exclamation point on the tray icon.

I'm sticking with MBAM 2 for as long as I can, or until they fix their buggy program.

 

3 is still too buggy, you should be advising those of your customers that employ HMP.A to wait to upgrade MBAM to v3.
That would be the intelligent thing to do.

 

I would advise against installing Malwarebytes 3.0 at all at the moment and neither would I run the premium version together with HMP.A, even with Malwarebytes' exploit-protection disabled.

 

I'm running HMPA and MBAM v3 together. In MBAM I've only turned off the exploit protection and the two programs get along fine. The reason I won't install MBAM v3 on the PCs of some family members though is because when you turn off a module the UI and the tray icon show a warning which cannot be canceled. Every time you boot the computer MBAM shows a pop-up saying that the system is not fully protected and that annoys and worries some people. This has been brought to the attention of MalwareBytes and they've said they intend to address it, but so far they haven't. It needs to be possible to turn off modules when necessary without the program going into a permanent warning/error state.

 

It's nice that you personally went to hundreds of Mike's clients and tested the combination of Malwarebytes 3.0 + HMP.A + their individual operating system, hardware and other software combination. No, of course you haven't. All you can tell is that on your system with two thirds of Malwarebytes 3.0 disabled it seems to work at the moment, or there might be a conflict you simply haven't encountered yet.

Any minute Malwarebytes might push an update which breaks compatibility again, not only with each other but also other already installed internet security solutions on those computers, or even not security related software thanks to the anti-ransom-module. An update could also result in a re-enabling of components of Malwarebytes which then might result in a conflict. Also Malwarebytes throws a fit and goes red-alert the second you disable a component which might lead the user to re-enable it.

Just imagine all the hundreds of Mike's clients, who might not be so computer literate, and the support efforts and costs for Mike such a bound-for-trouble combination might generate. I guess reselling this stuff yields little profit as it is without getting hundreds of phone calls like "Hey Mike, Malwarebytes just showed an alert I don't understand" and the likes.

If I ran a computer repair shop, I would have recommended the old MBAM 1.75 and 2.x to clients back in the day, but Malwarebytes 3.0 is not recommendable at the moment and even once the bugs are ironed out, the recommendation has to be made on a careful individually based case. HMP.A is also more generated to computer literate persons, who know how to avoid overlaps and conflicts, but even 50% of the people who post problems in this thread here don't seem to understand that, so why would pc repair shop customers know that?

 

im off topic but the main concern i see on many security forums (and here especially) is that some members only think and talk about their own personal system and setup, contradicting/ignoring/opposing/denying what other members mention in a more "common user" and wider point of view.
Then some beginners come around , read those posts about specific system setups, feel they can do the same then smash or make their system unsecure; and obviously will blame the softwares for any issues/infections.

 

Thank you for your answer.
One more question regarding HMPA and Intercept X.
Is Intercept X using same technology as HMPA or is HMPA "beta" of Intercept X?

 

It appears not to be fully-integrated yet into Sophos Advanced Endpoint. We have it licensed at work and there's a separate HMPA folder installed for it into %PROGRAM FILES%

 

We have made integration for Intercept X (it is 75% HMPA). The binaries are the same between HMPA and IX.

Sophos builds our code base in their build environment and we build the exact same code base in our environment. So its all the same code. Stuff we fix end up in both products.

 

Hi Erik

I have sent you a pm regarding the re-activation of my license. Please help. Thanks

 

No issues since upgrading to Build 580 on Sunday.

 

HitmanPro.Alert 3.6.3 Build 582 RC1

Changelog (compared to 580)

• Improved installer/uninstaller
• Improved compatibility with MBAE, MBAM v3 and EMET
• Improved CallerCheck mitigation
• Improved DEP mitigation
• Improved compatibility with software using delay-loaded user32.dll
• Fixed issue with Forza Horizon 3 failing to start
• Fixed issue with Enpass UWP failing to start
• Fixed rare crash in Mozilla Firefox when running with Norton
  
• Fixed rare crash in conhost.exe
• Fixed rare BSOD in WipeGuard in combination with some USB fixed disks
• Fixed small memory leak
• The issue with Overwatch was fixed by Blizzard

Notes
This build does NOT have Microsoft co-signed drivers. So this build will NOT run on computers with Windows 10 Redstone 1 with SecureBoot enabled.

Download
http://test.hitmanpro.com/hmpalert3b582.exe

Please let us know how this version runs on your computer

 

Dear HMPA, I still have not seen a reply or fix to the issue I raised many weeks ago concerning the throttling down then killing of my network connection. This was on 2 different laptops, different manufaturers, both Win 10. So 2 licenses remain unused and instead I am using Malwarebytes Premium 3.0.

I am not experiencing any issues with MWB 3, certainly not the ones posted here by several people.

I'd like to support you again, but until you guys / Sophos set up proper support processes in respect of this potentially great product, you won't be getting a renewal from me, nor purchases from my businesses, it remains a nice niche product. Hopefully Sophos can get you to fix the bugs and improve support massively and propel it to mainstream consumer level. Good luck.

 

Upgraded from build 580 to 582 with no issues

By the way, is it still recommended that anti-exploit protection in MBAM v3 be turned OFF?

 

Disable the Network Lockdown feature. That should help to some extent.

Last resort, rename C:\Windows\System32\hmpnet.sys to hmpnet.bak

 

In build 582 we now prevent the mbae.dll to load in processes mitigated by HMPA (mbae.dll is still allowed to load if the application is not in HMPAs application list).

The mbae.dll will be allowed to load again when HMPA's license expires or when Exploit Mitigation in HMPA is disabled. This so that the exploit protection falls back into MBAE's hands.

This ensures that both Malwarebytes and SurfRight don't get too many support calls from customers running both products.

So you may enable exploit protection in MBAM v3 when HMPA is installed.

 

This is very helpful as it means the constant error that MBAM v3 displays when a protection module is disabled can be eliminated. Thank you!