HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    Need assistance with SBIE and HMPA, I don't remember having this problem on Win7(i'll test it later) but after installing it on my laptop w/ Win10 i'm having SBIE error 2203 GUIPROXY in chrome... if HMPA service is stopped I dont get such error.
     
  2. guest

    guest Guest

    Surely because HMPA inject dlls in every Sbie processes, i had this GUI Proxy issues with Chrome all the time until i hide the alerts... it is why i ditched Sbie.
     
  3. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    So theirs no workaround?! I was hoping theres one as HMPA and SBIE is now in one roof... what would be the catch if I just hide it?!

    Its either I hide, ditch one, or change my browser?!
     
    Last edited: Mar 1, 2017
  4. guest

    guest Guest

    not as far as i know, i and many complained about it since ages on Sbie threads/forum.

    Sbie is known for its multiple incompatibilities/annoyances especially with Chrome and other security apps. Basically all i heard from "experienced" Sbie's users is that Sbie is best used with WinXP/7 and FF or IE. And preferably as only security apps..."because you don't need more"

    basically yes...

    From what i heard , this alert is not security related but just GUI related...but personally i cant verify it so i can't take this as a valid answer and explanation, which led me to ditch it.
     
  5. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
  6. guest

    guest Guest

    @Duotone No problem. Sbie is still good , dont misunderstand me, to me it is just annoying to use it at its current state.
     
  7. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    I can't find a tweak guide anywhere. So, I need suggestion on: 1. What settings are the most resource intensive; and, 2) what settings are nice to tick, but not absolutely required to use under normal circumstances.

    I know, normal circumstances differ .. so don't ask me about that one!

    Contrary to MBAE, HMPA seems to default to all settings ticked .. which can be pretty heavy going on an older computer. TIA.
     
    Last edited: Mar 2, 2017
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    That was yesterday, with my system that I didn't update manually, to see if auto update worked as it should.

    Today, after booting, build 586 was offered correctly, and with a reboot build 574 was updated to 586 without issues.
    So, all is well, now.

    @tonino,
    I hope the same applies to your system(s).
     
  9. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    362
    I booted up today and got the pop-up for the update, rebooted and was updated to 586 without issues as well.
     
  10. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    362
    I just hide the notifications in SBIE and HMPA still functions properly for me.
     
  11. tonino

    tonino Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    62
    Location:
    somewhere

    Yes, i can confirm i'm running 586 build version!
    Just updated today after system reboot!

    All seems fine!

    cheers!:D
     
  12. guest

    guest Guest

    With default settings in MBAE or all settings enabled i can't see any difference (<1-2% CPU-Usage), so i can't tell which settings might have an influence on performance.
    Default settings should be fine.

    In HMP.A i had to disable Network Lockdown because of a 40-50% CPU-Usage while downloading files. All other settings are enabled without any major performance impact.
    But on a slower PC there might be some differences.
     
  13. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Everybody is happy now with 586.
     
  14. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    I have no performance issues at all with MBAE at default or with a bunch of extra settings enabled. And I don't feel much drag on performance with MBAE and HMPA 2.6.5.77 running together. And that's what I do on my older XP computers. However, when running HMPA 3 build 586 (with MBAE uninstalled), I do feel a drag on performance (even on my slightly younger laptop with W7) and thus my questions. Yes, comparing apples with oranges, agree!

    The safest way to drive a car is to leave it in the garage. And the safest way to drive HPMA is to enable all settings (or about 99%, as I think the default is). But, to enjoy driving either I have to find something in-between: as little as possible, as much as necessary. Contradiction in terms? Not really.
     
    Last edited: Mar 3, 2017
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  16. rei

    rei Registered Member

    Joined:
    May 25, 2006
    Posts:
    51
    MBAM 3.x I find to be slower and more sluggish with its UI than HMPA. Also consistently received BSOD errors regarding TCPIP.SYS whenever I used P2P downloads like Torrent clients and/or the downloaders + installers of popular MMO games.
     
  17. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    Maybe so, but MBAM is not MBAE! I have no intentions of moving from MBAE 1.09.x (as a freestanding product) to MBAM 3.x (of which MBAE is now also a part) due to the reasons you mention and some more. But, that's off topic, at least for me.
     
  18. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Same here.
    I waited untill my notebook does auto-update, and it did today.
    Running build 586 now, without any issue.
    Smooth update process, that should be an example for other vendors. (Java comes to mind...)
     
  19. Erastus Seymour Pott

    Erastus Seymour Pott Registered Member

    Joined:
    Jan 17, 2017
    Posts:
    15
    Location:
    UK
    Upgraded to 586 today, now getting more Trusteer issues than I ever did with previous version of HMP.A :

    Mitigation IAF

    Platform 10.0.14393/x64 v586 06_3f
    PID 532
    Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Description Firefox 51.0.1

    Violation 64134B1C is calling KBDUK.DLL IAT funcptr kernel32.dll!GetProcAddress


    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 64134B1C RapportTanzanUtil_2015.dll
    ff1510701364 CALL DWORD [0x64137010]
    8bf0 MOV ESI, EAX
    85f6 TEST ESI, ESI
    754e JNZ 0x64134b76
    ff1530701364 CALL DWORD [0x64137030]
    8b35dc711364 MOV ESI, [0x641371dc]
    8945f0 MOV [EBP-0x10], EAX
    85f6 TEST ESI, ESI
    7416 JZ 0x64134b51
    8d45d0 LEA EAX, [EBP-0x30]
    8bce MOV ECX, ESI
    50 PUSH EAX
    6a04 PUSH 0x4
    ff1540711364 CALL DWORD [0x64137140]
    ffd6 CALL ESI
    8bf0 MOV ESI, EAX

    2 64134579 RapportTanzanUtil_2015.dll
    3 639F8DB2 RapportTanzanEx510.dll
    4 716E0000 (anonymous; rooksdol.dll)
    5 639FB45B RapportTanzanEx510.dll
    6 639F92A5 RapportTanzanEx510.dll
    7 71620000 (anonymous; rooksdol.dll)
    8 0E50598B xul.dll
    9 0E33034B xul.dll
    10 0E508181 xul.dll

    Process Trace
    1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [532]
    2 C:\Windows\explorer.exe [7252]
    3 C:\Windows\System32\userinit.exe [6644]
    4 C:\Windows\System32\winlogon.exe [752]
    winlogon.exe

    Thumbprint
    2ef52db0666821c4f0b1842c0682c99460279f6b2e3e0baf1e4996b765bdeed6
     
  20. guest

    guest Guest

    There can be some issues, if Network Lockdown is enabled. Slow download, high CPU-Usage, or other network related issues.
     
  21. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Hi Eric

    Wrt to post #13003

    The problem re-appears. It was ok for a few days and this morning. Now it has return

    FYI, I need to restart my system then the problem goes away
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    IAF mitigation HmP.Alert 586 and Adobe Acrobat Reader DC 15.23 (sandboxed with Sandboxie beta 5.17.4).

    Logboeknaam: Application
    Bron: HitmanPro.Alert
    Datum: 3-3-2017 12:16:01
    Gebeurtenis-id:911
    Taakcategorie: Mitigation
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****
    Beschrijving:
    Mitigation IAF

    Platform 10.0.14393/x64 v586 06_17*
    PID 8168
    Application C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    Description Adobe Acrobat Reader DC 15.23

    Violation 6AC0D3C3 is calling WKSCLI.DLL IAT funcptr kernel32.dll!GetModuleHandleW


    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 6AC0D3C3 ccme_base_non_fips.dll
    ff157470c16a CALL DWORD [0x6ac17074]
    8b7508 MOV ESI, [EBP+0x8]
    c7465c80bec16a MOV DWORD [ESI+0x5c], 0x6ac1be80
    83660800 AND DWORD [ESI+0x8], 0x0
    33ff XOR EDI, EDI
    47 INC EDI
    897e14 MOV [ESI+0x14], EDI
    897e70 MOV [ESI+0x70], EDI
    c686c800000043 MOV BYTE [ESI+0xc8], 0x43
    c6864b01000043 MOV BYTE [ESI+0x14b], 0x43
    c74668a811c26a MOV DWORD [ESI+0x68], 0x6ac211a8
    6a0d PUSH 0xd
    e88a3e0000 CALL 0x6ac11286
    59 POP ECX
    8365fc00 AND DWORD [EBP-0x4], 0x0

    2 6AC0C011 ccme_base_non_fips.dll
    3 6AC0C09D ccme_base_non_fips.dll
    4 6AC0C158 ccme_base_non_fips.dll
    5 779CE58E ntdll.dll RtlDecompressBuffer +0xee
    6 779A0E46 ntdll.dll
    7 779A10F0 ntdll.dll
    8 779C7636 ntdll.dll LdrInitializeThunk +0xb6
    9 779C7590 ntdll.dll LdrInitializeThunk +0x10

    Code Injection
    0000000000D90000-0000000000D96000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    0000000000DA0000-0000000000DA1000 4KB
    00007FFB8DA39000-00007FFB8DA3A000 4KB
    1 C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    2 C:\Windows\System32\services.exe [680]

    Process Trace
    1 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [8168]
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\***\Desktop\****"
    2 C:\Program Files\Sandboxie\Start.exe [6100]
    "C:\Program Files\Sandboxie\Start.exe" /env:00000000_SBIE_CURRENT_DIRECTORY="C:\Users\****\Desktop" /env:=Refresh "C:\Users\*****\Desktop\****"
    3 C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    4 C:\Windows\System32\services.exe [680]

    Thumbprint
    10e5175ec96aea2f84ac6d0aa259918a4f003b60a5b756ac6b46e42b847e4118
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-03T11:16:01.904442500Z" />
    <EventRecordID>17849</EventRecordID>
    <Channel>Application</Channel>
    <Computer>****-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe</Data>
    <Data>IAF</Data>
    <Data>Mitigation IAF

    Platform 10.0.14393/x64 v586 06_17*
    PID 8168
    Application C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    Description Adobe Acrobat Reader DC 15.23

    Violation 6AC0D3C3 is calling WKSCLI.DLL IAT funcptr kernel32.dll!GetModuleHandleW


    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 6AC0D3C3 ccme_base_non_fips.dll
    ff157470c16a CALL DWORD [0x6ac17074]
    8b7508 MOV ESI, [EBP+0x8]
    c7465c80bec16a MOV DWORD [ESI+0x5c], 0x6ac1be80
    83660800 AND DWORD [ESI+0x8], 0x0
    33ff XOR EDI, EDI
    47 INC EDI
    897e14 MOV [ESI+0x14], EDI
    897e70 MOV [ESI+0x70], EDI
    c686c800000043 MOV BYTE [ESI+0xc8], 0x43
    c6864b01000043 MOV BYTE [ESI+0x14b], 0x43
    c74668a811c26a MOV DWORD [ESI+0x68], 0x6ac211a8
    6a0d PUSH 0xd
    e88a3e0000 CALL 0x6ac11286
    59 POP ECX
    8365fc00 AND DWORD [EBP-0x4], 0x0

    2 6AC0C011 ccme_base_non_fips.dll
    3 6AC0C09D ccme_base_non_fips.dll
    4 6AC0C158 ccme_base_non_fips.dll
    5 779CE58E ntdll.dll RtlDecompressBuffer +0xee
    6 779A0E46 ntdll.dll
    7 779A10F0 ntdll.dll
    8 779C7636 ntdll.dll LdrInitializeThunk +0xb6
    9 779C7590 ntdll.dll LdrInitializeThunk +0x10

    Code Injection
    0000000000D90000-0000000000D96000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    0000000000DA0000-0000000000DA1000 4KB
    00007FFB8DA39000-00007FFB8DA3A000 4KB
    1 C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    2 C:\Windows\System32\services.exe [680]

    Process Trace
    1 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [8168]
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\****\Desktop\****"
    2 C:\Program Files\Sandboxie\Start.exe [6100]
    "C:\Program Files\Sandboxie\Start.exe" /env:00000000_SBIE_CURRENT_DIRECTORY="C:\Users\****\Desktop" /env:=Refresh "C:\Users\****\Desktop\****"
    3 C:\Program Files\Sandboxie\SbieSvc.exe [2784]
    4 C:\Windows\System32\services.exe [680]

    Thumbprint
    10e5175ec96aea2f84ac6d0aa259918a4f003b60a5b756ac6b46e42b847e4118</Data>
    </EventData>
    </Event>

    Win10 1607 build 14393.726 x64/Norton Security v22.9.0.71
     
  23. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    I never understood why/how a CPU gauge or a clock gadget or a slide show from my pictures folder could possibly constitute a threat to my PC. For gadgets that get info from online, yes, maybe -- but not for gadgets that depend entirely on local data.
     
  24. rei

    rei Registered Member

    Joined:
    May 25, 2006
    Posts:
    51
    ...because they're poorly-coded from a time (2009-2011) to not take into account arbitrary remote code risks vulnerabilities which are now our ever-present reality? The local info that they're reporting ON doesn't eliminate the fact that their implementation in Windows exposes you to additional risk. Running them is just foolish.
     
  25. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Isn't protecting against remote code execution attacks, precisely one of the purposes of HMP.A and similar products?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.