HitmanPro.ALERT Support and Discussion Thread

Unrelated: on two PCs I could upgrade from Windows 10 1607 to 1703 with HMP.A still running. On the third the update stayed on 0% (installing from USB stick, so not waiting for download) for a very long time. After I uninstalled HMP.A the update went fine.

 

For a better upgrade experience i would disable or even uninstall security software (temporarily).
Some security applications do not even work with the new version (for example SpyShelter) or might cause some issues (Shadow Defender, HMP.A #13393, etc.)

 

no, encryption does not prevent exploits/bugs/etc from coming in on the connection. however, in order for security software to scan the traffic, it needs to essentially do a man-in-the-middle attack (https://en.wikipedia.org/wiki/Man-in-the-middle_attack) on your encrypted connection(s). doing this can increase your security risks for a number of reasons, particularly that your endpoint (browser, whatever) won't be able to see and verify the certificate presented by the other side of the connection. it is my experience that proper validation of who you/your application is talking to is more effective security than (typically signature-based) traffic analysis.

personally, the security strategy that makes the most sense to me is to disable https/ssl/tls scanning in AV, etc, use a good anti-exploit (to stop the common attacks that do reach an application on my machine), and keep my software up-to-date.

 

Weird: when iTunes is excluded my system still stalls when closing iTunes (reproducible). When HMP.A is uninstalled iTunes closes just fine (reproducible).

 

Interesting. I disabled all expolit mitigation features for iTunes and now it closes just fine and my system does not freeze.

 

I am able to open + close iTunes 64-bit v12.6.0.100 on Windows 10 Creator's Update 64-bit with exploit protection on without any problem.

Windows 10 build 1703

 

erik must be a busy person. I sent him a PM last friday and have not heard back. I only have a few days left on my trial for hmpa before i have to buy a license.

 

@Dragon1952 :
Don't you think it's impolite to complain, just after one business day?
Don't you think it's impolite to complain at all?

 

Build 588 crashed twice today on one of my PCs:

Code:

Faulting application name: hmpalert.exe, version: 3.6.4.588, time stamp: 0x58dd0e9d
Faulting module name: hmpalert.exe, version: 3.6.4.588, time stamp: 0x58dd0e9d
Exception code: 0x40000015
Fault offset: 0x00237c51
Faulting process id: 0xca8
Faulting application start time: 0x01d2af9b8d4645d0
Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Faulting module path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Report Id: 20a6bae6-1e36-11e7-8a55-4c72b91da94f

Code:

Faulting application name: hmpalert.exe, version: 3.6.4.588, time stamp: 0x58dd0e9d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620
Exception code: 0xe06d7363
Fault offset: 0x0000c54f
Faulting process id: 0xca8
Faulting application start time: 0x01d2af9b8d4645d0
Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 184b641a-1e42-11e7-8a55-4c72b91da94f

After the second crash, the HMP.A icon in the Notification Area disappeared and the process is no longer showing up in Task Manager.

Windows 7 HP SP1 x64.

 

I see that it also happened with build 586: #13257 (Exception code: 0xe06d7363)
If available, send them the .dmp-files.

 

I haven't seen this mentioned yet, but build 588 is appreciably stronger against a wider variety of ransomware than the previous build.

 

I don't know if I would go quite so far...

 

Perhaps you will do a review?

 

Me detects an upcoming video

 

for 2*, instead, its antiexploit engine

*

 

Good catch, I didn't remember that this had happened before or that I had reported it.

Hmmm... I don't see any .dmp files for this event. Anything else I might send to Mark/Erik?

 

Telos- Yes indeed, it's time for my quarterly dance with the Loman boys.

Peter- Those with the eyes to see will note the various forms of protection that HMPA affords (God, I'm not an animal!).

 

Would HMPA block this MS Word exploit that is currently making the rounds?
https://www.infosecurity-magazine.com/news/researchers-warn-of-new-microsoft/

 

@cruelsister:
And don't forget, that malware and ransomware doesn't magically sit on your desktop.
Usually it's distributed by email.

SMART-Screen is on, and UAC asks..., alt least on WIN8 and above.
And usually Windows-Defender is on...

So you will have a hard time to infect a machine, if HMP.A is running in the backround.

 

Yah, this is still happening on optimum.net email, the page is nuked afterward! Any chance this could get looked at some time? Would rather not have to switch browsers just for this. Details are here, post 13365:
https://www.wilderssecurity.com/thr...support-and-discussion-thread.324841/page-535

Thanks!

 

With all that in place, who needs HMPA

 

Can hardly wait seeing this is one of my main config solutions
Thanks Sis

 

Hilt- I'm glad you brought up those points:

1). You are correct in that malware is widely distributed via email containing a malicious attachment. When a person receives such an email a choice is given to the user of what to do with that attachment, one of which is to save the attachment (file) somewhere. Any particular reason why saving it and running it from the Desktop (or any other folder) is invalid in this case?

2). Consider if one is testing a product and there are 3 files on the Desktop- if that product is capable of detecting and stopping 2 but not the third, is a rational rebuttal that the 3rd file should have been run under special conditions?

3). About adding on WD, SmartScreen, UAC, etc- when a product is tested it should be tested naked (as is done by the Professional Testing organizations)- that is unless the Developer specifically states that the user needs WD, UAC, etc to make their product work correctly.

4). HMP.A is a complex application. The anti-ransomware functionality is the only thing that will be tested; as such it should be viewed not as any sort of trashing, but instead as free quality assurance. If a deficiency is found it can be fixed for the benefit of the user base (at least that has always been how it worked).

5). And about UAC- for a majority of malware UAC will be quiet as a mouse (If you think otherwise, you gotta watch my videos...).