HitmanPro.Alert BETA

The icon appeared after installing of CTP 2 and wasn't there before you have installed it?

 

These messages appear, when starting firefox or the nightly build.

 

mood: yes after CTP2, in fact just today I noticed it. I uninstalled CTP2 and HMP and reinstalled both to see if I could get the HMP icon off the CTP2 but was unable. Oh well, it was nice while it lasted, at least I can look at my screenshot and remember fondly.....lol. Maybe a developer can help out with this one, right?

Edit: Forget it, I got the new desktop icon back that allows one to enable Shell Integration. Know how? I simply opened Settings and clicked thru the tabs, suddenly the shortcut popped on the desktop. Bizarre, but I swear it's true. If there's a log documenting this, I'll be happy to send it somewhere. By the way, HMP on here is also the subscription scanner.

 

I'm not into cloud protection, and no, exploit protection is not related to real time scanning. It watches for known exploitation techniques and only comes into action when it sees this behavior.

OK thanks.

 

Ccleaner shows a PoW32kWatchdog-20170531-1447.dmp. CTP2-related?

 

PUB CTP runs great, only issue is it interferes with the HMP scanner, but thats a known issue. Encryption works and badusb works.

Edit for clarity

 

Which beta is it that you are referring to?
Both HMPA 3.6 Build 602 and HMPA 3.7 Build 708 are beta.

 

The latest 708 per the forum, sorry I should have specified.

 

Those of you running the 708 beta -- did you clean-install it or did you install it over your previous version of HMP.A?

 

i personally always clean install especially when it is betas.

 

All of my reported false-positive alerts from CTP1 have been fixed with CTP2.

Only this issue from CTP1 remains. But since I don't really need the colored border it's a non-issue for me.

Only one new minor issue on the gui: If I disabled the "Credential Theft Protection" the background color on the small tile doesn't darken to indicate that.


Another issue with the tiles I just noticed: The background of the "Process Protection"-tile is only bound to the first protection "Hollow Process Mitigation". So it only changes when you disable or enable this protection. If you change any of the other protections the tile stays the same.

 

Thanks @guest and @Peter2150 for the installation info.

 

HitmanPro.Alert 3.7 Build 709 CTP3

This build addresses a few minor issues in CTP2.

Changelog (compared to 708 )

• Added Sandboxie compatility to Local Privilege Guard (PrivGuard)
• Fixed HitmanPro/Sophos Clean triggering Credential Theft Protection (CredGuard)
• Fixed driver did not properly keep track of injection and whitelisting
• Fixed driver did not properly stop when installing only the anti-ransomware component

Notes
This build uses Microsoft co-signed drivers.

Download
http://test.hitmanpro.com/hmpalert3b709.exe

Please let me know how this build runs on you computer

 

Thanks

 

Downloading...

 

Upgraded to build 709 CTP3. Problems with Sandboxie: FIXED. A HitmanPro-scan via HmP.Alert: Scan computer > Failed. BADUSB disabled after upgrade, had to enable it.



Win10 1703 build 15063.332 x64/Norton Security v22.9.4.8

 

Can you make a procmon trace when performing a Scan?

NOTE: The Scan from HMPA does not support authenticated proxies (yet). As a workaround you can install HMP and then perform a scan.

 

Logboeknaam: Application
Bron: HitmanPro.Alert
Datum: 4-6-2017 10:18:24
Gebeurtenis-id:911
Taakcategorie: Mitigation
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Mitigation PrivGuard

Platform 10.0.15063/x64 v709 06_17*
PID 5444
Application Z:\Sandbox\****\DefaultBox3\user\current\AppData\Local\Temp\Temp1_ProcessMonitor.zip\Procmon.exe
Description Process Monitor 3.33

Sweep

Code Injection
0000000000380000-0000000000386000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [3100]
0000000000390000-0000000000391000 4KB
00007FFE6DFC9000-00007FFE6DFCA000 4KB

Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="HitmanPro.Alert" />
<EventID Qualifiers="0">911</EventID>
<Level>2</Level>
<Task>9</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-06-04T08:18:24.397306200Z" />
<EventRecordID>3308</EventRecordID>
<Channel>Application</Channel>
<Computer>****</Computer>
<Security />
</System>
<EventData>
<Data>Z:\Sandbox\****\DefaultBox3\user\current\AppData\Local\Temp\Temp1_ProcessMonitor.zip\Procmon.exe</Data>
<Data>PrivGuard</Data>
<Data>Mitigation PrivGuard

Platform 10.0.15063/x64 v709 06_17*
PID 5444
Application Z:\Sandbox\****\DefaultBox3\user\current\AppData\Local\Temp\Temp1_ProcessMonitor.zip\Procmon.exe
Description Process Monitor 3.33

Sweep

Code Injection
0000000000380000-0000000000386000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [3100]
0000000000390000-0000000000391000 4KB
00007FFE6DFC9000-00007FFE6DFCA000 4KB
</Data>
</EventData>
</Event>

 

Procmon does not work. No output at all.

 

Filters did not reset somehow. Erik, sent you a mail with the procmon-logfile.

 

@erikloman
MPC-HC crash hasn't been fixed yet. CredGuard causes it.

 

MPC-HC cannot be supported. Exclude it via the blue tile > applications > scroll to the far right and click on the [+] to add it.
Note: You might first have to remove it from exploit mitigations if it is listed.

 

Got it!

 

Thanks!
If MPC-HC cannot be supported, it's probably good to have it automatically detected, so that if it's present, it's automatically included in the exclusion list.