HitmanPro.Alert BETA

the on-scanner seems to be launched from temp folder, if something block temp folder, so he won't run and show "failed".

 

They're saying it is an OpenDNS issue. However, I am not using OpenDNS. Also, I tried ISP, Google and other DNS - so I am fairly confident is saying the quirk I am seeing on this one particular system has nothing to do with DNS.

 

I've tried my ISP and Mullvad DNS. Outcome is the same - 'failed'!

 

For some reason the Windows startup tone only plays on system restart, not cold start. Fast Startup disabled.

 

L0L... Mullvad client never works for me so I always return to IVPN.

Are you using Emsisoft ? There are some reported issues between Emsisoft and HMP.A.

 

I have noticed as well, that for some reason on my system, if I set the scheduled scan to "Quick Scan"
instead of the full scan. I get zero errors (alerts). and that's with credguard on too.
So for now that's what mine is set at.
Also: no issues with my VPN (AirVPN) and HMP.A, or with AdGuard DNS

 

No. I don't have anything else on the HMP.A test systems.

 

No, I'm not using Emsisoft. I'm using ReHIPS and HMPA only. I disabled Windows Defender since HMPA blocks all malware I throw at it with the real time scanner (it works perfectly for me. It's just the on-demand scanner that 'fails').

 

Is that with 710 CTP4 Peter? And do you have any mutual exclusions between EIS and HMPA?

 

Thanks Peter.

710 CTP4 installed over 603 beta and running without issues, including scan, on my primary machine (see sig).

Edit: But I do have EAM and HMPA mutually excluded.

 

After clicking on "Anti-Malware" you can can see Enable/Disable. This is part the real-time protection which can be enabled/disabled.
And you can see "Scan Computer":
If you have HitmanPro installed, clicking on this button should launch your installed HitmanPro and it is doing a scan on-demand
If HitmanPro is not installed, HMP.A is downloading HitmanPro to a temporary directory and is launching it.
But if the download of the file is failing, then i would better install HitmanPro. Now HMP.A doesn't need to download it every time.

HMP.A is using the HitmanPro-Cloud for the real-time AV protection ("Real-time protection against prevalent malicious files")
Files which are detected from HitmanPro (on-demand), should be detected from HMP.A too (real-time)

You can copy/read/write/move/delete detected files without problems. Only the execution is blocked.
I don't think it is preventing other installed AV-solutions from doing its work.

The real-time protection of HMP.A relies solely on the cloud.

 

The newest beta has real time detection - it's still using HMP for scanning. Regarding the problem of the scan failing when trying to start it from HMPA, there is apparently more than one cause; OpenDNS is one, but no one said it was the only one.

 

Correct. OpenDNS is definitely not the cause for me. When I first install HMPA CTP4 it works. But after the first reboot and there after it 'fails' when trying to do an on-demand scan without HMP installed.

 

A few days ago I installed HMP.A CTP4 on my office machine.
Had no issues so far, but today I ran into one.
A weekly task is scheduled running an executable, created by myself,
but I got a red flyout, that a malicious threat was blocked....
There seems to be no option, to create an exception.

@erikloman:
How to exclude this task, or executable?

 

You can't exclude executables. But this is in preparation:

 

Can you make a log with Process Monitor and send it via PM? I already received one from another Wilders member, but would like another.

 

You currently cant exclude anything yet, but this is coming. Stay tuned!

 

Yep!

 

Nice find. We'll have a look at whitelisting options. There should have been something in the Event Log though. We'll have a look at IFW. Thank you all for reporting, your diligent work and your patience!

 

@erikloman

Spoke too soon.

Had to revert to 3.6.7 build 603 beta because Macrium Reflect backups (full, differential or incremental) would not work with 710 CTP4.

Macrium gives message 'Backup aborted! - Unable to read from disk - Error Code 5 - Access is denied.'

Retested to make sure it is due to 710 CTP4 and indeed it is. But I am back on image with 603 beta now so don't have the logs or any more info now.

It may be something similar to what @Peter2150 and @puff-m-d experienced with IFW?

 

Now also getting this on build 603:

Mitigation Anti-VM

Platform 10.0.15063/x64 v603 06_45
PID 9220
Application C:\Pumpernickel\Tools\Tray.exe
Description Tray.exe

VMware
Thumbprint
928984701761a8b191227e27d5b086455becd0a920be029d79299354778f78a6

 

I did not have a problem with Macrium Reflect backups on CTP3 or on CTP4

 

I hadn't seen any other reports of this either.

CTP4 is the first time I tried build 710. I can replicate the issue, but don't have much appetite for flipping images at the moment.

Edit: This is with MR v6 paid, latest btw.