HitmanPro.ALERT Support and Discussion Thread

OK thanks. I only mentioned that due to the similarity to Word locking up with some mysterious bug in Sophos when HMPA service was running. No telling what release they are running.

As the poster stated, he does not get any mitigations reports or logs when this happens, so isolating it to a particular cause is difficult.

 

Yes, of course. And thanks very much for that.
But, for clarity, I though it was good to mention that the earlier issue with LibreOffice x86 was solved.
Thanks again.

 

What i have tried doing now is downloading a standalone version of HitmanProAlert onto a spare laptop with WORD and our DM plugin - the latest version of hitman i got was 3.6.7.604......when i run this version, the problems DO NOT happen!!
So checking the version of Hitman that InterceptX is deploying, that version of hitman is older - it is 3.6.5.593.

For some reason, InterceptX does not run with the latest hitman.
To test if this older version does cause the issue, i uninstalled the NEW version of hitman off my test laptop, then copied this older hitmanEXE from the laptop running InterceptX - i then ran that which installed the older 593 version......then rebooted (modified the registry and the hitman shortcuts to have the /noupdate switch so that it doesnt try to update as soon as it gets internet!!)......then running this old version on the test laptop, the issue DOES happen!!

So clearly, this is some kind of issue/bug with this older hitman version (as it simply just causes a total lockup of word then the system and there is no log output in the hitman directory or in the even viewer).......but without sophos packaging their InterceptX product with the latest hitman we cannot resolve this.
Wonder how old this version of hitman is - cant find a release history/dates?

ANYONE have any ideas for getting this latest version of hitman to manually run in place of InterceptX's version of hitman? Just coping over the new EXE to replace the old EXE does not seem to do the trick?

 

Build 593 was released on May 18, 2017. See here:

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-552#post-2676846

 

That was version 3.6.6.593
I cant find a release date for 3.6.5.593

 

Replacing the EXE isn't sufficient, because new drivers/dll's of HMP.A must also be updated and these files are only updated with an installation of HMP.A.
But the version of HMP.A bundled with InterceptX is receiving "specific changes", so i guess you'll have to wait for a newer InterceptX-version

 

anyone know when 3.6.5.593 was released?

 

I never saw 3.6.5.593, but I have here hmpalert3.exe 3.6.5.592 with creation date May 5, 2017

 

In this thread, no 3.6.5.593 was mentioned.
Only 3.6.5.592 and then 3.6.6.593.

 

Yup.

The first 3 digits of HMPA shows the version number, and the last 3 are the build number. I have always observed that they both increase as new versions are released.

Perhaps the retail and the Sophos versions don't match up? At this point the question is just going to be speculation, until a dev gets involved.

 

Have you tried adding an Exploit Mitigation Exclusion for Microsoft Word from Sophos Central [Endpoint Protection - System Settings - General]?

 

Hi guys,

Simple crashing bug report with HitmanPro.Alert and VLC Media Player...if you want to make a look...

First thing first...

My OS is Window 10 home edition 64 bit version 10.0.0.15063 (latest version) and I keep everything updated...driver, Window and apps...my PC is a built from my hand...

As mentionned my 'all in one' and default media player is VLC 2.2.6 (latest version) and work well since several years

The bug is when a would like to play a media file from window explorer (the file is associated with VLC) Window 10 suddendly crash (BSOD)...with the error Driver IRQL NOT LESS OR EGAL...

and Window 10 keep crashing when I try to open a file with VLC (from the context menu or from Window explorer)

Okay...I run a crash diagnostic tool 'Whocrashed' and it's reveal that's HitmanPro.Alert driver that cause the crash...as you can see the report...and naturally it suggest to update the driver or uninstall Hitman.Pro Alert


First...I try to exclude VLC from the protected apps In HitmanPro.Alert...but it doesn't work...Window 10 still crashing...

Second...I uninstall and reinstall again...but it doesn't work...Window 10 still crashing...

Now I simply uninstall HitmanPro.Alert...and everything is back to normal (can open file with VLA without crashing)

If your developper team can make a fix...

Thanks and have a nice day

BonskY

 

Try turning off all of the risk reductions, rather than trying to exclude apps. That is where the system hardening protections are at. If that works, then enable them one at a time until it fails again.

If I encounter any issues, it is usually with one of them. Once I have identified the troublemaker, it is an easy workaround to just disable that risk reduction whenever I am using an action that triggers it.

 

Used VLC as my default player for years. My Windows 10 laptop and desktop have had no issues in the couple of years I've had HMP.A running along with VLC.

 

Ran a manual HMP scan (via HMP.A build 604), and this was the first result:



Note the logo at the beginning of the last line in the image.

Question: Is HMP/HMPA using Kaspersky during manual scans?

UPDATE: Never mind. My websurfing travels took me next to the HMP.A Beta thread, where I found this.

 

Release Notification via Email?
Hi all - is there any way to get on a 'release notification' email list for HitmanPro (i mean besides being a member of this forum, subscribing to this post and then getting email notifications about every single reply - including when new releases are mentioned here)?

Would like to be email notified about future hitmanPro releases as soon as they come out.

 

Microsoft has announced anti-exploit protection integrated with Windows Defender for Windows 10:




I'm thinking that HMP.A users do not need this and should keep it turned off. What do you think?

EDIT: Here's the link to the page in question: https://blogs.windows.com/windowsex...32-pc-build-15228-mobile/#fMH3bUDAb5HEstZ5.97

 

At least initially I plan to keep exploit protection Off in Windows Defender and continue using HMPA. After a while it will become clear what exploit protection in Windows Defender has to offer. Regardless I expect it will still be necessary to use only one solution to avoid conflicts.

 

HMP.A will still be relevant because that Windows Defender anti-exploit, I think, will only be included in the Enterprise (and others) version, not on the "home" versions.

 

Anyone know of a way to get release notifications?

 

I run HMP.A on a Vista system alongside Norton 360. Saturday nights I manually run a N360 full system scan.

Normally, the entire process takes about four hours. But in the last two weeks, it's taken about 10 hours -- the Norton scan is still not finished when I go back to the PC in the morning.

The most visible evidence of what's going on, comes up in the Norton history during the time that the program is "exonerating" suspicious files. Whereas before Norton would zip through these in a few minutes, now in the history I see delays of up to a half-hour before the next file is exonerated. Invariably, the delay occurs right after Norton flagged an attempted "unauthorized access" by HMP.A. (See screenshot for an example of this kind of "attack.")

Previously, N360 would flag the attacks but it didn't seem to slow things down much, if at all. N360 would just shrug it off and keep scanning the PC. Why would this additional delay have started happening in the last couple of weeks? But most importantly: Is there any way to get HMP.A and N360 to play nice with each other once again?

 

I have excluded HMP.A in Norton, mainly because every time Norton receives SONAR updates HMP.A starts using high CPU on my machines. Excluding HMP.A might also help with your issue.

Settings > Antivirus > Scans and Risks tab > scroll down to find Items to Exclude from Auto-protect, SONAR and Download Intelligence Detection > Configure > Add Files > navigate to hmp.alert.exe > click Apply.

 

I excluded the HMPA services from my Avira scanner, and it seemed to help calm things down a bit. HMPA seems to have gotten a bit more aggressive in recent months. And that ain't a bad thing!

 

Thanks @Krusty and @Tinstaafl. I've added hmpalert.exe to the exclusions list. I'll report back on what happens with the scan.

 

Following up: Ran a manual Norton full-system scan last night. This time it took just about 9 hours, instead of 10 -- still more than twice as long as it used to.