HitmanPro.Alert BETA

Installed stable 604 build, but sadly still had the dism issues! So I have reluctantly uninstalled HMPA, pending some new build from the Lomans. No dism issues with HMPA uninstalled.

May run with MB3 AE protection only, so long.

To me it points to a bad interaction (712 beta or stable 604) with Windows Creator's Update v1703. I wonder if anyone else running these two together has dism issues. I can't say with certainty it happens 100% of the time here either.

I think I tried unticking the DLL Hijacking process mitigation before, to no avail. But may reinstall and test that to make sure.

 

dism/restorehealth completes successfully every time for me using build 604 in Creators 15063.502. It fails using the 712 but no disabling of CredGuard was done. Did you try disabling CredGuard in 712 instead of the other one you mentioned? If dism still fails using 604, I don't know that it's strictly HMPA since dism completes in other scenarios. That's what I was trying to say the whole time. By the way, I had to repair-install Windows using the ISO because of some NVIDIA foo-foo. I just ran it straight from C:\ Downloads; no USB or DVD (lazy), and specified "keep everything " I had to undo some default settings afterward like Fast Startup and Intel Ethernet waking up the machine from sleep. but didn't have to reinstall or restore anything, including HMPA. Disk cleanup/maintenance took half hour for about 15gb of debris/Windows.old.

https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-12 post 280 @mood

https://www.microsoft.com/en-us/software-download/windows10

 

Note that HitmanPro and HitmanPro.Alert are different products and that you posted in the HitmanPro.Alert beta thread. Assuming you actually wanted the HitmanPro thread you can find it here:

https://www.wilderssecurity.com/threads/hitman-pro-support-and-discussion-thread.236732/page-314

 

Thanks @plat1098. Yes, with 712 Credential Theft Protection was disabled. Interesting that you do not have an issue with build 604 in Creators 15063.502 (my Windows build now also). The plot thickens. Could be that it's not strictly HMPA, but my issues seem to disappear with it uninstalled.

Edit: I had also previously tried a repair install before to troubleshoot my cumulative update issue: https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html but had a black screen on the last reboot / login. Though System>About did show latest build, there were other issues and it wanted to restore the previous version of Windows, so I decided to restore a prior image.

 

Also verified here. Works with HMPA uninstalled. Guess HMPA no longer likes this machine.

Will continue testing though in a couple of days.

 

Oh, OK, I see. Yes, the plot does thicken. And I do recall you had the issue in addition with the cumulative updates but didn't know you had tackled that already, sorry about that. I guess it's vacation time but hopefully new versions will come soon, maybe in conjunction with the fall Creators build.

 

Missing the Loman brothers,are they still on vacations?

 

Erik's last post here was July 9, nearly four weeks ago. I wonder how long a typical vacation is in Holland, five weeks?

 

Generally about 4 weeks, taken usually in July or across July & August. At work I have Dutch colleagues and July/early August is a no no time for involving them in anything or communicating wiuth them for this very reason.

 

Even developers need a "time-out"

 

Got a Version 3.7.0 build 712 BETA "LOCKED" how did that happen?!! All browsers running inside SBIE doesn't work but outside it does...

 

Maybe the service of HMP.A is not running
Try to start the service and "Locked" should disappear

 

I restarted my PC to be sure... it appear after a blocked from chrome/sbie and all browser running inside SBIE are affected, but running outside SBIE browser works fine.

 

My failed Windows updates were seen on Windows 10 x64 CU stable build, HMPA 712 beta with credentials protection disabled.
I don't know one way or another about DISM.

 

With HMPA uninstalled, no problem with Win 10 Cumulative Update KB4034674 (to update to Win v1703 15063.540), as with last few cumulative updates.

 

After a fresh install of HMP.A build 712beta i can see that the Media Player "MPC-BE" (MPC-BE 1.5.1) has been added to the list of protected applications by default
MPC-HC is known to cause problems, and this is also the case for MPC-BE.
I'm not sure whether it is a good idea if HMP.A is adding it automatically

 

It certainly doesn't seem a good idea to me.
Adding MPC-HC and MPC-BE as exclusions automatically, that would be a much better idea, I think.

 

Where can I download the latest beta build?

 

https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-15#post-2690821

 

Thank you. Apparently my beta license is expired? So not working for me.

 

Send Erik a PM

 

Done thanks! Though I think he is on vacation.

 

Yeah, I sent PM 10 days ago, but no response, and it is due to expire soon.

Not sure I want to go paid route, especially as HMPA (beta and stable) is preventing Cumulative Updates (also for @shmu26) and DISM for me, at the moment. Others haven't had issues, but what we have in common is Win 10 x64 and Creator's Update v1703, so possibly there is an issue there.

 

Besides vacations probably, do note that the SurfRight guys were busy adding all the goodness from HMP.A to the Sophos' enterprise products. (Like Erik mentioned here: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-544#post-2672332)

And I have to say that if you follow that progress it looks great.

The current version of their Intercept X product mostly consists of HMP/HMP.A features:
Anti-Exploit, CryptoGuard, Application Lockdown, Safe Browsing, Sophos Clean (which basically is HMP)
("Only" the Root Cause Analysis feature looks like it has Sophos origins.)

And they're not done - currently there is a Early Access Program (https://community.sophos.com/products/intercept/early-access-preview/) where they are adding the latest features from HMP.A:

• Credential Theft Protection
• Process Protections (Code Cave Utilization, Malicious Process Migration, Process Privilege Escalation, APC Protection)
• Registry Protections (Sticky Key Protection, Application Verifier Protection)

Basically all the features we got with the Community Technology Preview (CTP) in May:
https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-543#post-2672301
(They even mentioned that on this blogpost: https://community.sophos.com/produc...rty-comparison-on-credential-theft-protection)

For the interested folks I suggest you to watch and read the documents, presentations and videos on this page: https://community.sophos.com/products/intercept/early-access-preview/
Since most of this stuff is from HMP.A it's a good and much more detailed technical explanation of HMP.A's features.

 

Wonder how good (and extensive) would be the protection offered by Sophos+HMP.A, compared to Norton+HMP.A. Doesn't Norton typically score higher in the AV tests (the ones that they participate in, anyway) than Sophos does?