Yes, I definitely have seen Windows update issues, both with this HMPA beta and with HMPA stable. But I didn't have HMPA on my system during the recent set of updates.
I have a Vista Business x86 system. I downloaded HMP.A to see if I could replicate your problem. I was able to download HMP.A and install it, but entering my email address to request a trial key doesn't work -- the address I entered disappears from the form when I click on the button, there is no onscreen acknowledgment that I did anything, and no email has arrived from Sophos/Surfright providing a trial license. So at this point I can't contribute to investigating your issue... unless the inability to register a trial key is another sign that HMP.A simply no longer works fully in Vista x86. The HMP.A UI does indicate that it's protecting the browsers (under the "Safe browsing" box) and that 3.5 out of 7 "risk reductions" are enabled the; rest require a valid license. (I say "3.5 out of 7" are working because Passive vaccination is enabled but Active vaccination requires the license.)
Thanks for your efforts. I just installed HMP.A in my VM and it immediately had a trial license for 31 days, without entering my e-mail address. What did I do differently? Did you already have HMP.A installed on your system before? Yes, that is another strange thing: under browsers it mentions Firefox and IE are protected, but under Exploit protection all running programs are categorized as unprotected programs. Also, the colored window does not appear when I click the title bar of any window. These are all indicators that something is not working right.
No, that computer had never had HMP or HMP.A on it before. Just in case it worked, I decided to reboot the machine -- and it worked! The trial key came through, all the Risk reductions are fully enabled now, and applications are getting added to the Exploit mitigations. However, the "you're protected" flyout isn't displaying when I open an application, nor is there a notice that the text that I type into the browser is being encrypted. And like you, I'm not seeing that colored window, while selecting the listed applications under Exploit mitigation tells me they're not protected and that I need to restart them in order to apply the mitigation settings. But restarting them doesn't get rid of the notice saying that I need to restart them. So it sounds like we're having similar experiences now with Vista x86. Erik/Mark -- any ideas?
Click on Safety Notifications > change it to At Application Start, now click on Colored Window Border and enable that. Do you get the fly-outs now?
Sadly, they were both already set the way you describe, and yet with the unwanted results. As @pimjoosten reports, everything does work fine on Vista x64.
In my case it was set at "Once per logon session" (cannot remember having done that), but after changing it to "At application start" and with Colored Border Window enabled the results are the same
It seems that support for Windows x86 is declining rapidly these days, as developers continue to drop support on new versions of applications. I got weary of hearing that 64-bit only products were becoming available in the latest updates. This seems to be the mainstream trend now. I held out on a Windows 7 32-bit system until last year, but finally did a clean install for the switch to 64-bit. I still keep a Win XP x86 VM around to run old software, but the security software choices are limited, as well as browser choices. So I try to keep it off the web as much as possible, except for any required software downloads from trusted vendors. Avast and Malwarebytes are the best protection I have found for this one.
Your analysis makes sense to me. Hopefully Erik/Mark/RonnyT will confirm whether they're phasing out 32-bit support for HMP.A.
Hi JEAM, Can you try to register using HitmanPro, if that works Alert will also be registered after that (needs reboot). As we still support all the way back to XP I don't think we're going to move away from x86 soon.
Hi RonnyT, thanks for joining the conversation! And I'm glad to hear that you intend to keep supporting XP and other x86 systems. I eventually did manage to get HMP.A registered on that Vista Business x86 machine. But there are no safety notifications, colored window borders, or flyouts indicating encrypted typing; see here. (To reiterate, all of this is working fine on my Vista HP x64 PC.)
And yet Windows 10 on ARM, which will be released with the Creators Fall Update very soon, only supports x86 and not x64. Do not count x86 out yet!
HitmanPro.Alert 3.7.0 Build 717 BETA Finally a big update to the last beta. It contains many improvements and fixes. Here is the changelog. Changelog Improved Redstone 3 compatibility Improved Anti-Malware cloud lookup Improved CodeCave mitigation Improved Credential Theft Protection Improved CryptoGuard Anti-Ransomware Improved Lockdown mitigation Improved ROP mitigation Improved DEP mitigation Improved LoadLib mitigation Improved Authenticode catalog signing handling Improved memory usage (lowered) Improved compatibility with Forcepoint Improved compatibility with QQ Messenger Fixed CodeCave detection in executables when McAfee is installed Fixed CodeCave detection in Visual Studio 2017 15.3 Fixed LoadLib detection in Firefox 55.0.3 Fixed NonPaged memory leak in driver Fixed BSOD when minifilter failed to initialize Fixed potential BSOD when trying to hash an executable located on the network Fixed DLL hijacking vulnerability on Windows 7 machines without KB2533623 Fixed DEP mitigation triggered in some Microsoft Excel macro's Various other minor fixes Notes This version has Microsoft co-signed drivers. Download http://test.hitmanpro.com/hmpalert3b717.exe Please let us know how this version runs on your computer
Depends on how the attack is performed as there are many stages in an attack. I mean, Bashware doesn't magically appear on the computer. But, the article does hold merit in that most (if not all) security solutions are not yet fully handling the WSL environment in a proper fashion. Alert included.
Had to add Alert 717 to EAM beta's exclusions, otherwise delays in startup/restart/app launch. When that was done, everything seemed normal so far. I'll keep trying it out. Hello @RonnyT . Pleased to meet you.
Hi Erik I still have to turn off the credential protection as it breaks imageing. I suspect it's blocking the SAM file. Normally I'd just turn it off, but I have an automatic hourly imaging job, so that wouldn't work.
Didn't test all but probablly so. Problem is the SAM file is locked and the imaging programs can't read it.
What I meant, your report "I still have to turn off the credential protection as it breaks imaging", was that regarding Macrium Reflect, or another imaging software? Just to get clarity about which imaging software is affected by this issue. I was only asking about the imaging software you use, or tested. I think we can't say anything for sure about imaging software that was not tested. If I'm not mistaken, the issue was reported with Macrium Reflect only, earlier.
Did some more testing. I tested Macrium, IFW, and Veeam. Initially Macrium and IFW failed and Veeam passed. Then I got to thinking they were all incremental jobs and may be that affected Veeam. So I ran a full backup on Veeam and then it also failed. I suspected any image taken in windows will fail
Sounds to me like Erik, or Mark needs to install Macrium, and do some testing for themselves. It should be fairly easy to locate the problem.
I suspect it won't be that hard. The file SAM contains the credentials, and they have blocked access to it. The trick will be to somehow protecting it without blocking access by imaging software.
I agree, and man this issue has been around for quite some time. I am not complaining though as different issues have different priorities, but the Imaging issue has been a thorn for a long time. I use Macrium but I clone, I can confirm I can't Image with HMPA running, oddly it does not effect cloning (at least for me) but no imaging. I use Macrium frequently enough that I cant have HMPA (Beta) installed till the issue is addressed. The issue for me is not present in HMPA 3.6.7 604. I keep watching for it to be resolved, once it is I will jump back in with both feet