HitmanPro.Alert BETA

I believe so, but anyway it explains why my BadUSB was Enabled ... I reimported settings (doh).

For a clean install, advisable to export settings first.

 

The settings are stored in the registry and are deleted after HMP.A has been deinstalled.

 

Yes, the license info is preserved after uninstalling in my experience (including after using the removal tool).

 

I assume you did not "import" previous settings?

 

The license info is probably stored there and is not deleted after a deinstall:

Code:

c:\ProgramData\HitmanPro\HitmanPro.key
c:\ProgramData\HitmanPro\HitmanPro.lic

Edit:

 

Lately I have been noticing that when I have Hitmanpro.alert Beta OR released versions installed that my windows start menu icon does not work. Also, Notifications icon does not work.
Nothing pops up when I click these icons with my mouse. I have to ctl-alt-del to restart.
As soon as I uninstall hitmanpro.alert (beta or released) and reboot, the problem goes away.

any one else seeing this?

I am running win 10 pro fall creators update, Norton security, and VoodooShield beta 4.09b. on a 64 bit computer with lots of memory and plenty of disk space.

 

Logboeknaam: Application
Bron: HitmanPro.Alert
Datum: 7-11-2017 9:39:14
Gebeurtenis-id:911
Taakcategorie: Mitigation
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****
Beschrijving:
Mitigation PrivGuard

Platform 10.0.16299/x64 v721 06_17*
PID 4208
Application C:\Program Files\Mozilla Firefox\firefox.exe
Description Firefox 56.0.2

Sweep

Code Injection
00000241AF232000-00000241AF233000 4KB C:\Program Files\Mozilla Firefox\firefox.exe [964]
00007FFC14570000-00007FFC14571000 4KB
00007FFC14572000-00007FFC14573000 4KB
00007FFC1456F000-00007FFC14570000 4KB
00000000001C0000-00000000001C6000 24KB C:\Program Files\Sandboxie\SbieSvc.exe [3104]
00000000001D0000-00000000001D1000 4KB
00007FFC14549000-00007FFC1454A000 4KB
1 C:\Program Files\Mozilla Firefox\firefox.exe [964]
2 C:\Program Files\Sandboxie\Start.exe [7936]
"C:\Program Files\Sandboxie\Start.exe" /env:00000000_SBIE_CURRENT_DIRECTORY="C:\Program Files\Mozilla Firefox" /env:=Refresh "C:\Users\Public\Desktop\Firefox 56.0.2.lnk"
3 C:\Program Files\Sandboxie\SbieSvc.exe [3104]
4 C:\Windows\System32\services.exe [716]
5 C:\Windows\System32\wininit.exe [652]
wininit.exe
1 C:\Program Files\Sandboxie\SbieSvc.exe [3104]
2 C:\Windows\System32\services.exe [716]
3 C:\Windows\System32\wininit.exe [652]
wininit.exe

Process Trace
1 C:\Program Files\Mozilla Firefox\firefox.exe [4208]
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="964.20.2105533856\1757480329" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|92:2|93:1|107:5000|118:0|120
2 C:\Program Files\Mozilla Firefox\firefox.exe [964]
3 C:\Program Files\Sandboxie\Start.exe [7936]
"C:\Program Files\Sandboxie\Start.exe" /env:00000000_SBIE_CURRENT_DIRECTORY="C:\Program Files\Mozilla Firefox" /env:=Refresh "C:\Users\Public\Desktop\Firefox 56.0.2.lnk"
4 C:\Program Files\Sandboxie\SbieSvc.exe [3104]
5 C:\Windows\System32\services.exe [716]
6 C:\Windows\System32\wininit.exe [652]
wininit.exe

 

Yes, I did reimport previous settings, that is why BadUSB was enabled, #727.

I have also seen this, and there does seem to be some sort of interaction there, but I can't definitively ascribe HMP.A to being the the cause.

See this thread: https://www.wilderssecurity.com/thr...ng-to-windows-10-fall-creators-update.397421/ esp. posts #34, #36, #71, #91.

 

Does this still reproduce on build 721?

 

Yes, just tried again:

Spoiler: Visual Studio - CodeCave

Mitigation CodeCave

Platform 10.0.16299/x64 v721 8f_01
PID 256
Application C:\Users\sanya\source\repos\F1\Debug\F1.exe
Description F1.exe

Process Protection / Code Cave Mitigation: Active code cave detected!

Process Trace
1 C:\Users\sanya\source\repos\F1\Debug\F1.exe [256]
"C:\Users\sanya\source\repos\F1\Debug\F1.exe"
2 C:\Windows\SysWOW64\cmd.exe [4308]
"C:\WINDOWS\system32\cmd.exe" /c ""C:\Users\sanya\source\repos\F1\Debug\F1.exe" & pause"
3 C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe [1428]
4 C:\Windows\explorer.exe [6960]
5 C:\Windows\System32\userinit.exe [6792]
6 C:\Windows\System32\winlogon.exe [844]
winlogon.exe

Thumbprint
0b502d5ab29ad00192ea36dc8ccad10dbd388a717a75df1716b367b79822abad

I think it has to do with the project setting in the screenshot. When set to "Not set" it won't interfere, but when set to Console I get the CodeCave mitigation alert when trying to run it (CTRL + F5).

 

I've uninstalled HMP.A & HMP, deleted that folder, restarted the PC and after installing build 721 it was still licensed.
Guess it's stored somewhere else or just computated with a HWID.

 

Ah yes I forgot it has gotten a Import/Export feature, no problems then, I'll just export the settings.

 

Howdy all!

Erik, Mark & Ronnie, installed build 721 as instructed - removed previous v, deleted folder. All good, very light and smooth, you guys have been working very hard on another excellent release! I have not had the problems some had, but I also have minimal programs and few potentially conflicting security products.

Win 10/64 on an old HP Notebook:
Windows 10/64 Pro v. 1703, build 15063.674

Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz 2.13 GHz
4.00 GB (3.80 GB usable)

Many thanks, again, for a terrific security product. I've tried SO many others, HPA has been the lightest, most secure and innovative.

 

The RC version is running nicely over here, on Win 10 x64 fall creators, with Windows Defender, AppGuard and SpyShelter.

 

I tried out HMPA RC together with Comodo Firewall (a rather ambitious combination) and initially had some conflicts, but they were resolved by disabling shellcode injection protection in Comodo. I accomplished this by making a global exception rule: C:\*

 

Hi shmu26,

That sounds rather drastic, can you elaborate a bit more about "some conflicts" there are more setups running HMP.A in combination with CFW and it should not be necessary to make such a system wide exclusion.

 

Hi ohgood,

Thanks for your feedback always welcomed, I'll pass the message to the team!

 

1 Chrome started extremely slow
2 Windows start button did not respond

I personally don't consider it super drastic, because that particular protection of Comodo is probably superfluous when HMPA is running, and is also not really Comodo's main thing. It's just sort of an extra, a "it doesn't hurt" kind of thing. That's the way I look at it, anyway.

 

I think it is hard to tell whether or not HMPA RC and/or Comodo Firewall are factor in that issue.
See the thread Start Menu Broken Down After Upgrading to Windows 10 Fall Creators Update.
If I am not mistaken, also users that don't use HMPA and/or Comodo Firewall see that same issue.

 

True, but I did detect an apparent interaction there: https://www.wilderssecurity.com/thr...ll-creators-update.397421/page-2#post-2713647 ,
but it could be a coincidence.

It is an elusive problem, that one: https://www.wilderssecurity.com/thr...ll-creators-update.397421/page-6#post-2717947

 

These issues are sort of like "my head hurts". There could be a lot of reasons.
But if you bang your head on the wall, and a second later it hurts, then you know what caused it.
That's how it was with me: I installed HMPA on top of Comodo, and right away, my head hurt.

 

build 721 works perfectly for me. Great job.

 

Is it just me or HMP.A RC preventing windows update FCU?

 

Do you have removed the folder C:\ProgramData\HitmanPro.Alert before the installation of 721 RC?
This should fix the Windows Update issue.