HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. P_TT

    P_TT Registered Member

    Joined:
    May 9, 2017
    Posts:
    4
    Location:
    Italy
    I see but an user reported it had extended his existing subscription. Also, in the email received after the purchase it says "Activate or Extend a License".... that's why i entered the new key without hesitation .
     
  2. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
    Windows 7 Ultimate SP1
    HitmanPro.Alert 3.7.1 build 723 RC

    Mitigation CredGuard

    Platform 6.1.7601/x64 v723 06_2a
    PID 4900
    Application C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
    Description Kaspersky Anti-Virus 18

    SAM access denied.

    Range = LBA 585016 :512
    Read = LBA 585272 :128

    Code Injection
    02661000-02662000 4KB C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [2288]

    Process Trace
    1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe [4900]
    "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe" -hidden
    2 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [2288]
    "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe" -r

    Thumbprint
    571f999b28e1b80d8596f1244d3da8b237d073622920088ca4500bba6937b1dd
     
  3. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Please post production version related queries in the production board. For the moment there is no BETA version.
    Thanks.

    And for posting full alerts please use the 'Spoiler' function on the + button makes way cleaner reading of forum posts.

    For the coders
    [SPOILER="

    Technical details of Alert here...

    "][/SPOILER]
     
  4. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi Valdez,
    Build 723 is our current stable so it's left RC status.
    We ship the stable release with the SAM protection disabled. Unless you are under the assumption that you are under attack and someone is stealing your credentials please disable this option.
    On the Credential Theft Protection there is a tickbox for that.
     
  5. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
    Hi RonnyT,
    Thank you, I understand. Sorry for the mistake. :)
     
  6. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.3 build 728 BETA

    Changelog (compared to build 723)
    • Added
      • PrivGuard: mitigate MS16-032 (CVE-2016-0099)
      • Application lockdown for Microsoft office Equation Editor (CVE-2017-11882)
    • Improved
      • CodeCave, HeapSpray, CryptoGuard, HollowProcess Mitigations
    • Fixed
      • BadUSB Alert during boot while BadUSB was disabled
      • IAF FP in Nero Media player
      • Windows System Image Backup failing with locked EFI/ESP
      • Antimalware won't (stay) enable(d)
    • Download
    This build includes Microsoft co-signed drivers and runs on Secure Boot as well.

    Please let us know how this build runs on your machine. Thanks :thumb:
     
    Last edited: Dec 22, 2017
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    No problems with install. Win 10 Pro x64 v1709 16299.125.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Looks good here also. Win 7x64
     
  9. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Just installed it and had a seamless reboot. One possibly unusual finding was that Network Lockdown was disabled. I keep everything in HMP.A enabled, so I thought I would mention it.
     
  10. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    No problems so far Windows 7 Pro SP1 x64.
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Network Lockdown was still enabled after a restart here but Vaccination had reset to Passive.
     
  12. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    guys any suggestions for most stable "new" settings in risk reduction?

    I have heard of SAM mentioned to been disabled but I have "no" such option.

    Here is what I have set.

    Credential Theft Protection - disabed
    Process Protection All enabled except APC

    I m still on build 717 I know not the latest, but for long time and no noticeable instability :)
     
    Last edited: Dec 24, 2017
  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Build 723 is latest public release. Because I have EAM and AG, I have HMPA anti-malware module disabled. I have Safe Browsing and Exploit Mitigation enabled. In Risk Reduction I only have Cryptoguard, Process Protection and Network Lockdown enabled. All others are disabled.
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Network Lockdown still enabled and Vaccination still Active here.
    I am using beta 728, but I encourage you to update to at least stable 723 which has been great.

    Default is CTP enabled but SAM disabled (SAM enabled can interfere with imaging, and other, programs).

    All Process Protection enabled here except LPM, because it has caused issues with Sandboxie. APC is enabled here, and causes no issues on my system.
     
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 728 beta.
     
  16. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Upgraded from 723 to 728 Beta ten minutes ago. Everything OK. Same protections enabled as 723 automatically.
     
  17. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Disk cloning is super slow since installing this beta.

    Might be coincidence (and probably is), but HMP.A is the only change to my system since the speed was still OK.
     
  18. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Please update at least to 723 as a lot of stuff has been fixed in between.
    Credential Theft Protection I would set to enabled just leave SAM protection off.
    ACP I'd also switch back on if in 723 or higher.
     
  19. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Can you please revert to 723 and see if it reproduces? and if so can you please post your the details on you disk cloning process, eg. software used, usb disk/networkshare etc.
     
  20. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Upgraded to 3.7.3 728 beta from 3.7.1 723.

    Vaccination protection is set to "passive" while it was "active" before. Everything else seems fine.
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    For the one's running in to 'reset setting' on vaccination can you please check the Windows eventlog, Application for HitmanPro.Alert entries EventID 112 and see if it recorded the settings switch from active -> passive -> active?

    For network lockdown this won't sow as it does not log to eventlog which is still on our fix list.
     
  22. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    It took several hours (instead of less than 1 hour); I don’t have time to do that again now, but will check what happens next time (in 1 or 2 weeks).

    I was doing an Intelligent Sector Copy with Macrium Reflect 6 over eSATA.
     
  23. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    No mention in my event log. Only what is logged is when I changed it today to active again.
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Ronny,

    The only entry I could find is this one showing where I changed it back to Active.
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          23/12/2017 10:47:06 AM
    Event ID:      112
    Task Category: Broker
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      Dave-PC
    Description:
    Setting 'Vaccination' changed to 'Active'.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">112</EventID>
        <Level>4</Level>
        <Task>2</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2017-12-22T23:47:06.985983700Z" />
        <EventRecordID>16963</EventRecordID>
        <Channel>Application</Channel>
        <Computer>Dave-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Vaccination</Data>
        <Data>Active</Data>
      </EventData>
    </Event>
     
  25. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    I have no SAM setting just CTP, is this introduced in the newer build? and yes I will be updating very soon before my next reboot. Thanks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.