No. Even the dev's have suggested disabling this feature unless you specifically need to use it. https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-47#post-2767214 https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-44#post-2760077 https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-599#post-2769734 Etc.
Please disable the SAM protection under the orange feature "Credential Theft Protection". It was shipped off by default and causes these kinds of alert as it does a little to good a job.
Thanks. I have turned this off....for now until these issues are fixed. PS: Why has there been no activity here for so long? I've been awaiting for my bug fixes to be made for so long since I posted them here. I thought the fixes would be made much quicker.
You can learn more about SAM and credential theft protection in this thread: https://www.wilderssecurity.com/search/4941298/?q=SAM credential theft protection&o=relevance Personally I have Credential Theft Protection enabled with SAM unchecked.
I just got the following error while trying to run Foxtel in Chrome Browser... Code: Mitigation ROP Platform 6.3.9600/x86 v751 06_2a PID 5608 Application C:\GoogleChromePortable\App\Chrome-bin\chrome.exe Description Google Chrome 69 Callee Type LoadLibrary ntdll.dll Stack Trace # Address Module Location -- -------- ------------------------ ---------------------------------------- 1 74C36906 KernelBase.dll LoadLibraryExW +0xc6 2 74C37565 KernelBase.dll LoadLibraryExA +0x25 3 753D8972 kernel32.dll LoadLibraryA +0x32 4 0659491B widevinecdm.dll 8945e8 MOV [EBP-0x18], EAX 837de800 CMP DWORD [EBP-0x18], 0x0 6833d11106 PUSH DWORD 0x611d133 895424fc MOV [ESP-0x4], EDX 8d6424fc LEA ESP, [ESP-0x4] 895c24fc MOV [ESP-0x4], EBX 8d6424fc LEA ESP, [ESP-0x4] 8b542408 MOV EDX, [ESP+0x8] bb83025506 MOV EBX, 0x6550283 0f45d3 CMOVNZ EDX, EBX 89542408 MOV [ESP+0x8], EDX 8d642404 LEA ESP, [ESP+0x4] 8b5c24fc MOV EBX, [ESP-0x4] 8d642404 LEA ESP, [ESP+0x4] 8b5424fc MOV EDX, [ESP-0x4] 8d642404 LEA ESP, [ESP+0x4] 5 0659D1AE widevinecdm.dll 6 06179B37 widevinecdm.dll 7 0617851E widevinecdm.dll 8 0617992D widevinecdm.dll 9 10734A3B chrome_child.dll 10 11D54A70 chrome_child.dll Loaded Modules ----------------------------------------------------------------------------- 011B0000-01309000 chrome.exe (Google Inc.), version: 69.0.3497.81 771E0000-7734A000 ntdll.dll (Microsoft Corporation), version: 6.3.9600.18895 (winblue_ltsb.180101-1800 753D0000-754D0000 KERNEL32.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74900000-749E0000 hmpalert.dll (SurfRight B.V.), version: 3.7.8.751 74C20000-74CF9000 KERNELBASE.dll (Microsoft Corporation), version: 6.3.9600.18938 (winblue_ltsb.180209-0600 76A30000-76AAC000 ADVAPI32.dll (Microsoft Corporation), version: 6.3.9600.18895 (winblue_ltsb.180101-1800 76EE0000-76FA3000 msvcrt.dll (Microsoft Corporation), version: 7.0.9600.17415 (winblue_r4.141028-1500) 77050000-77091000 sechost.dll (Microsoft Corporation), version: 6.3.9600.17734 (winblue_r9.150319-1700) 75160000-75230000 RPCRT4.dll (Microsoft Corporation), version: 6.3.9600.18941 (winblue_ltsb.180214-0600 74DD0000-74DF3000 SspiCli.dll (Microsoft Corporation), version: 6.3.9600.18454 (winblue_ltsb.160820-0600 722C0000-722C8000 VERSION.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 5E690000-5E70F000 chrome_elf.dll (Google Inc.), version: 69.0.3497.81 75770000-76A2B000 SHELL32.dll (Microsoft Corporation), version: 6.3.9600.19061 (winblue_ltsb.180609-0600 76AB0000-76C05000 USER32.dll (Microsoft Corporation), version: 6.3.9600.18535 (winblue_ltsb.161109-0600 6E450000-6E473000 WINMM.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74120000-7413B000 USERENV.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 76C10000-76C16000 PSAPI.DLL (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 75560000-755A5000 SHLWAPI.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 72220000-722BE000 WINHTTP.dll (Microsoft Corporation), version: 6.3.9600.18895 (winblue_ltsb.180101-1800 74FD0000-7514D000 combase.dll (Microsoft Corporation), version: 6.3.9600.19038 (winblue_ltsb_escrow.1806 770D0000-771E0000 GDI32.dll (Microsoft Corporation), version: 6.3.9600.18818 (winblue_ltsb.170908-0600 6E420000-6E443000 WINMMBASE.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 748F0000-748FF000 profapi.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74A50000-74A8C000 cfgmgr32.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 73A90000-73AB1000 DEVOBJ.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74800000-7480A000 CRYPTBASE.DLL (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 747A0000-747F4000 bcryptPrimitives.dll (Microsoft Corporation), version: 6.3.9600.18895 (winblue_ltsb.180101-1800 770A0000-770C6000 IMM32.DLL (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74EB0000-74FC2000 MSCTF.dll (Microsoft Corporation), version: 6.3.9600.18819 (winblue_ltsb.170909-0600 754D0000-7555B000 shcore.dll (Microsoft Corporation), version: 6.3.9600.17666 (winblue_r8.150122-1500) 0FC90000-13D8B000 chrome_child.dll (Google Inc.), version: 69.0.3497.81 74E00000-74E4F000 WS2_32.dll (Microsoft Corporation), version: 6.3.9600.18340 (winblue_ltsb.160513-1153 72200000-72220000 IPHLPAPI.DLL (Microsoft Corporation), version: 6.3.9600.18264 (winblue_ltsb.160310-0600 76C20000-76D49000 ole32.dll (Microsoft Corporation), version: 6.3.9600.18895 (winblue_ltsb.180101-1800 59550000-5955B000 msdmo.dll (Microsoft Corporation), version: 6.6.9600.17415 (winblue_r4.141028-1500) 75230000-752C7000 OLEAUT32.dll (Microsoft Corporation), version: 6.3.9600.19003 74D00000-74D3D000 WINTRUST.dll (Microsoft Corporation), version: 6.3.9600.18508 (winblue_ltsb.161004-0600 752D0000-7536B000 COMDLG32.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 72840000-729C1000 DWrite.dll (Microsoft Corporation), version: 6.3.9600.18696 (winblue_ltsb.170511-1554 6C660000-6C6C5000 WINSPOOL.DRV (Microsoft Corporation), version: 6.3.9600.19064 (winblue_ltsb_escrow.1806 58770000-588B1000 dbghelp.dll (Microsoft Corporation), version: 6.3.9600.17787 (winblue_r10.150331-1500) 59530000-59546000 USP10.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 72C40000-72CA9000 dxgi.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74A90000-74C18000 CRYPT32.dll (Microsoft Corporation), version: 6.3.9600.18653 (winblue_ltsb.170331-0600 6E2D0000-6E41F000 urlmon.dll (Microsoft Corporation), version: 11.00.9600.19101 (winblue_ltsb_escrow.18 6CC20000-6CC2A000 Secur32.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 721B0000-721C4000 dhcpcsvc.DLL (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 77040000-77047000 NSI.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 721F0000-721F8000 WINNSI.DLL (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 74A40000-74A4E000 MSASN1.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) 72E90000-73096000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (winblue_ltsb.150806-0600) 6ECC0000-6EEF6000 iertutil.dll (Microsoft Corporation), version: 11.00.9600.19101 (winblue_ltsb_escrow.18 6EF00000-6F2E1000 WININET.dll (Microsoft Corporation), version: 11.00.9600.19101 (winblue_ltsb_escrow.18 06070000-0673E000 widevinecdm.dll (Google Inc.), version: 4.10.1192.0 58D80000-58D9E000 dxva2.dll (Microsoft Corporation), version: 6.3.9600.17415 (winblue_r4.141028-1500) Code Injection 00730000-00731000 4KB C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052] 00743000-00744000 4KB 7724B000-7724C000 4KB 7724A000-7724B000 4KB 77249000-7724A000 4KB 012BA000-012BC000 8KB 012BB000-012BC000 4KB 012B9000-012BA000 4KB 00750000-00751000 4KB 012B6000-012B7000 4KB 1 C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052] C:\GoogleChromePortable\App\Chrome-bin\chrome.exe --disable-logging --disable-metrics --disable-metrics-reporting --disable-dev-tools --user-data-dir=C:\GoogleChromePortable\Data\profile --disk-cache-dir=C:\GoogleChromePortable\Cache --disk-cache-size=314 2 C:\Windows\System32\cmd.exe [5912] C:\Windows\system32\cmd.exe /c ""C:\GoogleChromePortable\Start_Chrome.bat" " 3 C:\Windows\explorer.exe [1920] 4 C:\Windows\System32\userinit.exe [1780] Process Trace 1 C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [5608] "C:\GoogleChromePortable\App\Chrome-bin\chrome.exe" --type=utility --field-trial-handle=1440,617947502705057132,7596052883681372419,131072 --enable-features=FontCacheScaling,ParallelDownloading,WebRTC-H264WithOpenH264FFmpeg --disable-features=AutomaticTabD 2 C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052] C:\GoogleChromePortable\App\Chrome-bin\chrome.exe --disable-logging --disable-metrics --disable-metrics-reporting --disable-dev-tools --user-data-dir=C:\GoogleChromePortable\Data\profile --disk-cache-dir=C:\GoogleChromePortable\Cache --disk-cache-size=314 3 C:\Windows\System32\cmd.exe [5912] C:\Windows\system32\cmd.exe /c ""C:\GoogleChromePortable\Start_Chrome.bat" " 4 C:\Windows\explorer.exe [1920] 5 C:\Windows\System32\userinit.exe [1780] Thumbprint 651977ad8b94505e0f411c52f3ef26d7aba9361cbe3b146924631209420ffec3
I would be real excited about this, except for two things. 1). When I bought it in June 2018, it slowed my PC down. 2). I think it was CS who tested this software (did a video) or maybe just Hitman (not pro) and it failed. *Aside from the above...This is not a stand alone software, as in a replacement for AV right.
There are two different products: HitmanPro.Alert is a comprehensive anti-exploit software, and HitmanPro, is a second opinion AV scanner (so indeed, not a real-time AV replacement). The latter is invoked by HMP.A, but can also be installed standalone.
No, but it would be nice to have a Beta, that works with the latest Windows 10 Insider builds. That's all.
HitmanPro.Alert 3.7.9 Build 759 Release Candidate Changelog (compared to build 751) Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper) Added Compatibility with Windows 10 Redstone 5 Improved WipeGuard mitigation handling VBR sectors Improved Asynchronous Procedure Call (APC) Mitigation Improved SEHOP mitigation performance improvement Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks Improved Windows Vista code injection Fixed Compatibility with Windows XP Embedded POSReady 2009 Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start Fixed Compatibility with Microsoft Hyper-V failed to start Fixed Compatibility with F-Secure DeepGuard Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll Fixed Security issue (CVE assigned) Updated Botan 2.7.0 Updated Sqlite 3.24.0 Updated All code compiled with Visual Studio C++ 15.8.4 Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline Removed Network Lockdown mitigation (deprecated) / hmpnet.sys Download (with drivers co-signed by Microsoft) http://test.hitmanpro.com/hmpalert3b759.exe Let us know how this version runs on your machine.
Hi HansF, Please give this version a spin and let us know how it runs on your Insider build. Keep in mind that Microsoft experiments all over the scale on insider builds so bugs can change
So far, so good on Win 10 1803. There is a little, old issue with the media player MPC-BE. It doesn't like HMPA very much. When I hit the play button, it crashes, unless I add MPC-BE to exclusions. I would kinda like to do the opposite, I mean, to add it to Media exploit mitigations.
June 4, 2017, Erik wrote: The same applies to MPC-BE, it cannot be supported with HMPA. I think what Erik said last year does still apply.
Thanks. I figured you guys must have reported this already. The funny thing is that now, MPC-HC does not conflict, while MPC-BE does. But the answer is probably the same as before.
Thanks very much, shmu26, that is interesting, I wasn't aware of that. Is MPC-HC automatically included in the exclusion list, like XhenEd suggested, June 4, 2017? If this is not the case, then something else may have changed in MPC-HC or in HMPA. @erikloman, If MPC-HC is automatically included in the exclusion list, it would probably be a good idea to add the same detection and exclusion mechanism for MPC-BE.
Got a BSOD on pressing OK to reboot, after update. Code: On Thu 2018/09/13 11:14:02 AM GMT your computer crashed or a problem was reported crash dump file: C:\WINDOWS\Minidump\091318-6515-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x1A9380) Bugcheck code: 0x133 (0x0, 0x501, 0x500, 0xFFFFF80384A57378) Error: DPC_WATCHDOG_VIOLATION file path: C:\WINDOWS\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. This could be caused by either a non-responding driver or non-responding hardware. This bug check can also occur because of overheated CPUs (thermal issue). The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. Probably not an issue as I had also updated Sandboxie to 5.27.1 beta in the same session, so may be related. After reboot, all seems OK.
Hi RonnyT, this version is running well so far on Windows 10 1809 Build 17754.1 and 1903 Build 18234...and i know about Microsoft's experiments . I think, that they won't make big ones in the 1809 builds anymore, but they'll surely do in the 19H1 builds.