HitmanPro.Alert BETA

Updated without issue x3 Win10 machines.

 

No problems here, running smooth. No crashes with Adobe Photoshop CC or alerts with Canon Digital Photo Professional software.

 

No issues on 3 machines.

 

No issue updating here, from 761 beta to 763 RC.

However, I have noticed, in addition to what I posted in #1231, some of these in Event Viewer (still from 761 beta), on my ThinkPad Yoga S1:

Code:

Mitigation   Shellcode

Platform     10.0.17134/x64 v761 06_45
PID          3608
Feature      00070230000001A6
Application  C:\Program Files\Tablet\ISD\WacomHost.exe
Description  Wacom Load Agent 1.0

Shellcode (HHA) (0x00004000 bytes)

71AF0054  ff55c4                   CALL         DWORD [EBP-0x3c]
71AF0057  8bd8                     MOV          EBX, EAX
71AF0059  85db                     TEST         EBX, EBX
71AF005B  751e                     JNZ          0x71af007b
71AF005D  ff55c8                   CALL         DWORD [EBP-0x38]
71AF0060  8945f8                   MOV          [EBP-0x8], EAX
71AF0063  eb16                     JMP          0x71af007b
71AF0065  8d8592fdffff             LEA          EAX, [EBP-0x26e]
71AF006B  50                       PUSH         EAX
71AF006C  ff55d0                   CALL         DWORD [EBP-0x30]
71AF006F  8bd8                     MOV          EBX, EAX
71AF0071  85db                     TEST         EBX, EBX
71AF0073  7506                     JNZ          0x71af007b
71AF0075  ff55c8                   CALL         DWORD [EBP-0x38]
71AF0078  8945f8                   MOV          [EBP-0x8], EAX
71AF007B  56                       PUSH         ESI

----- SNIP HERE -----
AAMJAQAAr3FUAK9xAACvcQAQAABVi+yBxID8CQL/U1ZXi1UIZIsFMAkDAIlF/DPAiUX4i/KNvYL8CQL/udwJAwDzpWalaACACQIAagBS/1W4aAOACQIA/1W8i/CAvYL8CQL/AHQYjYWS/QkC/1D/VcSL2IXbdR7/VciJRfjrFo2Fkv0JAv9Q/1XQi9iF23UG/1XIiUX4Vv9VvIXbD4R2AQkCAIC9gvwJAv8AdFCLRfwFoAkDAIswVv9V7ItF/IPADIsAg8AMixCF0nQoi8KLSBg7y3UZZotKOGaB+f8AcgZmiUg46w5mx0A4/wDrBosAO9B12lb/VfDpHQEJAgAzyWaBO01aD4WHCQMAjUM8iwADw4E4UEUJAgB1eGaBeBgLAnUIg8AYi0A46wOLQFCFwHZhSIPoGIPoCHJYQIlF9L4ICQMAjTwei8eBeAQdCQI6PnU7gQkCODQxFnUzi8eDwAiBeAQAOz06dSWBOBQgITp1HYvHg8AQgXgEJz4wJ3UPgTg6Phg0dQeD7wiLD+sGRv9N9HWxhcl0Bovxi8P/1otF/AWgCQMAizBW/1Xsi0X8g8AMiwCDwAyLEIXSdCiLwotIGDvLdRmAvYL8CQL/AHQIZsdAOP8A6w5mx0A4AQDrBosAO9B12lP/VeiFwHQcM/brAUZT/1XohcB0CIH+CQL/CQIAfO8zwIlF+OsG/1XIiUX4i0X8BaAJAwCLMFb/VfCLRfhfXluL5V3CBAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAkAAAn4AA==
----- END SNIP -----

Process Trace
1  C:\Program Files\Tablet\ISD\WacomHost.exe [3608]
"C:\Program Files\Tablet\ISD\WacomHost.exe" "C:\Program Files\Tablet\ISD\ISD_Tablet.exe" a
2  C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [4076]

Thumbprint

 

Smooth upgrade from 761 beta to 763 RC. No issues detected.

 

No problems here so far with 763 RC.

Win10 1809 build 17763.55 x64/Norton Security v22.16.0.247

 

Hello @RonnyT,

Per the email you sent me from support, the new version 3.7.9.763 does indeed fix the above issue.
Thanks to you and the team for the work put into both the ESET issue and the above issue !

 

HitmanPro.Alert 3.7.9 Build 765 Release Candidate 2

Changelog (compared to build 763)

Added

• OpenWith.exe to the Office Template to mitigate the CVE-2018-8495 attack

Fixed

• Dynamic Heap Spray compatibility issue's with .NET applications

Download
http://test.hitmanpro.com/hmpalert3b765.exe

We will also auto-update the current 763 beta users.
Please let us know how this version runs on your endpoints!

 

Tried to install RC1, but again got an error 0.

Do I have to uninstall again in order to “update”?

 

Which version where you running before?

 

Missed the bit about the auto-update from 763 beta - updated manually, no issues.

 

Smooth auto updated from 763 to 765.

No more logs in event viewer, about Veeam agent, since 763

 

The last final one. 759 I believe?

 

765 runs smooth

 

Not being offered Build 765 here.

 

Same here. Upgraded/updated manually to 765 RC2 (from 763).

Win10 1809 build 17763.55 x64/Norton Security v22.16.0.247

 

I got the "update at next reboot" flyout this morning.

 

Getting alerts today (build 765, Exploit Mitigation) for MS Office 2013. Scans with HMP, Emsisoft and ProcessExplorer (Virus Total) were negative. PM sent with log to RonnyT.

 

Automatically updated from 763 to 765 and from 761 to 765 on another machine, all is fine.

 

the auto-updater has a timed schedule, if you wish to force a check for update the reboot computer one is the most predictable action.
after the service starts it will check for update.

 

Smooth auto-update from 763. No issues to report

 

Received the notification to reboot and now upgraded from HitmanPro.Alert 3.7.9 Build 763 RC to 765 RC2. Have not experienced any issues.

 

Same problem with upgrading from 361 to 365 (RC2)...

 

manually updated on top of 763, no issues so far