HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Mark,

    Are there any plans to allow white-listing programs for the ant-malware component when it is enabled?
    Right now I'm forced to disable the anti-malware feature to make HMPA usable. Forcing users to disable
    that protection as a work-around isn't really a solution is it?
     
  2. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Same as before :(

     
  3. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Yes, there are plans for this but I have no date for when it's available. What would you like to whitelist?
     
  4. ViVek

    ViVek Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    584
    Location:
    Moon
    @markloman , @RonnyT Build 771, I cannot watch Youtube becasue there is a problem with Exploit protection for Plugin Container for Firefox 52.9. When I disable Exploit protection for Plugin Container for Firefox 52.9 then I can watch videos.
     
  5. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    It's been off so long, I can't remember what pop-ups I kept getting.:D IIRC some Nirsoft tools such as NIRCMD. Other things triggered it too, but I'd have to enable the malware component for a while to get a list. I complained about this here a while back and I believe a few other people too. The Sophos Home Avir up to now doesn't even have a quarantine and ends up just deleting stuff See thread here .:eek:. Even HitmanPro allows an exclude list, but in HMPA, that's not possible for the malware component. I assume no whitelisting for that is a lame Sophos idea to lock everything down leaving the user without any options. It's like "if we block a program you like to use, use a different one which we don't block" :argh:
     
    Last edited: Dec 12, 2018
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    So far no problems (Window 7 x64).
     
  7. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64, automatic upgrade to build 771 RC went smooth, system now running without any problems!
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Upgraded to 771. Smooth here on Win 7 x64 Pro
     
  9. OB1W4N5

    OB1W4N5 Registered Member

    Joined:
    Jul 27, 2015
    Posts:
    29
    Still getting 1Password Alerts on build 771 now

    Mitigation CallerCheck

    Platform 10.0.17763/x64 v771 06_9e
    PID 8896
    Feature 00171E361FBF21A6
    Application C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe
    Description 1Password for Windows desktop 7.3

    Callee Type CreateProcess
    C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe

    0000000a:8699f5ae28fda38d91319c85b577967db5f294ab4c6ab8a4100874e600397276

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 03489D3E (anonymous; clr.dll)
    8b8ddcfeffff MOV ECX, [EBP-0x124]
    c6410801 MOV BYTE [ECX+0x8], 0x1
    833d4020227400 CMP DWORD [0x74222040], 0x0
    7407 JZ 0x3489d58
    50 PUSH EAX
    e8295c8470 CALL 0x73ccf980
    58 POP EAX
    c785c0feffff00000000 MOV DWORD [EBP-0x140], 0x0
    8985fcfeffff MOV [EBP-0x104], EAX
    e833f77270 CALL 0x73bb94a0
    90 NOP
    8b85fcfeffff MOV EAX, [EBP-0x104]
    89850cffffff MOV [EBP-0xf4], EAX

    2 03489840 (anonymous; clr.dll)
    3 03488F8B (anonymous; clr.dll)
    4 03488118 (anonymous; clr.dll)
    5 729A17E9 mscorlib.ni.dll
    6 729C2EA5 mscorlib.ni.dll
    7 729C2DB6 mscorlib.ni.dll
    8 729A174B mscorlib.ni.dll
    9 729A1ACB mscorlib.ni.dll
    10 7296CB72 mscorlib.ni.dll

    Loaded Modules
    -----------------------------------------------------------------------------
    00200000-0072A000 1Password.exe (AgileBits Inc.),
    version: 7.3.612
    77880000-77A1C000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    76B80000-76C60000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74470000-744C3000 MSCOREE.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76360000-76559000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    74DF0000-74ED3000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.9.771
    75A00000-75A7E000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    774A0000-77560000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    768E0000-76959000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75B20000-75BDF000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    74EF0000-74F10000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74EE0000-74EEA000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76700000-76762000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74370000-743ED000 mscoreei.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    769E0000-76B79000 USER32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    757A0000-757B7000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    777E0000-77803000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76580000-766E7000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    77420000-774A0000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74F10000-75033000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76320000-76345000 IMM32.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75BE0000-75C24000 SHLWAPI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76C60000-76ED8000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    766F0000-766FF000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74D30000-74D38000 VERSION.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73BA0000-7428F000 clr.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    73AA0000-73B95000 MSVCR120_CLR0400.dll (Microsoft Corporation),
    version: 12.00.52519.0 built by: VSWINSERVICING
    725D0000-73963000 mscorlib.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    75900000-759FC000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    74750000-747CB000 uxtheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77630000-77642000 CRYPTSP.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74D00000-74D2F000 rsaenh.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750E0000-750F9000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    72550000-725D0000 clrjit.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    75A80000-75B1B000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    5ACA0000-5B5F5000 1password.dll (),
    version:
    76980000-769DF000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75C30000-75DC9000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76350000-7635E000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75DD0000-7631D000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    773E0000-7741B000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77650000-776D9000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    751A0000-7579B000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    76960000-7697C000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    775D0000-77624000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    6DEC0000-6DECA000 Secur32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    64C10000-64CB9000 wer.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    74C40000-74CFD000 WINHTTP.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71B40000-72550000 System.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    711B0000-71990000 System.Core.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    651C0000-651D6000 wldp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77330000-77375000 WINTRUST.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    70D90000-70DD5000 System.Numerics.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    75040000-750C1000 clbcatq.dll (Microsoft Corporation),
    version: 2001.12.10941.16384 (WinBuild.160101.080
    74D40000-74D63000 USERENV.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe [8896]
    C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe C:\Users\User\AppData\Local\1password\app\7.3.612\FirefoxManifest.json onepassword4@agilebits.com
    2 C:\Program Files\Firefox Nightly\firefox.exe [16400]
    3 C:\Program Files\Firefox Nightly\firefox.exe [16808]
    4 C:\Windows\explorer.exe [5608]
    5 C:\Windows\System32\userinit.exe [5408]
    6 C:\Windows\System32\winlogon.exe [996]
    winlogon.exe
    7 C:\Windows\System32\smss.exe [880]
    \SystemRoot\System32\smss.exe 00000110 00000084

    Thumbprint
    27c03983bad810794f297bca04c7ce5709a6a8050800bd54b6ddbb61109ca92a
     
  10. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Manual update to HitmanPro.Alert 3.7.9 Build 771 Release Candidate. Have been running for a few days now, and no issues to speak of.
     
  11. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Had them as well with the newest 1Password beta earlier today, but does not reproduce anymore?
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    I supressed the detections from our backend :)
     
  13. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Thanks.

    Can you please work with them to get their Secure Desktop to work?

    (HPM.A is blocking it)
     
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    We are in contact with one of their dev's so work in progress...
     
  15. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Excellent.
     
  16. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    is there any chance of getting an exclusion list for the malware detection component of HMP.alert? The enhanced Kaspersky engine detection set includes stuff like IRC clients and blocks them. (not-a-virus detections)
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Not sure if post #1328 is relevant to your question?
     
  18. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Unfortunately I again get 1Password alerts with their newest beta (7.3.619).
     
  19. OB1W4N5

    OB1W4N5 Registered Member

    Joined:
    Jul 27, 2015
    Posts:
    29
    Yup, likewise.
     
  20. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    ha, thanks - i missed it (i've asked 2-3 times before and never got a response, lol)
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.9 Build 773 Release Candidate

    Changelog (compared to build 771):

    Changed
    • Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
    Improved
    • Heap Heap Protect
    Download
    http://test.hitmanpro.com/hmpalert3b773.exe

    This is a minor update with some small tweaks so if all runs fine we'll update all users to this version soon.
    Please let us know how this version runs on your endpoints! :thumb:
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    No problem with update, Win 10 Pro as per sig.
     
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading/updating build 773 RC.

    Win10 1809 build 17763.253 x64/Norton Security v22.16.3.21
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    No initial problems to report (Windows 7)

    EDIT: Still no problems to report.
     
    Last edited: Jan 11, 2019
  25. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Finally no error message when updating!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.