Mark, Are there any plans to allow white-listing programs for the ant-malware component when it is enabled? Right now I'm forced to disable the anti-malware feature to make HMPA usable. Forcing users to disable that protection as a work-around isn't really a solution is it?
Yes, there are plans for this but I have no date for when it's available. What would you like to whitelist?
@markloman , @RonnyT Build 771, I cannot watch Youtube becasue there is a problem with Exploit protection for Plugin Container for Firefox 52.9. When I disable Exploit protection for Plugin Container for Firefox 52.9 then I can watch videos.
It's been off so long, I can't remember what pop-ups I kept getting. IIRC some Nirsoft tools such as NIRCMD. Other things triggered it too, but I'd have to enable the malware component for a while to get a list. I complained about this here a while back and I believe a few other people too. The Sophos Home Avir up to now doesn't even have a quarantine and ends up just deleting stuff See thread here .. Even HitmanPro allows an exclude list, but in HMPA, that's not possible for the malware component. I assume no whitelisting for that is a lame Sophos idea to lock everything down leaving the user without any options. It's like "if we block a program you like to use, use a different one which we don't block"
Still getting 1Password Alerts on build 771 now Spoiler: Callercheck 1Password Mitigation CallerCheck Platform 10.0.17763/x64 v771 06_9e PID 8896 Feature 00171E361FBF21A6 Application C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe Description 1Password for Windows desktop 7.3 Callee Type CreateProcess C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe 0000000a:8699f5ae28fda38d91319c85b577967db5f294ab4c6ab8a4100874e600397276 Stack Trace # Address Module Location -- -------- ------------------------ ---------------------------------------- 1 03489D3E (anonymous; clr.dll) 8b8ddcfeffff MOV ECX, [EBP-0x124] c6410801 MOV BYTE [ECX+0x8], 0x1 833d4020227400 CMP DWORD [0x74222040], 0x0 7407 JZ 0x3489d58 50 PUSH EAX e8295c8470 CALL 0x73ccf980 58 POP EAX c785c0feffff00000000 MOV DWORD [EBP-0x140], 0x0 8985fcfeffff MOV [EBP-0x104], EAX e833f77270 CALL 0x73bb94a0 90 NOP 8b85fcfeffff MOV EAX, [EBP-0x104] 89850cffffff MOV [EBP-0xf4], EAX 2 03489840 (anonymous; clr.dll) 3 03488F8B (anonymous; clr.dll) 4 03488118 (anonymous; clr.dll) 5 729A17E9 mscorlib.ni.dll 6 729C2EA5 mscorlib.ni.dll 7 729C2DB6 mscorlib.ni.dll 8 729A174B mscorlib.ni.dll 9 729A1ACB mscorlib.ni.dll 10 7296CB72 mscorlib.ni.dll Loaded Modules ----------------------------------------------------------------------------- 00200000-0072A000 1Password.exe (AgileBits Inc.), version: 7.3.612 77880000-77A1C000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 76B80000-76C60000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74470000-744C3000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76360000-76559000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 74DF0000-74ED3000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.771 75A00000-75A7E000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 774A0000-77560000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 768E0000-76959000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75B20000-75BDF000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 74EF0000-74F10000 SspiCli.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74EE0000-74EEA000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76700000-76762000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74370000-743ED000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 769E0000-76B79000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 757A0000-757B7000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 777E0000-77803000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76580000-766E7000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 77420000-774A0000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74F10000-75033000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76320000-76345000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75BE0000-75C24000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76C60000-76ED8000 combase.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 766F0000-766FF000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74D30000-74D38000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73BA0000-7428F000 clr.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 73AA0000-73B95000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 725D0000-73963000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 75900000-759FC000 ole32.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 74750000-747CB000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77630000-77642000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74D00000-74D2F000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750E0000-750F9000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 72550000-725D0000 clrjit.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 75A80000-75B1B000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 5ACA0000-5B5F5000 1password.dll (), version: 76980000-769DF000 WS2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75C30000-75DC9000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76350000-7635E000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75DD0000-7631D000 SHELL32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 773E0000-7741B000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77650000-776D9000 shcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 751A0000-7579B000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 76960000-7697C000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 775D0000-77624000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 6DEC0000-6DECA000 Secur32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 64C10000-64CB9000 wer.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 74C40000-74CFD000 WINHTTP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71B40000-72550000 System.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 711B0000-71990000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 651C0000-651D6000 wldp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77330000-77375000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 70D90000-70DD5000 System.Numerics.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 75040000-750C1000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 74D40000-74D63000 USERENV.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe [8896] C:\Users\User\AppData\Local\1password\app\7.3.612\1Password.exe C:\Users\User\AppData\Local\1password\app\7.3.612\FirefoxManifest.json onepassword4@agilebits.com 2 C:\Program Files\Firefox Nightly\firefox.exe [16400] 3 C:\Program Files\Firefox Nightly\firefox.exe [16808] 4 C:\Windows\explorer.exe [5608] 5 C:\Windows\System32\userinit.exe [5408] 6 C:\Windows\System32\winlogon.exe [996] winlogon.exe 7 C:\Windows\System32\smss.exe [880] \SystemRoot\System32\smss.exe 00000110 00000084 Thumbprint 27c03983bad810794f297bca04c7ce5709a6a8050800bd54b6ddbb61109ca92a
Manual update to HitmanPro.Alert 3.7.9 Build 771 Release Candidate. Have been running for a few days now, and no issues to speak of.
is there any chance of getting an exclusion list for the malware detection component of HMP.alert? The enhanced Kaspersky engine detection set includes stuff like IRC clients and blocks them. (not-a-virus detections)
HitmanPro.Alert 3.7.9 Build 773 Release Candidate Changelog (compared to build 771): Changed Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect" Improved Heap Heap Protect Download http://test.hitmanpro.com/hmpalert3b773.exe This is a minor update with some small tweaks so if all runs fine we'll update all users to this version soon. Please let us know how this version runs on your endpoints!
No problems upgrading/updating build 773 RC. Win10 1809 build 17763.253 x64/Norton Security v22.16.3.21