HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    I need to report a probable issue with Microsoft Edge Chromium and Keystroke Encryption...
    First I would like to mention that I have never had an issue with Keystroke Encryption since it was introduced into HMP.A.
    I am using Edge Chromium at this moment and have to turn off the Keystroke Encryption in order to make this post as HMP.A makes gibberish of my keystrokes.
    Also note that I am not having any issue with any other browser or program that utilizes Keystroke Encryption except for Edge Chromium.

    I am using currently Microsoft Edge Chromium Dev 80.0.361.9 (since December 20th). All previous versions of HMP.A (including 3.8.0.857) have worked without any issues. The issue of Keystroke Encryption scrambling typing in Edge Chromium has only begun with HMP.A 3.8.0.859. Note that Edge Chromium 80.0.361.9 worked fine with HMP.A 3.8.0.857 (issue first appears with 3.8.0.859).

    I originally did an "over the top" install of HMP.A 3.8.0.859 but after discovering this issue, I did a "fresh" install of HMP.A which included deleting the HMP.A "Program Data" folder. This did not help.

    No other software on my system changed when this issue appeared except for the update to HMP.A 3.8.0.859. Edge Chromium remained at the same version and no updates to Windows or any security software were made. The only conclusion that I can draw from this is that something must have changed with HMP.A 3.8.0.859 to cause this issue.

    Is anyone else that is using Edge Chromium (or possibly any other Chromium based browser) seeing this issue along with myself?
     
    Last edited: Dec 31, 2019
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Can HMP.A be used together with Eset Internet Security?
    Do there need to be made mutual exceptions and, if so, which ones?
    TIA
     
  4. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    My antivirus (besides Windows Defender) is Avast free 19.8.2393 (version 19.8.4793.545).
    I have also installed Malwarebytes v4.0.4.49, but it was not active (and not started at Windows startup)
    The BSOD happens when my TomTom One device (via USB) contacts with TomTomHomePC v2.20.4.1267 software.
    The BADUSB is always turned off
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Not precisely what you asked, but I am running ESET NOD32 AV in addition to HMP.A with no exclusions necessary in ESET. I am not aware of there being exclusion capability in HMP.A.
     
  6. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    HitmanPro.Alert 3.8.0 Build 859 Released


    Manually updated to 3.8.0 Build 859 and no problems encountered.
    Windows 10 pro 64 bit versie 1909
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,638
    Thanks Page42
    Happy New Year !
     
  8. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Sporadic app crashes. Win7 32-bit. Clean install. Only HMP and HMPA installed. HMP and HMPA not activated.
    Code:
    Log Name:      System
    Source:        Service Control Manager
    Date:          2020-01-02 03:10:13
    Event ID:      7031
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      20FU-CTO1
    Description:
    The HitmanPro.Alert service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7031</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2020-01-02T02:10:13.387900000Z" />
        <EventRecordID>5317</EventRecordID>
        <Correlation />
        <Execution ProcessID="668" ThreadID="876" />
        <Channel>System</Channel>
        <Computer>20FU-CTO1</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">HitmanPro.Alert service</Data>
        <Data Name="param2">1</Data>
        <Data Name="param3">1000</Data>
        <Data Name="param4">1</Data>
        <Data Name="param5">Restart the service</Data>
      </EventData>
    </Event>
    
    Faulting application name: hmpalert.exe, version: 3.8.0.859, time stamp: 0x5dfb6e6a
    Faulting module name: CRYPT32.dll, version: 6.1.7601.24499, time stamp: 0x5d0118b9
    Exception code: 0xc0000005
    Fault offset: 0x00001544
    Faulting process id: 0x12c8
    Faulting application start time: 0x01d5c1055a8e34e0
    Faulting application path: C:\Program Files\HitmanPro.Alert\hmpalert.exe
    Faulting module path: C:\Windows\system32\CRYPT32.dll
    Report Id: 988f5800-2cf8-11ea-b2d7-c85b76503892
    
     

    Attached Files:

    Last edited: Jan 1, 2020
  9. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Same problem as described above for Win7 x64. I think this may be occurring when booting. Not sure though. I have a few more dumps if needed for x86.
     

    Attached Files:

    Last edited: Jan 2, 2020
  10. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    using build 791 it seems is a memory leak?

    It is using over a gig of ram.
     

    Attached Files:

  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees

    Attached Files:

  12. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,
    After three days of having to disable Keystroke Encryption in order to use the keyboard and type in Edge Chromium, upon boot this morning the issue seems to have magically resolved itself (at least for the moment). If the issue returns, I will report back but for now HMP.A 3.8.0.859 is working as expected with no issues.
     
  13. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    There is a lot of writing that HitmanPro.Alert is working perfectly because it has not caused any problems. It also need to protect your computer from malware, as it is its main function, for it to work properly. This is Truth is coming out, only from independent tests and accidental infections. That is, if it does not cause a problem, it is necessary but not sufficient for it to function properly. I know you know that, but I felt like writing it down. Sorry for the comment.

    By the way, are there tests for the new version? I would be very curious about this compared to the previous version.
     
  14. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,
    Well, it seems that after a couple of days of no issues with Edge Chromium and Keystroke Encryption, this issue has reappeared this morning. I am once again having to disable Keystroke Encryption in Edge Chromium in order to type without the characters being scrambled :( ...

    Note: I do not know if this has anything to do with the issue reappearing but Edge Chromium Dev did update from version 80.0.361.9 to 80.0.361.23 yesterday.
     
    Last edited: Jan 5, 2020
  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    @markloman @erikloman @RonnyT
    Any chance the hardware assisted exploit migitations will also be supported on AMD CPU's? Now that AMD has improved performance and Intel vulnerable to more CPU vulnerabilities, I see no reason to go Intel anymore..
     
  16. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Right-clicked the HMP.A icon and selected "Check for update" to upgrade from 3.8.0 Build 857 Beta to 3.8.0 Build 859. Rebooted on December 31st. I have not experienced any issues to date.
     
  17. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    With the new version (HitmanPro.Alert v.3.8.0 build 859), the Far Manager (v. 3.0.0.5511 x64) program opened up faster, but its exit slowed down. Anyone else experienced similar things with different programs? Windows 10 Pro 64bit v.1909 build: 18363.535
     
  18. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    81
    Location:
    Kissimmee, FL
    Bug report: Expire date shifting forward for each day of Windows uptime, corrects after reboot.
    The expire date is only accurate the same day as a system restart.
    I have been suspecting this on many computers for a long time, today I finally verified the problem on at least 3 computers.
    Windows 10, HMPA paid version 3.7.12 793 (many versions have been doing this)

    Example 1: Open HMPA and look at expire date
    License expires in 430 days, now click to see the date 2021-03-13
    (this computer had 3 days uptime shown on taskmanager performance tab)
    reboot the computer, check again
    License expires in 427 days, now click to see the date 2021-03-10

    Example 2: Open HMPA and look at expire date
    License expires in 405 days, now click to see the date 2021-02-16
    (this computer had 12 days uptime shown on taskmanager performance tab)
    reboot the computer, check again
    License expires in 393 days, now click to see the date 2021-02-04

    Example 3: Open HMPA and look at expire date
    License expires in 225 days, now click to see the date 2020-08-20
    (this computer had 91 days uptime shown on taskmanager performance tab)
    reboot the computer, check again
    License expires in 134 days, now click to see the date 2020-05-22
     
    Last edited: Jan 7, 2020
  19. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    81
    Location:
    Kissimmee, FL
    Just manually updated from 3.7.12 793 to 3.8.0 Build 859, then minutes later I get this BSOD

    Computer name: MIKE-PC
    Windows version: Windows 10 1909, 10.0, build: 18363
    Windows dir: C:\WINDOWS
    Hardware: XPS 8900, Dell Inc., 0XJ8C4
    CPU: GenuineIntel Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Intel8664, level: 6
    8 logical processors, active mask: 255
    RAM: 17052811264 bytes (15.9GB)

    Crash Dump Analysis
    Crash dumps are enabled on your computer.

    Crash dump directories:
    C:\WINDOWS
    C:\WINDOWS\Minidump

    On Tue 1/7/2020 5:02:40 PM your computer crashed or a problem was reported
    crash dump file: C:\WINDOWS\MEMORY.DMP
    This was probably caused by the following module: hmpalert.sys (0xFFFFF8039E6E5050)
    Bugcheck code: 0x50 (0xFFFF80015C200000, 0x0, 0xFFFFF8039E6E5050, 0x0)
    Error: PAGE_FAULT_IN_NONPAGED_AREA
    file path: C:\WINDOWS\system32\drivers\hmpalert.sys
    product: HitmanPro.Alert
    company: SurfRight B.V.
    description: HitmanPro.Alert Support Driver
    Bug check description: This indicates that invalid system memory has been referenced.
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hmpalert.sys (HitmanPro.Alert Support Driver, SurfRight B.V.).
    Google query: hmpalert.sys SurfRight B.V. PAGE_FAULT_IN_NONPAGED_AREA
     
  20. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    As always:
    Are you running other security software?
    Which modifications did you make to Windows?
    Did you try a clean install?
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Can you download this sysinternals tool http://live.sysinternals.com/procdump.exe

    Create a folder c:\dumps, place the procdump.exe in there, open an administrative command-box and execute the command below:
    c:\dumps\procdump -ma -i c:\dumps\
    then reproduce the issue, this should record a memory dump of the crashing process.

    If you want you can reset your Just in time debugger
    procdump -u

    Please upload the dump here
    https://filetransfer.kpn.com/welcome/intro

    Then send me the link in a DM so our devs can analyze the crashe(s).
     
  22. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    That's correct, this alert is running in silent mode, and shouldn't trigger.
    It will be tweaked/updated/removed in a later version, for now if the alert details show "Extra data appended to file!" please ignore.
     
  23. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Will this work during boot up? I am assuming the crashes happen during boot, but I'm not sure and need take a look at the logs and times when the app crashes. A dump will be created for any app crash that occurs right?

    My laptop has 16GB. A full dump is going to be huge.

    By DM, do you mean direct message via a PM on this forum?
     
    Last edited: Jan 8, 2020
  24. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I wanted to manually updated from 3.7.12 793 to 3.8.0 Build 859 last week, but good thing waited for the auto update that was supposed to happen on Monday of this week.
     
  25. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    81
    Location:
    Kissimmee, FL
    I just got two more hmpalert.sys blue screens and had no choice but to uninstall HMPA. I do not have other security software. I put back the 3.7 version and will stay on that for a while. I also send my Windows dump files to Ronny T for the devs to look at.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.