HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Has anyone noticed that HMP.A and Sandboxie don't seem to get along? I have the most recent verions of both apps, and HMP.A is enabled in the Sandboxie settings, yet I keep getting errors on a semi-regular basic whenever a launch Vivaldi or Firefox. Has anyone experienced anything like that?
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
  3. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.8.3 Build 869 Released

    Changelog (compared to build 867)
    • Fixed handle leak in Alert's service process
    • Fixed compatibility with BoxedApp applications
    • Fixed event log to show the timestamp in local time instead of UTC time
    • Fixed a device reference counting issue in the driver related to WipeGuard mitigation
    • Improved CryptoGuard 5 algorithms
    • Improved APC mitigation
    • Improved DEP mitigation
    • Improved HeapHeapProtect detection
    • Improved HeapSpray mitigation
    • Improved SysCall mitigation
    • Improved the update pending message to be shown more frequent instead of just once
    • All binaries built with Visual C++ 16.5.3 with Spectre mitigations
    Download
    https://dl.surfright.nl/hmpalert38.exe

    We're updating everyone on a 8xx build to this version. Enjoy! :thumb:
     
    Last edited: Apr 13, 2020
  4. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    174
    Works fine here. updated without issues.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Auto-updated here without issue x 2. :thumb:

    Edit: Still no green fly-out when opening Firefox 75.
     
    Last edited: Apr 13, 2020
  6. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Automatically updated without problem.
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 869.

    Win10 1909 build 18363.752 x64/Norton Security v22.20.2.57
     
  8. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    After reporting and restarting, HitmanPro.Alerd was updated to version 3.8.3 Build 869.
    No problems Windows 10 pro Versie 1909
    AV: Emsisoft Anti-malware
     
  9. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Forced auto-update here. No immediate issues. Fly-outs work for Chrome/Edge and Firefox for me.
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Update working fine here on 1909 x64.
    Flyout is working for Firefox 75, Safety Notification is set to Application Start.
     
  11. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Update failed (like most on my machine, due to having TEMP/TMP set to a RAM drive?).

    Uninstall & manual install worked fine.
     
  12. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
    Automatic update from 3.8.2.867 to 3.8.3.869 all right.
    Thank you! :thumb:
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Feature request:

    When Alert used Windows Event Viewer we could post the details of events here for analysis but we can't do that now. I had a ROP mitigation from Enpass on one machine earlier today and while I can highlight the alert's text I can't copy and post it here to see if it was a false positive or not.

    Can the text of the alert be made so we can copy text? Or have I missed something?

    Thanks.
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I have another request:
    When watching a full screen movie, if a program protected by Alert updates in the background, a flyout appears on top of the full screen movie, that the new version is now protected by Alert. While this is not a problem for me, maybe the flyout could be delayed until full screen mode is exited. The problem is that when Alert auto-updates to a new version, the flyout with update notification also appears on top of the full screen movie, but does not disappear after a few seconds and must be closed manually.
     
  15. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Look under Custom Views ;)

    upload_2020-4-15_16-50-47.png

    Or isn't that what you meant?
     
  16. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    That's still possible, mouse click in the alert details, press CTRL-A CTRL-V and you should be able to paste.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    OK, Ctrl + A to highlight all, Ctrl + C to copy to clipboard and Ctrl + V to paste.
    Code:
    Mitigation   ROP
    Timestamp    2020-04-14T23:11:38
    
    Platform     10.0.18363/x64 v869 06_25
    PID          9352
    WoW          x86
    Feature      003D1A361FBF01B6
    Application  C:\Program Files (x86)\Enpass\Enpass.exe
    Created      2020-03-25T21:30:41
    Description  Enpass Password Manager 6.4.1
    
    Callee Type  LoadLibrary
                 api-ms-win-core-sysinfo-l1-2-1
    
    Branch Trace                      Opcode  To                             
    -------------------------------- -------- --------------------------------
    MsgWaitForMultipleObjectsEx +0x50   ~ RET* 0x01011F3F Enpass.exe           
    0x7497B9B0 user32.dll                                                     
                244f                     AND          AL, 0x4f
                0183bc249c01             ADD          [EBX+0x19c24bc], EAX
                0000                     ADD          [EAX], AL
                00750f                   ADD          [EBP+0xf], DH
                83bc24a001000000         CMP          DWORD [ESP+0x1a0], 0x0
                c644241b00               MOV          BYTE [ESP+0x1b], 0x0
                7405                     JZ           0x1011f60
                c644241b01               MOV          BYTE [ESP+0x1b], 0x1
                8d8c24c0000000           LEA          ECX, [ESP+0xc0]
                e844660000               CALL         0x10185b0
                84c0                     TEST         AL, AL
                0f84ed000000             JZ           0x1012061
                807c244f00               CMP          BYTE [ESP+0x4f], 0x0
                0f85e2000000             JNZ          0x1012061
                                     (47F3BCF5AF2F9F17)
    
    
    MsgWaitForMultipleObjectsEx +0x129   ~ RET  MsgWaitForMultipleObjectsEx +0x4d
    0x7497BA89 user32.dll                     0x7497B9AD user32.dll           
    
    GetOpenClipboardWindow +0x4d         RET  MsgWaitForMultipleObjectsEx +0x126
    0x74994535 user32.dll                     0x7497BA86 user32.dll           
    
    NtUserMsgWaitForMultipleObjectsEx +0xc   ~ RET  MsgWaitForMultipleObjectsEx +0x119
    0x7622708C win32u.dll                     0x7497BA79 user32.dll           
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  7467250D 0patchLoader.dll       
                8bd0                     MOV          EDX, EAX
                895510                   MOV          [EBP+0x10], EDX
                84db                     TEST         BL, BL
                752c                     JNZ          0x74672542
                33c9                     XOR          ECX, ECX
                894de4                   MOV          [EBP-0x1c], ECX
                85f6                     TEST         ESI, ESI
                7404                     JZ           0x74672523
                8b06                     MOV          EAX, [ESI]
                eb02                     JMP          0x74672525
    
    2  71AF1000 (anonymous)             
    3  7468E55C 0patchLoader.dll       
    4  71AB1000 (anonymous; 0PatchLoader.dll)
    5  7613F7F5 ucrtbase.dll             _time64 +0xe5
    6  7613F741 ucrtbase.dll             _time64 +0x31
    7  7613F71E ucrtbase.dll             _time64 +0xe
    8  00CE7D71 Enpass.exe             
    9  009C5B35 Enpass.exe             
    10 009C18A6 Enpass.exe             
    
    Loaded Modules (94)
    -----------------------------------------------------------------------------
    00780000-03705000 Enpass.exe (Sinew Software Systems P),
                      version: 6.4.1.0
    770D0000-7726A000 ntdll.dll (Microsoft Corporation),
                      version: 10.0.18362.719 (WinBuild.160101.0800)
    759A0000-75A80000 KERNEL32.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    74790000-7488D000 hmpalert.dll (SurfRight B.V.),
                      version: 3.8.3.869
    76340000-7653E000 KERNELBASE.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    76B90000-76C8B000 CRYPT32.dll (Microsoft Corporation),
                      version: 10.0.18362.592 (WinBuild.160101.0800)
    76100000-7621F000 ucrtbase.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    760F0000-760FE000 MSASN1.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    77010000-77035000 IMM32.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    74950000-74AE7000 USER32.dll (Microsoft Corporation),
                      version: 10.0.18362.719 (WinBuild.160101.0800)
    76220000-76237000 win32u.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    74920000-74941000 GDI32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75DD0000-75F2A000 gdi32full.dll (Microsoft Corporation),
                      version: 10.0.18362.719 (WinBuild.160101.0800)
    74B70000-74BEC000 msvcp_win.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    76AF0000-76B82000 OLEAUT32.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    75B40000-75DB5000 combase.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    75A80000-75B3B000 RPCRT4.dll (Microsoft Corporation),
                      version: 10.0.18362.628 (WinBuild.160101.0800)
    748A0000-748C0000 SspiCli.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74890000-7489A000 CRYPTBASE.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76C90000-76CEF000 bcryptPrimitives.dll (Microsoft Corporation),
                      version: 10.0.18362.295 (WinBuild.160101.0800)
    77040000-770B6000 sechost.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    758F0000-759A0000 COMDLG32.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    769D0000-76A8F000 msvcrt.dll (Microsoft Corporation),
                      version: 7.0.18362.1 (WinBuild.160101.0800)
    74C90000-74D14000 shcore.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    75F30000-75F74000 SHLWAPI.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75350000-758CA000 SHELL32.dll (Microsoft Corporation),
                      version: 10.0.18362.719 (WinBuild.160101.0800)
    76D50000-76D8B000 cfgmgr32.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    74D80000-75345000 windows.storage.dll (Microsoft Corporation),
                      version: 10.0.18362.719 (WinBuild.160101.0800)
    76070000-760E9000 advapi32.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    74BF0000-74C0B000 profapi.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    74B10000-74B53000 powrprof.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74B60000-74B6D000 UMPDC.dll (),
                      version:
    75DC0000-75DCF000 kernel.appcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    758D0000-758E3000 cryptsp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76240000-76337000 ole32.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    76A90000-76AEE000 WS2_32.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    76990000-769A9000 bcrypt.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    74D20000-74D76000 WLDAP32.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    76060000-76067000 Normaliz.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    740B0000-740BF000 WTSAPI32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    730B0000-7311B000 WINSPOOL.DRV (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    73130000-7333F000 COMCTL32.dll (Microsoft Corporation),
                      version: 6.10 (WinBuild.160101.0800)
    73D70000-73DEA000 UxTheme.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    73DF0000-73E15000 dwmapi.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    743B0000-743E2000 IPHLPAPI.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74760000-74778000 MPR.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74740000-74753000 NETAPI32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74450000-7446E000 USERENV.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    74660000-74668000 VERSION.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    71DE0000-71E4E000 MSVCP140.dll (Microsoft Corporation),
                      version: 14.22.27821.0 built by: vcwrkspc
    71DC0000-71DD3000 VCRUNTIME140.dll (Microsoft Corporation),
                      version: 14.22.27821.0 built by: vcwrkspc
    71D90000-71DB4000 WINMM.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    72A70000-72B35000 PROPSYS.dll (Microsoft Corporation),
                      version: 7.0.18362.267 (WinBuild.160101.0800)
    71D60000-71D83000 WINMMBASE.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74710000-7471B000 NETUTILS.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74720000-7473C000 SRVCLI.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74670000-7470C000 0PatchLoader.dll (Acros Security),
                      version: 19.11.15.10650
    744D0000-7465F000 dbghelp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    744A0000-744C4000 dbgcore.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74470000-74499000 ntmarta.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    72960000-7296A000 secur32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    741A0000-741F2000 mswsock.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    72990000-729DE000 UWPComponents.dll (),
                      version:
    72900000-72941000 vccorlib140.DLL (Microsoft Corporation),
                      version: 14.22.27821.0 built by: vcwrkspc
    74C10000-74C90000 clbcatq.dll (Microsoft Corporation),
                      version: 2001.12.10941.16384 (WinBuild.160101.080
    728B0000-728F8000 CryptoWinRT.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    720F0000-721CA000 wintypes.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    72850000-728A9000 cryptngc.dll (Microsoft Corporation),
                      version: 10.0.18362.329 (WinBuild.160101.0800)
    73F40000-73F61000 ncrypt.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    73F10000-73F38000 NTASN1.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    72970000-7298A000 ngcksp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    70190000-70410000 dwrite.dll (Microsoft Corporation),
                      version: 10.0.18362.476 (WinBuild.160101.0800)
    71BD0000-71D5E000 d3d9.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    726E0000-726F9000 dxcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76D90000-76E93000 MSCTF.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    726A0000-726D1000 dataexchange.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    07D70000-07F4E000 d3d11.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    71880000-719EA000 dcomp.dll (Microsoft Corporation),
                      version: 10.0.18362.752 (WinBuild.160101.0800)
    71EB0000-71F71000 dxgi.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    71690000-71873000 twinapi.appcore.dll (Microsoft Corporation),
                      version: 10.0.18362.693 (WinBuild.160101.0800)
    72680000-7269F000 RMCLIENT.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    729E0000-72A64000 TextInputFramework.dll (Microsoft Corporation),
                      version: 10.0.18362.207 (WinBuild.160101.0800)
    72260000-724BE000 CoreUIComponents.dll (Microsoft Corporation),
                      version: 10.0.18362.207
    721D0000-72259000 CoreMessaging.dll (Microsoft Corporation),
                      version: 10.0.18362.1
    73990000-73BB9000 iertutil.dll (Microsoft Corporation),
                      version: 11.00.18362.693 (WinBuild.160101.0800)
    71460000-715E3000 explorerframe.dll (Microsoft Corporation),
                      version: 10.0.18362.418 (WinBuild.160101.0800)
    74060000-740A9000 WINSTA.dll (Microsoft Corporation),
                      version: 10.0.18362.53 (WinBuild.160101.0800)
    734F0000-73501000 napinsp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    734D0000-734E6000 pnrpnsp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    740D0000-74161000 DNSAPI.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    74B00000-74B07000 NSI.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    734C0000-734CB000 winrnr.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    743F0000-74406000 NLAapi.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    734B0000-734C0000 wshbth.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files (x86)\Enpass\Enpass.exe [9352] 2020-04-14T23:11:13
       "C:\Program Files (x86)\Enpass\Enpass.exe" -minimize
    2  C:\Windows\explorer.exe [7136] 2020-04-14T23:10:24
    3  C:\Windows\System32\userinit.exe [6540] 2020-04-14T23:10:16 38.4s
    4  C:\Windows\System32\winlogon.exe [688] 2020-04-14T23:09:36
       winlogon.exe
    5  C:\Windows\System32\smss.exe [600] 2020-04-14T23:09:36 182ms
       \SystemRoot\System32\smss.exe 000000c4 00000088
    6  C:\Windows\System32\smss.exe [356] 2020-04-14T23:09:30
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    1  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\shopping_cart.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    2  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\travelling_visa.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    3  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\alphabet_p.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    4  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\alphabet_g.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    5  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\folder@2x.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    6  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\calling.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    7  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\email_account_4@2x.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    8  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\passport@3x.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    9  C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\web_hosting@2x.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    10 C:\Users\Dave\AppData\Roaming\Sinew Software Systems Pvt Ltd\Enpass\icons\item\misc\cell_phone.png
         Dropped by \Device\HarddiskVolume2\Program Files (x86)\Enpass\Enpass.exe [9352]
    1  C:\Users\Dave\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000077c.db
         Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [7136]
    2  C:\Users\Dave\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000077d.db
         Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [7136]
    
    Thumbprints
    5004d003102f8f0875209028103771a2af740aa204b7940ee7d34a9bf832aab8
    
    At @RonnyT , is this a FP or real attack?

    Thanks.
     
  18. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Is that structural with ever Enpass usage? if so can you disable 0patch for a second and try again?
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    No, I mean copy from the HMP.A UI.

    ROP  Enpass.PNG
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I'm not sure what 'structural' means in this context. I've only seen this once on one machine, although I have Enpass, Alert and 0Patch on two Win10 machines.
     
  21. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    As far as I know all alerts are saved in the event log. So you could always copy from the event log entry but ctrl-a, ctrl-c, ctrl-v seems to work also :)
     
  22. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    This is exactly my experience too.
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    I've added PowerShell (x64 and x86) to HMP.A, under the "Other" template. Am I correct in assuming that leaving the "Application Lockdown" setting checked for them is asking for trouble? I think some legitimate applications and Windows 10 itself uses PowerShell in a way that could be interfered with if that were to be enabled (as one example, I believe Windows updates, installs, and uninstalls modern apps using PowerShell).
     
    Last edited: Apr 17, 2020
  24. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.8.4 Build 871 Released

    Changelog (compared to build 869)
    • Fixed BSOD occuring on some computers with Windows 10 version 2004 (20H1).
    • Improved Lockdown mitigation.
    • Improved False positive handling.
    • All binaries built with Visual C++ 16.5.4 with Spectre mitigations
    Download
    https://dl.surfright.nl/hmpalert38.exe

    We're updating everyone on a 8xx build to this version. Enjoy! :thumb:
     
  25. Sniperks

    Sniperks Registered Member

    Joined:
    Mar 26, 2020
    Posts:
    3
    Location:
    USA
    Auto updated nicely to 3.8.4 build 871. Good to go.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.