HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi Davido,

    Please report your Alert details and the description of the problem to support@hitmanpro.com
     
  2. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    8xx might have the latest version of CryptoGuard V5 and 7xx has only V4..
     
  3. HansF

    HansF Registered Member

    Joined:
    Dec 10, 2015
    Posts:
    24
    @RonnyT There's no alert when i download and try to start the testfile.
     
  4. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Does adding a program/app to HMPA Exclusions effectively force HMPA to bypass and/or ignore that program (like Whitelisting it)?
     
  5. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Why is this causing an error in the event log when running regscanner from Nirsoft?
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          2020-07-01 19:09:39
    Event ID:      911
    Task Category: Mitigation
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      2429-NL6
    Description:
    Mitigation   CredGuard
    Timestamp    2020-07-01T17:09:39
    
    Platform     6.1.7601/x64 v871 06_3a
    PID          5436
    Feature      003D0A30000001A2
    Application  D:\ThinApps\NirSoft\x64\RegScanner.exe
    Created      2018-06-30T14:33:58
    Description  Registry Scanner 2.51
    
    \REGISTRY\MACHINE\SAM
    
    Process Trace
    1  D:\ThinApps\NirSoft\x64\RegScanner.exe [5436] 2020-07-01T17:09:36
    2  C:\Toolbx\MenuApp.exe [3968] 2020-07-01T14:32:43
       "C:\Toolbx\MenuApp.exe" -u -INI
    3  C:\Windows\explorer.exe [3064] 2020-07-01T14:32:40
    4  C:\Windows\System32\userinit.exe [3040] 2020-07-01T14:32:40 26.9s
    5  C:\Windows\System32\winlogon.exe [384] 2020-07-01T14:32:37
       winlogon.exe
    6  C:\Windows\System32\smss.exe [700] 2020-07-01T14:32:36 1.1s
       \SystemRoot\System32\smss.exe 00000001 00000048
    7  C:\Windows\System32\smss.exe [364] 2020-07-01T14:32:33
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    1  C:\$Recycle.Bin\S-1-5-21-1441916870-2908020126-3392981109-1000\$IRFUEO2.lnk
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    2  C:\Users\Adric\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IXIBW5E3VFKRID6Y0MZ2.temp
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    3  C:\Users\Adric\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\277f4cbeba544308.customDestinations-ms~RF8b9520.TMP
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    
    Thumbprints
    N/A
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2020-07-01T17:09:39.000000000Z" />
        <EventRecordID>2337</EventRecordID>
        <Channel>Application</Channel>
        <Computer>2429-NL6</Computer>
        <Security />
      </System>
      <EventData>
        <Data>D:\ThinApps\NirSoft\x64\RegScanner.exe</Data>
        <Data>CredGuard</Data>
        <Data>Mitigation   CredGuard
    Timestamp    2020-07-01T17:09:39
    
    Platform     6.1.7601/x64 v871 06_3a
    PID          5436
    Feature      003D0A30000001A2
    Application  D:\ThinApps\NirSoft\x64\RegScanner.exe
    Created      2018-06-30T14:33:58
    Description  Registry Scanner 2.51
    
    \REGISTRY\MACHINE\SAM
    
    Process Trace
    1  D:\ThinApps\NirSoft\x64\RegScanner.exe [5436] 2020-07-01T17:09:36
    2  C:\Toolbx\MenuApp.exe [3968] 2020-07-01T14:32:43
       "C:\Toolbx\MenuApp.exe" -u -INI
    3  C:\Windows\explorer.exe [3064] 2020-07-01T14:32:40
    4  C:\Windows\System32\userinit.exe [3040] 2020-07-01T14:32:40 26.9s
    5  C:\Windows\System32\winlogon.exe [384] 2020-07-01T14:32:37
       winlogon.exe
    6  C:\Windows\System32\smss.exe [700] 2020-07-01T14:32:36 1.1s
       \SystemRoot\System32\smss.exe 00000001 00000048
    7  C:\Windows\System32\smss.exe [364] 2020-07-01T14:32:33
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    1  C:\$Recycle.Bin\S-1-5-21-1441916870-2908020126-3392981109-1000\$IRFUEO2.lnk
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    2  C:\Users\Adric\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IXIBW5E3VFKRID6Y0MZ2.temp
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    3  C:\Users\Adric\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\277f4cbeba544308.customDestinations-ms~RF8b9520.TMP
         Dropped by \Device\HarddiskVolume1\Windows\explorer.exe [3064]
    
    Thumbprints
    N/A
    </Data>
      </EventData>
    </Event>
    
     
  6. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    This means that regscanner was blocked access to the SAM key in registry, it get's access denied and carries on.
    We just record that this happened in this case it's something you initiated, if there is an attacker on the machine you can see they tried to read out that part of the registry.
     
  7. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Just got an update notification.
    Smooth update to HMP.A 3.8.6 build 875
     
  8. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.8.6 Build 875 RC

    Changelog (compared to build 871):
    • Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs).
    • Improved CryptoGuard detection
    • Improved WoW64 mitigation
    • Improved upgrade of build 7xx to a 8xx build
    • Improved installer to detect partial old installation
    • Improved the internal updater to check more frequent for updates
    • Various minor improvements
    • All binaries built with Visual C++ 16.6.1 with Spectre mitigations
    Download
    https://dl.surfright.nl/hmpalert3b875.exe

    We're auto updating 873 Beta users at the moment, and will release to 8xx series users if all goes well soon.
    Please let us know how this build runs on your machine. Thanks!
     
  9. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    Hey,

    Got a neat notification from HitmanPro-Alert that there was an update.
    PC restart and HitmanPro-Alert has been updated to Version 3.8.6 build 875.

    No problems encountered.

    Windows 10 pro Version 2004 build 19041.329
     
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Manually upgraded to build 875 RC. No problems.

    Win10 2004 build 19041.331 x64/Norton Security v22.20.4.57
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    No problems with auto-update, still Win 10 (Pro) 1909 build 1836.900.
     
  12. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Auto updating to build 875 RC. No problems.
     
  13. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Update kept failing (as usual, RAM disk).

    Manual uninstall & install went fine.
     
  14. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Manual upgrade from 871 to 875. Upgrade went smooth on first sight.
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Auto updated two Win10 x64 2004 machines without issue.
     
  16. Sniperks

    Sniperks Registered Member

    Joined:
    Mar 26, 2020
    Posts:
    3
    Location:
    USA
    Thanks for keeping us in mind about updates with HitmanPro.Alert, RonnyT.
     
  17. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Yes, appreciate all security soft developers who are active on these forums. :thumb:
     
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I want to go back to 3.7 from 3.8. Do i have to uninstall 3.8 or can i install over the top.
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    From memory you have to uninstall 3.7 and delete the excalibur.db (?) or similar in the HMP.A folder. I'm not on Windows at the moment so can't check the exact name or path.

    Revo works.
     
  20. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I think i installed 3.8 over 3.7. I did not know that 3.8 would auto install RC Builds that i could not stop.
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Yeah, you can install 3.8 over 3.7, but not 3.7 over 3.8.

    Here's the path:
    Code:
    C:\ProgramData\HitmanPro.Alert
    I see there are three Excalibur.db files, so...
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    So I might be confused, and in the process probably confused you. :(

    Sorry.
     
  24. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    To late i just did it and went back to 3.7... I got this with 3.7 and also with 3.8....
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          7/3/2020 11:58:39 AM
    Event ID:      911
    Task Category: Mitigation
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      User-PC
    Description:
    Mitigation   CredGuard
    Timestamp    2020-07-03T15:58:39
    Platform     6.1.7601/x64 v875 06_3a
    PID          2320
    Feature      0000000000000001
    Application  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
    Created      2019-09-07T03:10:39
    Description  Kaspersky Anti-Virus 20.0.14
    \REGISTRY\MACHINE\SAM\SAM\Domains\Account
    Process Trace
    1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [2320] 2020-07-03T15:58:38
       "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe" -r
    2  C:\Windows\System32\services.exe [860] 2020-07-03T15:58:36
    3  C:\Windows\System32\wininit.exe [780] 2020-07-03T15:58:36
       wininit.exe
    4  C:\Windows\System32\smss.exe [596] 2020-07-03T15:58:32 3.7s
       \SystemRoot\System32\smss.exe 00000000 0000005c
    5  C:\Windows\System32\smss.exe [496] 2020-07-03T15:58:32
       \SystemRoot\System32\smss.exe
    Dropped Files
    1  C:\ProgramData\Kaspersky Lab\5E3BE5E2-5F91-324B-90F9-EA542C1EB604
         Dropped by \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [2320]
    1  C:\Windows\system32\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    2  C:\Windows\system32\logfiles\scm\9c2a72da-cae5-4305-b81c-e665ff77fbc9
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    3  C:\Windows\system32\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    4  C:\Windows\system32\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    5  C:\Windows\system32\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    6  C:\Windows\system32\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    7  C:\Windows\system32\logfiles\scm\d0574421-fe1b-4096-a3b5-27aa31bb0060
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    8  C:\Windows\system32\logfiles\scm\d59b7d7d-b178-4090-b5f1-e0c7b48df3ee
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    9  C:\Windows\system32\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    10 C:\Windows\system32\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    11 C:\Windows\system32\logfiles\scm\7bf2939b-b1a1-436c-b437-f830b843e46e
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    12 C:\Windows\system32\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    13 C:\Windows\system32\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    Thumbprints
    368a1bad9d915f938d0b558b13bad211bf6c227c2d202e95f10b55dc77c94562
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2020-07-03T15:58:39.000000000Z" />
        <EventRecordID>65676</EventRecordID>
        <Channel>Application</Channel>
        <Computer>User-PC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe</Data>
        <Data>CredGuard</Data>
        <Data>Mitigation   CredGuard
    Timestamp    2020-07-03T15:58:39
    Platform     6.1.7601/x64 v875 06_3a
    PID          2320
    Feature      0000000000000001
    Application  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
    Created      2019-09-07T03:10:39
    Description  Kaspersky Anti-Virus 20.0.14
    \REGISTRY\MACHINE\SAM\SAM\Domains\Account
    Process Trace
    1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [2320] 2020-07-03T15:58:38
       "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe" -r
    2  C:\Windows\System32\services.exe [860] 2020-07-03T15:58:36
    3  C:\Windows\System32\wininit.exe [780] 2020-07-03T15:58:36
       wininit.exe
    4  C:\Windows\System32\smss.exe [596] 2020-07-03T15:58:32 3.7s
       \SystemRoot\System32\smss.exe 00000000 0000005c
    5  C:\Windows\System32\smss.exe [496] 2020-07-03T15:58:32
       \SystemRoot\System32\smss.exe
    Dropped Files
    1  C:\ProgramData\Kaspersky Lab\5E3BE5E2-5F91-324B-90F9-EA542C1EB604
         Dropped by \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe [2320]
    1  C:\Windows\system32\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    2  C:\Windows\system32\logfiles\scm\9c2a72da-cae5-4305-b81c-e665ff77fbc9
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    3  C:\Windows\system32\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    4  C:\Windows\system32\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    5  C:\Windows\system32\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    6  C:\Windows\system32\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    7  C:\Windows\system32\logfiles\scm\d0574421-fe1b-4096-a3b5-27aa31bb0060
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    8  C:\Windows\system32\logfiles\scm\d59b7d7d-b178-4090-b5f1-e0c7b48df3ee
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    9  C:\Windows\system32\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    10 C:\Windows\system32\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    11 C:\Windows\system32\logfiles\scm\7bf2939b-b1a1-436c-b437-f830b843e46e
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    12 C:\Windows\system32\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    13 C:\Windows\system32\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
         Dropped by \Device\HarddiskVolume3\Windows\System32\services.exe [860]
    Thumbprints
    368a1bad9d915f938d0b558b13bad211bf6c227c2d202e95f10b55dc77c94562
    </Data>
      </EventData>
    </Event>
     
  25. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Do NOT return from this 8xx CTP to version 7xx stable without first removing c:\programdata\hitmanpro.alert\excalibur.db... I already went back to 3.7 without removing c:\programdata\hitmanpro.alert\excalibur.db. I uninstalled 3.7 and then deleted that programdata before i installed 3.7 again.
     
    Last edited: Jul 3, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.