Hi Mark, Downloaded new version and installed over the old hen. No problems encountered. Windows 10 Pro 64bits versie 20H2 build 19042.630
Hi Mark, I downloaded and installed 3.8.8 Build 887 Release Candidate over 3.8.6 Build 875, as well. No issues to report. I also run 8GadgetPack (I don't know how anyone can live without the Network Meter gadget). So far, no alerts have been generated.
Thank you for taking the time to thoroughly explain what's happening, Mark. Greatly appreciated. Cheers.
Good to see you back here! No problems with upgrade on top on Win10 x64 1909. AMD's Zen 3 now has Control-Flow Enforcement Technology, any chance HMP.A will do hardware supported migitation like with Intel?
CET is a different implementation of control flow integrity compared to ours. We've noticed the new features and we're diving into the details to see if we can leverage hardware features of AMD processor to enhance or mitigations. Thanks!
HitmanPro.Alert 3.8.8 Build 887 Release Candidate In my opinion, this is the best release ever. Thanks!
HitmanPro.Alert 3.8.8 Build 889 Release Candidate Changes (compared to build 887) Fixed: Stackpivot: FP on Chrome 88 and higher Improved: Heap Heap Protect shellcode detection https://dl.surfright.nl/hmpalert3b889.exe Please let us know how this build runs on your machine. Thanks!
Downloaded new version and installed over the old hen. No problems encountered. Windows 10 Pro 64bits versie 20H2 build 19042.630[/QUOTE]
I may have spoken too soon. I don't recall getting any pop-ups about this yesterday. However, today, I was perusing the Event Viewer and found them. They were generated when I uninstalled CrystalDiskInfo. Code: Mitigation CodeCave Timestamp 2020-12-08T17:38:25 Platform 10.0.19042/x64 v889 06_2a PID 7948 WoW x86 Feature 003D0A30000001A2 Application C:\Program Files\CrystalDiskInfo\unins000.exe Created 2020-09-30T13:16:38 Description Setup/Uninstall 8.8.9 Extra data appended to file! Data at offset: 00286600 00286600 A4 86 5F A5 94 BC CF 1E 73 76 91 4F 5A 59 29 8D .._.....sv.OZY). 00286610 89 0C 66 16 49 6E 6E 6F 20 53 65 74 75 70 20 4D ..f.Inno Setup M 00286620 65 73 73 61 67 65 73 20 28 36 2E 30 2E 30 29 20 essages (6.0.0) 00286630 28 75 29 00 00 00 00 00 00 00 00 00 00 00 00 00 (u)............. 00286640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00286650 00 00 00 00 F3 00 00 00 22 5B 00 00 DD A4 FF FF ........"[...... 00286660 E7 A4 CE 19 43 00 61 00 6E 00 63 00 65 00 6C 00 ....C.a.n.c.e.l. 00286670 20 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 .i.n.s.t.a.l.l. 00286680 61 00 74 00 69 00 6F 00 6E 00 00 00 53 00 65 00 a.t.i.o.n...S.e. 00286690 6C 00 65 00 63 00 74 00 20 00 61 00 63 00 74 00 l.e.c.t. .a.c.t. 002866A0 69 00 6F 00 6E 00 00 00 26 00 49 00 67 00 6E 00 i.o.n...&.I.g.n. 002866B0 6F 00 72 00 65 00 20 00 74 00 68 00 65 00 20 00 o.r.e. .t.h.e. . 002866C0 65 00 72 00 72 00 6F 00 72 00 20 00 61 00 6E 00 e.r.r.o.r. .a.n. 002866D0 64 00 20 00 63 00 6F 00 6E 00 74 00 69 00 6E 00 d. .c.o.n.t.i.n. 002866E0 75 00 65 00 00 00 26 00 54 00 72 00 79 00 20 00 u.e...&.T.r.y. . 002866F0 61 00 67 00 61 00 69 00 6E 00 00 00 26 00 41 00 a.g.a.i.n...&.A. 00286700 62 00 6F 00 75 00 74 00 20 00 53 00 65 00 74 00 b.o.u.t. .S.e.t. 00286710 75 00 70 00 2E 00 2E 00 2E 00 00 00 25 00 31 00 u.p.........%.1. 00286720 20 00 76 00 65 00 72 00 73 00 69 00 6F 00 6E 00 .v.e.r.s.i.o.n. 00286730 20 00 25 00 32 00 0D 00 0A 00 25 00 33 00 0D 00 .%.2.....%.3... 00286740 0A 00 0D 00 0A 00 25 00 31 00 20 00 68 00 6F 00 ......%.1. .h.o. 00286750 6D 00 65 00 20 00 70 00 61 00 67 00 65 00 3A 00 m.e. .p.a.g.e.:. 00286760 0D 00 0A 00 25 00 34 00 00 00 00 00 41 00 62 00 ....%.4.....A.b. 00286770 6F 00 75 00 74 00 20 00 53 00 65 00 74 00 75 00 o.u.t. .S.e.t.u. Loaded Modules (28) ----------------------------------------------------------------------------- 00400000-00695000 unins000.exe (Crystal Dew World ), version: 51.1052.0.0 77E50000-77FF3000 ntdll.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 74F70000-75070000 hmpalert.dll (SurfRight B.V.), version: 3.8.8.889 75FD0000-760C0000 KERNEL32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76FD0000-771E4000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 769F0000-76A9F000 comdlg32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76870000-7692F000 msvcrt.dll (Microsoft Corporation), version: 7.0.19041.546 (WinBuild.160101.0800) 76440000-766C1000 combase.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 77350000-77470000 ucrtbase.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76930000-769EA000 RPCRT4.dll (Microsoft Corporation), version: 10.0.19041.630 (WinBuild.160101.0800) 761A0000-76227000 shcore.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 75D10000-75EA6000 USER32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 75FA0000-75FB8000 win32u.dll (Microsoft Corporation), version: 10.0.19041.630 (WinBuild.160101.0800) 77B60000-77B83000 GDI32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 77270000-7734A000 gdi32full.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 76AA0000-76B1B000 msvcp_win.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76B20000-76B65000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 77540000-77AF3000 SHELL32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 76230000-762C6000 oleaut32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 771F0000-7726A000 advapi32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 77D50000-77DC5000 sechost.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75EB0000-75F93000 ole32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75CE0000-75CF9000 mpr.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 741D0000-743E2000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 75BC0000-75BC8000 version.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75CC0000-75CD3000 netapi32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75C90000-75C9B000 NETUTILS.DLL (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 767B0000-767D5000 IMM32.DLL (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) SHA256: 7e95c173b7b6cda0627a9c15ab6288aa026bc9481657817935242ebb42b0cbf8 Process Trace 1 C:\Program Files\CrystalDiskInfo\unins000.exe [7948] 2020-12-08T17:38:08 2 C:\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] 2020-12-08T17:37:35 "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel 3 C:\Windows\System32\svchost.exe [748] 2020-12-08T17:35:17 C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p 4 C:\Windows\System32\services.exe [884] 2020-12-08T17:35:12 5 C:\Windows\System32\wininit.exe [804] 2020-12-08T17:35:12 wininit.exe 6 C:\Windows\System32\smss.exe [548] 2020-12-08T17:35:06 5.8s \SystemRoot\System32\smss.exe 000000c0 00000084 7 C:\Windows\System32\smss.exe [468] 2020-12-08T17:35:04 \SystemRoot\System32\smss.exe Services 748 BrokerInfrastructure 748 DcomLaunch 748 Power 748 SystemEventsBroker Dropped Files 1 C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LHRX104THTKRUQZ2P7LJ.temp Dropped by \Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] 2 C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f18460fded109990.customDestinations-ms~RF26ce9.TMP Dropped by \Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] Thumbprints 31d3b45cddb6d22b11ccd8d251f45e90496beb9aa918bd2e23eaa1dbb8927bff Code: Mitigation CodeCave Timestamp 2020-12-08T17:38:26 Platform 10.0.19042/x64 v889 06_2a PID 7468 WoW x86 Feature 003D0B30000003A2 Application D:\TMP\_iu14D2N.tmp Created 2020-12-08T17:38:25 Description Setup/Uninstall 8.8.9 Extra data appended to file! Data at offset: 00286600 00286600 A4 86 5F A5 94 BC CF 1E 73 76 91 4F 5A 59 29 8D .._.....sv.OZY). 00286610 89 0C 66 16 49 6E 6E 6F 20 53 65 74 75 70 20 4D ..f.Inno Setup M 00286620 65 73 73 61 67 65 73 20 28 36 2E 30 2E 30 29 20 essages (6.0.0) 00286630 28 75 29 00 00 00 00 00 00 00 00 00 00 00 00 00 (u)............. 00286640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00286650 00 00 00 00 F3 00 00 00 22 5B 00 00 DD A4 FF FF ........"[...... 00286660 E7 A4 CE 19 43 00 61 00 6E 00 63 00 65 00 6C 00 ....C.a.n.c.e.l. 00286670 20 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 .i.n.s.t.a.l.l. 00286680 61 00 74 00 69 00 6F 00 6E 00 00 00 53 00 65 00 a.t.i.o.n...S.e. 00286690 6C 00 65 00 63 00 74 00 20 00 61 00 63 00 74 00 l.e.c.t. .a.c.t. 002866A0 69 00 6F 00 6E 00 00 00 26 00 49 00 67 00 6E 00 i.o.n...&.I.g.n. 002866B0 6F 00 72 00 65 00 20 00 74 00 68 00 65 00 20 00 o.r.e. .t.h.e. . 002866C0 65 00 72 00 72 00 6F 00 72 00 20 00 61 00 6E 00 e.r.r.o.r. .a.n. 002866D0 64 00 20 00 63 00 6F 00 6E 00 74 00 69 00 6E 00 d. .c.o.n.t.i.n. 002866E0 75 00 65 00 00 00 26 00 54 00 72 00 79 00 20 00 u.e...&.T.r.y. . 002866F0 61 00 67 00 61 00 69 00 6E 00 00 00 26 00 41 00 a.g.a.i.n...&.A. 00286700 62 00 6F 00 75 00 74 00 20 00 53 00 65 00 74 00 b.o.u.t. .S.e.t. 00286710 75 00 70 00 2E 00 2E 00 2E 00 00 00 25 00 31 00 u.p.........%.1. 00286720 20 00 76 00 65 00 72 00 73 00 69 00 6F 00 6E 00 .v.e.r.s.i.o.n. 00286730 20 00 25 00 32 00 0D 00 0A 00 25 00 33 00 0D 00 .%.2.....%.3... 00286740 0A 00 0D 00 0A 00 25 00 31 00 20 00 68 00 6F 00 ......%.1. .h.o. 00286750 6D 00 65 00 20 00 70 00 61 00 67 00 65 00 3A 00 m.e. .p.a.g.e.:. 00286760 0D 00 0A 00 25 00 34 00 00 00 00 00 41 00 62 00 ....%.4.....A.b. 00286770 6F 00 75 00 74 00 20 00 53 00 65 00 74 00 75 00 o.u.t. .S.e.t.u. Loaded Modules (28) ----------------------------------------------------------------------------- 00400000-00695000 _iu14D2N.tmp (Crystal Dew World ), version: 51.1052.0.0 77E50000-77FF3000 ntdll.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 74F70000-75070000 hmpalert.dll (SurfRight B.V.), version: 3.8.8.889 75FD0000-760C0000 KERNEL32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76FD0000-771E4000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 769F0000-76A9F000 comdlg32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76870000-7692F000 msvcrt.dll (Microsoft Corporation), version: 7.0.19041.546 (WinBuild.160101.0800) 76440000-766C1000 combase.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 77350000-77470000 ucrtbase.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76930000-769EA000 RPCRT4.dll (Microsoft Corporation), version: 10.0.19041.630 (WinBuild.160101.0800) 761A0000-76227000 shcore.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 75D10000-75EA6000 USER32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 75FA0000-75FB8000 win32u.dll (Microsoft Corporation), version: 10.0.19041.630 (WinBuild.160101.0800) 77B60000-77B83000 GDI32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 77270000-7734A000 gdi32full.dll (Microsoft Corporation), version: 10.0.19041.572 (WinBuild.160101.0800) 76AA0000-76B1B000 msvcp_win.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 76B20000-76B65000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 77540000-77AF3000 SHELL32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 76230000-762C6000 oleaut32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 771F0000-7726A000 advapi32.dll (Microsoft Corporation), version: 10.0.19041.610 (WinBuild.160101.0800) 77D50000-77DC5000 sechost.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75EB0000-75F93000 ole32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75CE0000-75CF9000 mpr.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 741D0000-743E2000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 75BC0000-75BC8000 version.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75CC0000-75CD3000 netapi32.dll (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 75C90000-75C9B000 NETUTILS.DLL (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) 767B0000-767D5000 IMM32.DLL (Microsoft Corporation), version: 10.0.19041.546 (WinBuild.160101.0800) SHA256: 7e95c173b7b6cda0627a9c15ab6288aa026bc9481657817935242ebb42b0cbf8 Process Trace 1 D:\TMP\_iu14D2N.tmp [7468] 2020-12-08T17:38:25 "D:\TMP\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\CrystalDiskInfo\unins000.exe" /FIRSTPHASEWND=$107A8 2 C:\Program Files\CrystalDiskInfo\unins000.exe [7948] 2020-12-08T17:38:08 3 C:\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] 2020-12-08T17:37:35 "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel 4 C:\Windows\System32\svchost.exe [748] 2020-12-08T17:35:17 C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p 5 C:\Windows\System32\services.exe [884] 2020-12-08T17:35:12 6 C:\Windows\System32\wininit.exe [804] 2020-12-08T17:35:12 wininit.exe 7 C:\Windows\System32\smss.exe [548] 2020-12-08T17:35:06 5.8s \SystemRoot\System32\smss.exe 000000c0 00000084 8 C:\Windows\System32\smss.exe [468] 2020-12-08T17:35:04 \SystemRoot\System32\smss.exe Services 748 BrokerInfrastructure 748 DcomLaunch 748 Power 748 SystemEventsBroker Dropped Files 1 D:\TMP\_iu14D2N.tmp Dropped by \Device\HarddiskVolume2\Program Files\CrystalDiskInfo\unins000.exe [7948] Read by \Device\HarddiskVolume2\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1600] \Device\HarddiskVolume2\Program Files\VoodooShield\VoodooShieldService.exe [3564] \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe [3596] \Device\HarddiskVolume2\Program Files\VoodooShield\VoodooShield.exe [5596] \Device\HarddiskVolume4\TMP\_iu14D2N.tmp [7468] 1 C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LHRX104THTKRUQZ2P7LJ.temp Dropped by \Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] 2 C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f18460fded109990.customDestinations-ms~RF26ce9.TMP Dropped by \Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe [9788] Thumbprints bcd9a359b02cb7dba87ca402b5f95b7576d098975d641993836ef4dc3dbaadd2
Running W7-x64 professional hitmanpro.alert 3.8.8.build 889. Starting November 30th ( probably the day I was automatically upgraded from build 797 to build 887) I got 950 events (up till now). The events are all identical and related to file screensv.scr. VirusTotal reports no issues at all on this file. What to do? Can I ignore/suppress this event?
Should have posted this here: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-651#post-2973301