HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Lots of failures here:
    • Update failed
    • Uninstall failed (succeeded after yet another reboot)
    • Install failed
    • Program is locked
    • Product key (valid for 1 more month) is not accepted: "A generic error occurred"
    So I'm currently without HitmanPro.Alert protection :'(
     
  2. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    Auto update went well on my machine.
     
  3. Petteroes

    Petteroes Registered Member

    Joined:
    Apr 21, 2021
    Posts:
    1
    Location:
    Norway
    Updated with no problems
     
  4. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Received the auto update the day of release and rebooted a couple of days later. No issues have popped up.
     
  5. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022)

    My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a boot loop after the install of Microsoft update KB5013943 released on May 10th 2022.

    What to do

    Option 1
    Let the system BSOD and auto restart
    After 3 times, you are presented with Advanced repair options button
    Select Advanced repair options to enter winRE
    Select Troubleshoot > Advanced options > Command Prompt
    Type C:
    Hit Enter
    Type cd \windows\system32\drivers
    Hit Enter
    Type ren hmpalert.sys hmpalert.old
    Hit Enter
    Type Exit
    The system should boot normally after renaming the hmpalert.sys driver

    Option 2
    Let the system BSOD and auto restart
    After 3 times, you are presented with Advanced repair options button
    Select Advanced repair options
    Select Troubleshoot > Advanced options > Uninstall Updates
    Choose Uninstall latest feature update (KB5013943)

    FAQ
     
    Last edited: May 16, 2022
  6. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Do you have the same issues when installing build 923?
    (download link in my signature).
     
  7. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    That issue is gone.

    However, on a Windows 11 PC of a family member, which is already running 3.8.19.923, I have now have the KB5013943 issue you posted above. I have uninstalled HitmanPro.Alert and HitmanPro and will try to update Windows again.

    I gifted a license to this family member (purchased that during a Black Friday some time ago) and it was about to expire in 2 weeks anyway. I was in doubt whether to renew, but don't think I will on this PC. Unfortunately the program has caused more troubles than it prevented... (more than once)

    I would like to continue testing on my own (Windows 10) PC (still have a test license for that).
     
    Last edited: May 16, 2022
  8. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Yes, KB5013943 installs fine with HitmanPro.Alert uninstalled...
     
  9. Kaedehara Kazuha

    Kaedehara Kazuha Registered Member

    Joined:
    Apr 25, 2022
    Posts:
    5
    Location:
    Cyberspace
    https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-82#post-3079410
     
  10. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    The product does what it's designed for it blocks LoLBins abused by malware e.g. cscript and powershell executions.
    In this case I can't judge what it's trying to do as I don't have access to the script it's trying to execute, the name suggests something that would enumerate installed fonts but it's just a name of the file (code could do something totally different).

    Did the epub load in the end? it could be it just works but not with the desired font?
    Does it trigger these with all epubs? or just specific this one?

    The Electron app is not registered as browser and/or handler to open e.g. html so for that the extensions that it does register match Office.
    There is nothing holding you back to remove this application from the Office profile and add it to the browsers one would you prefer to (though i would keep it under office).

    Should you decide you want to allow these actions you can use the below steps:
    To be able to allow this please open HitmanPro.Alert -> Click on "Last event" find the offending alert(s) -> Action -> Suppress Alert
    Make sure all offending alerts for the detected application now have the "Suppressed" message behind them and you should be good to go!
     
  11. Kaedehara Kazuha

    Kaedehara Kazuha Registered Member

    Joined:
    Apr 25, 2022
    Posts:
    5
    Location:
    Cyberspace
    All epubs trigger these.
    After that Koodo Reader just shows a blank window.

    And I found that opening Koodo Reader directly (instead of opening the epub file) also triggers a similar alert.

    Maybe it has something to do with the system language (Simplified Chinese) I use.
     
  12. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
  13. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    If you trust the application/vendor then it seems fine to whitelist/suppress the alerts so you can use the reader (if only one epub triggered that would have been suspicious)
     
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.8.21 Build 945 Release Candidate

    Changelog (compared to 943)
    • Improved Syscall
    • Improved WipeGuard
    • Improved CryptoGuard5
    • Improved HollowProcess
    • Improved ROP detection on crashing processes
    • Improved HeapHeapHooray also covers powershell_ise now
    • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
    • Several other changes under the hood
    Download
    https://dl.surfright.nl/hmpalert3b945.exe

    Please let us know how this version runs on your machine, thanks! :thumb:
     
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 945 RC.
     
  16. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
    All good upgrade from build 943 to 945.
    Thank you! :thumb:
     
  17. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    41
    Location:
    internet
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    All good so far, Win 10.
     
  19. Craven

    Craven Registered Member

    Joined:
    Sep 7, 2020
    Posts:
    4
    Location:
    Germany
    Installed on Friday, no problems so far.
     
  20. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Running fine here. Rebooted yesterday.
     
  21. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    Manually updated to HitmanPro.Alert 3.8.21 Build 945 no problems.

    Windows 11 Pro versie 21H2 22000.739
     
  22. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I cannot run Sandboxie Plus. What can I do? Version: HitmanPro.Alert 3.8.21 Build 945

    2022-06-29_101233.jpg 2022-06-29_085419.jpg 2022-06-29_085447.jpg 2022-06-29_085535.jpg 2022-06-29_085614.jpg 2022-06-29_090651.jpg
    2022-06-29_085419.jpg 2022-06-29_085447.jpg
     
    Last edited: Jun 29, 2022
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    @feerf56

    You should revert back to Sandboxie Plus v1.1.3 for now because v1.2.0 is still an experimental version.
     
  24. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    @feerf56

    Or if you want to use Sandboxie Plus 1.2.0 untick Local Privilege Mitigation in HmP.Alert.

    1.JPG
     
  25. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Thanks, I chose this one.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.