HitmanPro.ALERT Support and Discussion Thread

I've noticed that issue often, but not every time, when I have a protected browser window open such as Firefox. If I open another application dialog window over top of Firefox, even the Windows search bar, then any text that I type gets scrambled.

The workaround for me is to minimize the browser. Then other text entry returns to normal. Weird behavior that probably shouldn't happen, but I've gotten used to it.

 

I often get (and have reported) scrambled text while typing in Windows Search.

 

Hi All,

We've just released a new BETA release 3.8.23.951
On behalf of Team HitmanPro(Alert) we wish you Happy Holidays! and a healthy 2023.

 

Happy what?

 

HOLIDAYS!

 

License giveaway on malwaretips:
https://malwaretips.com/competition...-advanced-malware-and-ransomware-protection.7

 

Best wishes to everyone.

Instalt HitmanPro.Alert Version 3.8.23 build 951, Beta
No problems

Windows 11 Pro Version 22H2

 

I'm getting a false positive on the newly released game Monster Hunter Rise from the Xbox Gamepass store. I can't seem to add an exclusion either because it's a game from the Microsoft Store and it doesn't let me access it. This is what I get:

 

Not really HMPA in my opinion is not tested properly to defend against exploits and some apps can slip trough easy without being detected. I was back and forth with Ronny email -tech support of HMPA 2018- 2019-2020 over the fact that on my Win 7 HMPA will flag War Thundergame as using ROP on my PC, never confirmed is a FP or not, also the fact that even WT game was mitigated as other will avoid mitigation and appear as unprotected when was starting.

Later on Win 10 Pro same story only this time Immersive ctrl panel in win 10 gets corrupted along with cryptographic service by the game I suppose cause was the most intrusive and shady app I ever run on my PC.
Later on Win 10 2019 LTSC - this windows installation still works and wasn't corrupted to the state of be unusable as previous win7 and win 10 but, not because HMPA. Still Cryptographic Service got corrupted about 6 times. Running ESET along with HMPA.

All this time my PC wasn't protected by HMPA alone but, always was associated with Comodo, KIS and now ESET. Even the picture bellow is from 2021. WT behave the same in 2022 with 926 or 943 build.

 

I must say that I didn't fully understand your post. Are you saying that you don't believe that HMPA is capable to protect against exploits? Or did it perhaps cause problems with legitimate apps? The post of me that you qouted was basically about me wanting to see HMPA being tested against the latest exploit techniques. MRG Effitas does test AV's against fileless malware that might be launched via exploits, and most AV's do block them.

 

Yes HMPA can't protect against exploits. WT is a game and uses ROP on client side maybe JOP as well. ROP (returned oriented programming) = exploit.
In HMPA previous testing maybe was just a small bracket of exploits. Gaming now days is full of exploits and I am not talking about small shady developers.

Cause if that game didn't use ROP or other exploits how could corrupt so many installs of win 7 and win10 leaving no traces or infections??
In windows 10 Pro corrupted Cryptographic Service and than Immersive Ctrl Panel rendering the Win 10 Pro unusable. You have to bare in mind this was under the protection of HMPA and KIS, also rules in KIS to restrict this game to do modifications over system or registry - yet all in vain.
HMPA is not capable of protecting against ROP and other threats.
Another example my wife laptop gets corrupted under HMPA protection + win Defender. Disruptive infection >>CPU gen 8 I5 gets 100% usage, my wife can't use the laptop not even office. Autoruns by sysinternals clean. Several scans with HMPA - false reports my computer is clean.
Gate: Brave browser memory allocation I believe
After 7-10 days of trying to intercept and clean, decided to download Malwarebytes. MBW catches at first scan 7 infections, disinfect and all went back to normal, except HMPA went to rush an self update. Sept '21
Conclusion:
HMPA can't even defend a browser never mind a game or a more sophisticated apps.
Here is the report of Malwarebytes scan for who is interested.

 

That is a pretty bold statement. I think you might be misunderstanding. Keep in mind that HMPA can sometimes produce false positives with certain software, because they might trigger activity similar to how exploits would work. So what you are experiencing most likely doesn't say anything about HMPA's capabilities to block exploit attacks. And keep in mind that HMPA might cause compatibility problems when combined with tools like Comodo, Kaspersky and Malwarebytes because they also try to block exploits.

 

My wife laptop was defended by HMPA only and her browser was hijacked, is that a FP to? Malwarebytes was installed only cause HMPA couldn't deal with the infection. But maybe that infection was just a "field test" for HMPA or Sophos.

Bold or not my statement comes from some years of experience and experiments on 3 types of windows.
If HMPA can't detect when a game is launched and how, what do you expect in terms of detection? Maybe HMPA doesn't want anything to do with the game industry or the threats coming from, well they should say so.

 

1. What "Hijacked" your wife's browser, what did Malwarebytes detect....PUP's?
2. What threats from the game industry are you referring to? HMPA certainly should not detect a game launching. It's a second opinion tool that should detect malware/exploits/ransomeware etc, that our anti-virus does not detect.

 

Those infections "PUP" as you called them made that laptop unusable, with CPU going at 90-100 % usage and fans on maximum RPM to cool it down and the fans noise that comes with. I wouldn't call 3 modifications in Task Cache PUP. Would you? Malwarebytes cleaned those "insignificant PUP" and brought back the laptop to proper working state which HMPA failed miserably to do that over several days. That's my experience if you like it or not.
2. When you mitigate a game or application as Other in HMPA tab, HMPA should detect that application when is launching in order to defend your machine from exploits and malware.

 

I think I understand you a bit better now. But if your wife's browser was hacked, it was most likely downloaded by your wife. While HMPA is focused on blocking automated attacks. It won't stop malware from being downloaded by the user themselves. It's up to your real time AV to block this.

OK I see, so you're saying that HMPA didn't properly detect the videogame that you was trying to protect. But is it even necessary to protect a videogame against exploits? Normally, I would protect browsers, video players and document readers.

 

Where did i say "insignificant"? But, yes if it wasn't malware it should not detect it, i stand by that 100%.

The AV did not detect it either, which it of course shouldn't if it's not malware. I have Malwarebytes as well and yes it detects annoyances and just like an app like CCleaner removes stuff thats annoying that does not mean i think McAfee, Norton, Kaspersky etc or HitmanPro failed me because it did not detect what i find annoying.

 

Some additional efficacy testing would be really nice. The last one was from a long long time ago.

 

I agree, as a long time subscriber to HMPA & HMP. That would be really nice!

But in my case, I don't DEPEND on HMPA for my security. It's just another layer in my defenses. I think my security practices and other software would keep me safe on the net without it.

If HMPA doesn't seem to ever catch anything but false positives, similar to my AV, that's a hopeful indication that my other security practices working.

Like being careful (paranoid) of what I click on, not opening suspicious emails and attachments, and checking all executables at VirusTotal before running them for the first time. I image my system daily and I also run a couple of other on-demand scanners besides HMP on a weekly basis. So if anything is ever discovered, rollback is child's play!

 

Well, to answer my own question, some games can apparently also be exploited, see over here:

https://www.wilderssecurity.com/thr...h-high-severity-flaw-a-hacker-pounced.450451/

 

I recently checked on my HMPA renewal via the Activation Status link in the GUI to "Renew License, go to the online store". Cleverbridge is currently offering a 15% discount on 1 or 3 year renewals. Don't know if that is an ongoing offer or a special deal...

You can purchase anytime and keep the new product key ready for use when your subscription expires.

Note: Do not activate a new product key if you still have remaining days on an active existing license.
Remaining days on an older active license will not be added to the new license.

 

For those running Bitdefender and Alert there seems to be an update from Bitdefender that is causing issues in combination with HitmanPro.Alert.
After the logon screen you get a black window and the desktop won't load, if that's the case then the below steps should get you back up and running until we figure out what's going on here.

https://hitmanpro.zendesk.com/hc/en...-latest-Bitdefender-Update-build-26-0-33-139-

 

I encountered this issue after upgrading to BitDefender Total Security version 26.0.33.139 this weekend. The link you provide only adds an exclusion for explorer.exe, which would at least allow a user to login and get a normal Windows desktop. This same issue also impacts other applications. I tested and know that these apps also crash: notepad.exe, wordpad.exe.

I have since found that Exploit mitigation needed to be disabled for these apps to work on my Windows: Acrobat, Tracker Software PDF-XChange Editor (PDFXEdit). Yet other applications were ok e.g. various browsers.

 

For the HMPA/BitDefender app crashing issue, also need to disable HMPA Exploit mitigations for "Pick an app 10" aka openwith executable. Otherwise double-clicking a e.g. PDF file in Explorer will not open the file in your default PDF application.

 

Wow sounds quite bad. So perhaps it's a good idea to always add explorer.exe to the exclusions? And what about whitelisting Bitdefender, would this have helped? To clarify, I don't even know if it's possible to whitelist software, probably not. But this whitelisting feature has been often requested, because HMPA will still alert about Sandboxie for example. This is definitely a weak spot of HMPA, I wouldn't be amused at all if I couldn't login to Windows.