HitmanPro.ALERT Support and Discussion Thread

I'll check it out tomorrow in the office

 

I'll check it out tomorrow in the office

 

Fortnite and Battlefield 2042 seem to be incompatible with Keystroke Encryption protection. Not able to control the character/game at all, the input will be random. Running latest Windows 10 build with HMPA build 2019. Disabling Keystroke Encryption fixes the issue.

 

explorer.exe crashed while playing Battlefield. I have a .dmp file if needed.

Code:

Faulting application name: Explorer.EXE, version: 10.0.19041.5607, time stamp: 0xda344284
Faulting module name: hmpalert.dll, version: 3.20.2.2019, time stamp: 0x67ac7d7d
Exception code: 0xc0000005
Fault offset: 0x000000000002a266
Faulting process id: 0xfa4
Faulting application start time: 0x01db94ebc98c60fd
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\hmpalert.dll
Report Id: 40a11ed7-7a56-48a9-bf0f-b6b693877990
Faulting package full name:
Faulting package-relative application ID: 

No other security apps except Windows Firewall Control.

 

How are these started? e.g. Steam? and did you add them to a specific Mitigation profile? there is no global Keystroke Encryption so it looks like it's been added to the wrong template.

 

Can you share that somewhere and DM me for the link.

 

BF2042 is started via steam, then steam launches the EA Desktop app for authentication. Fortnite is started via Epic Games Launcher. I don't see any of these games as "protected" under the mitigations section.

DM sent

 

It seems HMP.A still messes with Windows start up sound on Win10.

 

After having Firefox 136.0.1 become completely unresponsive on my desktop, and 8 Gadget Pack + HiBit Uninstaller having the same unresponsiveness on my laptop I have decided to uninstall Alert once again. I never had those issues before reinstalling HMP.A.

Thank you for your time, @RonnyT .

 

Krusty, do you see this happening on Firefox when trying to print a Web page? How about at other times? FF freezes on me often when trying to print a Web page to PDF, but only in that situation.

The workaround that I've found for when that happens is to open a different browser, maximized, and then select FF again from the taskbar. (Strangely, it doesn't seem to do the trick to click on another browser if its window isn't maximized.) Then everything becomes functional again (until the unpredictable next time).

 

No, I was watching videos on YouTube when FF froze on me.

 

You'll have to tick ours off, we can't make this compatible, it's up to them to take care of keyloggers.

 

If you want to troubleshoot this my first action is going in to Risk Reduction Process protection and disable
- Unexpected system calls
- C2 Interceptor
- Hardware Breakpoint Guard
Those modules had the most changes recently.

And then see if it reproduces, if that still does, then untick all on that panel and try again, perhaps we can narrow down which feature is the root-cause.
As these are global/machine wide protections I'd advise a restart after changing settings to be on the safe side of chasing ghosts.

 

Thanks @RonnyT, that did the trick. All that was needed after disabling Keystroke Encryption was to close and then restart the Norton Browser.

Much appreciated!

 

That's the reason I stopped using HMPA in the past, because it broke Sandboxie.

Yes, I read the article about how CryptoGuard works, very impressive. Do you believe that AppCheck works about the same? It claims to offer 100% signatureless detection (Context-aware ransomware detection).

https://www.checkmal.com

 

BTW, I forgot to ask if you guys already monitored PoolParty (thread pool) process injection? It's crazy to think about how many ways there are to inject code in Windows. It's almost like M$ intentionally designed Windows to make stuff easy for malware LOL. I believe in macOS it's possible too, but at least Apple has hardened it against certain code injection methods.

https://thehackernews.com/2023/12/new-poolparty-process-injection.html

 

Are you still there Ronny? You didn't respond to my last posts.

BTW, I have a couple of questions, does HMPA's keystroke encryption work correctly on Win 11? According to the developers of SpyShelter, they can't offer keystroke encryption because of certain design changes in Win 11.

I also wonder if HMPA still offers protection agains banking trojans, see link. I remember that originally HMPA was designed to protect against banking trojans, and later it evolved into anti-exploit and anti-ransomware.

https://unit42.paloaltonetworks.com/banking-trojan-techniques/

 

Yes it does, just checked against the latest Canary.
Oh it looks like latest 24H2 does not, we'll have a look. Actually it does, but I noticed a glitch so we might need some tweaking.