HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,143
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.7 build 712 BETA

    We are currently working on integrating a new on-demand scanner into Alert and folder exclusions. In the meantime here is a maintenance build before we can turn this version into a release.

    Changelog
    • Added Volume Boot Record (VBR) filtering to WipeGuard
    • Improved Credential Theft Protection on SAM file
    • Fixed WipeGuard LBA length calculation (was too short)
    • Fixed WipeGuard detection string could be truncated in some circumstances
    • Fixed Excel VBA macro’s trigger DEP mitigation in old Office versions
    Release notes
    This version has Microsoft co-signed drivers.

    Download
    http://test.hitmanpro.com/hmpalert3b712.exe

    Please let us know how this version runs on your computer.
     
  2. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    398
    Location:
    Earth
    Thanks, Installing now :)
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,853
    Location:
    Outer space
    Installed on top of build 604 on Win7x64 with AppGuard and Outpost Firewall, so far so good :)
    Is the realtime antimalware supposed to register as AV in Windows Action Center?
     
  4. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    398
    Location:
    Earth
    After install, 712 is running very smooth, but it is still flagging HMP, this is getting very old really quick having to disable
    portions of HMP.A to run a scanner that is produced by the same company :/
    It shows the Detection, as seen here:
    HMP.A_SS.png
    And now we have new Event Log's that evaporate ? lol
    *Details section was just as empty :/
    HMP.A_Log.png
    Very strange, it does look like they tried to address the issue I guess ?
     
    Last edited: Jul 9, 2017
  5. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,393
    Location:
    South Wales, UK
    Hitting the system NOW...will feed back on any negative outcomes...but I seriously doubt it given the stability of recent beta releases, at least on my system. ;)
     
  6. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,434
    I'm interested in DeepArmor, I saw it on your signature.
    How can I have access to it?
    It looks like the home version requires a corporate email address to register for the beta.

    PD: I couldn't sent you a PM
     
  7. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    527
    Location:
    Philippines
    I noticed that Kaspersky (Internet Security) stops working after the latest beta version. This has also happened in the previous beta. But I'm not sure why it suddenly happened, because I was using both with no problems, then suddenly, Kaspersky stopped working (i.e. it won't load). Kaspersky would only load properly if HMP.A was uninstalled.


    Edit: I was able to load Kaspersky properly by disabling a certain "new" feature of HMP.A beta. But I disabled all new features, so I can't yet name which one. I'll test more later.
     
  8. Paul R

    Paul R Registered Member

    Joined:
    Aug 5, 2014
    Posts:
    58
    Location:
    Bury, Lancashire
    Ditto, it stopped loading for me yesterday afternoon after an update from Kaspersky, at first i thought it was a screwed up upgrade as when it did try to load it would open multiple copies of itself but all would be stuck on loading. i went down the malware search route & found nothing. finally this morning I uninstalled HMPA and it then loaded first time. I then loaded the latest HMPA beta and it won't start again :( (Zemana also stopped working yesterday but that seems fine now).
     
  9. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    634
    Erik, should I wait for a next hmpalert-beta Sandboxie-wise or install 712 beta nontheless?
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,441
    Location:
    USA
    Smooth upgrade from build 710 to build 712; system working fine after reboot :thumb:
     
  11. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,285
    After installing of Build 712 i can see that the Number of Alerts are still the same and events can be seen in the Windows Event Viewer (Event-ID: 911)
    Nothing has changed :cautious:
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,214
    Location:
    The Netherlands
    About WipeGuard, what malware uses modification of the VBR? About the Credential Guard, why not make it protect password files from browsers and other popular apps that are stored on disk and registry? Outpost Firewall offered this feature in the past. BTW, congrats on the deal you made with ING Bank, I read HMPA will replace Trusteer Rapport. :thumb:
     
  13. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    398
    Location:
    Earth
    I ran the scan again and this time it produced a log that is readable:
    Here you can see that the alert count has advanced:
    HMP.A_2.png
    Here is the same issue with HMP:

    - EventData

    C:\Program Files\HitmanPro\HitmanPro.exe
    CredGuard
    Mitigation CredGuard Platform 10.0.15063/x64 v712 06_1a PID 4224 Application C:\Program Files\HitmanPro\HitmanPro.exe Description HitmanPro 3.7.20 \REGISTRY\MACHINE\SAM\SAM\ Process Trace 1 C:\Program Files\HitmanPro\HitmanPro.exe [4224] "C:\Program Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet 2 C:\Program Files\HitmanPro\hmpsched.exe [4688] "C:\Program Files\HitmanPro\hmpsched.exe" /user 3 C:\Program Files\HitmanPro\hmpsched.exe [1872] 4 C:\Windows\System32\services.exe [828] 5 C:\Windows\System32\wininit.exe [724] wininit.exe Thumbprint 507525fb897224310157d8ab8d48fb8ccac4dd2de5999cf03973c056753e7f44
    ================================================================
    Mitigation CredGuard

    Platform 10.0.15063/x64 v712 06_1a
    PID 4224
    Application C:\Program Files\HitmanPro\HitmanPro.exe
    Description HitmanPro 3.7.20

    \REGISTRY\MACHINE\SAM\SAM\

    Process Trace
    1 C:\Program Files\HitmanPro\HitmanPro.exe [4224]
    "C:\Program Files\HitmanPro\HitmanPro.exe" /scan:boot /quiet
    2 C:\Program Files\HitmanPro\hmpsched.exe [4688]
    "C:\Program Files\HitmanPro\hmpsched.exe" /user
    3 C:\Program Files\HitmanPro\hmpsched.exe [1872]
    4 C:\Windows\System32\services.exe [828]
    5 C:\Windows\System32\wininit.exe [724]
    wininit.exe
    Thumbprint
    507525fb897224310157d8ab8d48fb8ccac4dd2de5999cf03973c056753e7f44

    July 10th again:
    HMP.A_SS03.png
     
    Last edited: Jul 10, 2017
  14. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    398
    Location:
    Earth
    It takes them a while to respond, there is quite the list for the trial.
    Sorry for the issue with PM'ing me, I have it restricted.
    This is not the DeepArmor thread so I can't explain further out of respect for Eric & Mark
     
  15. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    527
    Location:
    Philippines
    I think I found the culprit. It's DLL Hijacking mitigation found under Process Protection. Please try to uncheck it, and see whether Kaspersky opens up fine afterwards.
     
  16. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    463
    Location:
    The Netherlands
    This version works great on my laptop, no problems to report.
    Are there any known conflicts with Emsisoft Internet Security?
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    Installed on top of previous version , same alert mentioned by @_CyberGhosT_
     
  18. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    805
    Location:
    Da mean streets of Brooklyn
    Installed 712 over 604, the scanner downloads and installs fine seeing as I have it downloaded separately but now cannot double click on the "scan" tile to initiate the scan nor call up the separate scanner interface. You have to take the tile's word for it that's it's complete and no bad stuff was found. I am, however, dimly grateful that SecureBoot didn't need to be disabled this time (I hate doing that).

    Screenshot (8).png
     
  19. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,171
    Location:
    USA
    No problems so far on Windows 7 x64. Still get heapspray alert when going to flickr.com (in Firefox but not IE).
     
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,441
    Location:
    USA
    In my experience the HitmanPro trayicon loads during the scan and you can call up the HitmanPro UI from there if you wish. But if you want the UI generally it would make sense to install and initiate the scan from HitmanPro
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,659
    Hi Erik

    In regards to the SAM issue. It is still broken. I tested with IFW in a VM, and against Macrium on my host. Macrium failed. HMPA is still locking the SAM file and keeping VSS from getting a lock.

    Also Please see PM.

    Thanks,

    Pete
     
  22. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    805
    Location:
    Da mean streets of Brooklyn
    Understood. :)

    Since it was convenient to click once on tile to start scan and then once again to look at the interface, I went back to 604. I want to see if any tracking cookies slipped under the radar. :)
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,659
    I don't see any difference in scanning. I click scan, it downloads the scanner, and I double click the new HMP Pro icon and the scanner opens
     
  24. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    805
    Location:
    Da mean streets of Brooklyn
    OK, then it's something goofy on this machine as usual. I uninstalled 712, installed 604 and right away, the one-click scanning was working. Maybe it's because I have the additional HMP subscription scanner? Guess I'll wait until developers finish overhauling the anti-malware, then try again.
     
  25. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,285
    After initiating the scan within HMP.A, a tray icon appears (HitmanPro). After double-clicking it, i have access to the GUI of HitmanPro ("Scanning your computer")