HitmanPro.Alert BETA

I run PeaZip x64 with all my versions of HMP.A and have not experienced any issues or alerts, you may want to refresh windows maybe ?


Have you tried clicking on the "Exploit Mitigation" blue window, then clicking on "Applications" and adding those installers to Exclusions using the + on the far right of the window after you click on Applications ?

 

Try resetting the settings.

 

Should I uninstall CTP1 before installing CTP2, or can I install 2 over 1?

 

@subhrobhandari,
First, try resetting the settings, as Erik says.
If that doesn't help for MPC-BE, try what _CyberGhosT_ said, add the MPC-BE exe to HMPA's exclusions.
I'm not testing HMPA CTP2, but your MPC-BE issue looks to be the same as for HMPA stable and MPC-HC.
With MPC-HC, adding the the MPC-HC exe to HMPA's exclusions resolves the issue. This may be the same for MPC-BE.

 

ok, installed, and at the moment:

- if Sandoxie processes are excluded , no issues.
- i don't have issues with HMP , and in case of, i added it to exclusion.

 

@Cutting_Edgetech don't forget to add Appguard processes to HMPA exclusions.

 

I'll wait for for the next beta because of the Sandboxie false positives.

 

add sandboxie processes to exclusions , Sbie works fine on my system with this build.

 

Could not resist and installed CTP2.

I'll exclude Sandboxie. Thanks for info.

The problem with KmdUtil.exe during a Sandboxie-install and CTP1: FIXED.

 

In my opinion, you should only exclude security apps if it's actually needed. Remember that Erik is looking for incompatibilities with other security software. If you exclude those software, then certain incompatibilities may not be discovered. Therefore, it's best to only exclude anything if it's known already that they're currently incompatible.

Also, with Media Player Classic (the original, but maybe applicable to the other one), you have to disable Credential Theft Protection (CredGuard). I already reported this to Erik in PM with CTP1, but I guess this hasn't looked into yet.

So far, so good in mine, except with MPC-HC.

My signature reflects my basic config.

 

Flagged up a mitigation against HMP just now


Log Name: Application
Source: HitmanPro.Alert
Date: 31/05/2017 08:55:26
Event ID: 911
Task Category: Mitigation
Level: Error
Keywords: Classic
User: N/A
Computer: xxx-Dell
Description:
Mitigation CredGuard

Platform 6.1.7601/x64 v708 06_2a
PID 3128
Application C:\Program Files\HitmanPro\HitmanPro.exe
Description HitmanPro 3.7.20

\REGISTRY\MACHINE\SAM\SAM\

Process Trace
1 C:\Program Files\HitmanPro\HitmanPro.exe [3128]
"C:\Program Files\HitmanPro\HitmanPro.exe" /updated:"C:\Users\xxx\AppData\Local\Temp\HitmanPro.exe" /scan /quiet
2 C:\Users\xxxx\AppData\Local\Temp\HitmanPro.exe [1376]
"C:\Users\xxx\AppData\Local\Temp\HitmanPro.exe" /update:"C:\Program Files\HitmanPro\HitmanPro.exe" /scan /quiet
3 C:\Program Files\HitmanPro\HitmanPro.exe [4480]
"C:\Program Files\HitmanPro\HitmanPro.exe" /scan /quiet

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="HitmanPro.Alert" />
<EventID Qualifiers="0">911</EventID>
<Level>2</Level>
<Task>9</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-05-31T07:55:26.000000000Z" />
<EventRecordID>529734</EventRecordID>
<Channel>Application</Channel>
<Computer>xxx-Dell</Computer>
<Security />
</System>
<EventData>
<Data>C:\Program Files\HitmanPro\HitmanPro.exe</Data>
<Data>CredGuard</Data>
<Data>Mitigation CredGuard

Platform 6.1.7601/x64 v708 06_2a
PID 3128
Application C:\Program Files\HitmanPro\HitmanPro.exe
Description HitmanPro 3.7.20

\REGISTRY\MACHINE\SAM\SAM\

Process Trace
1 C:\Program Files\HitmanPro\HitmanPro.exe [3128]
"C:\Program Files\HitmanPro\HitmanPro.exe" /updated:"C:\Users\xxx\AppData\Local\Temp\HitmanPro.exe" /scan /quiet
2 C:\Users\xxx\AppData\Local\Temp\HitmanPro.exe [1376]
"C:\Users\xxx\AppData\Local\Temp\HitmanPro.exe" /update:"C:\Program Files\HitmanPro\HitmanPro.exe" /scan /quiet
3 C:\Program Files\HitmanPro\HitmanPro.exe [4480]
"C:\Program Files\HitmanPro\HitmanPro.exe" /scan /quiet
</Data>
</EventData>
</Event>

 

Macrium reflect/HMP (scanner) protected apps??

Can i ask you what are the other items?

 

Wow, here look:

If your referring to my list, yes for CPT1 I had to add those at first install, I haven't edited that yet for CPT2 on that hard drive, my other has just VS and DeepArmor installed, the one in the screen shot has EmsiSoft and VS on it. I will try to get the VS & DeepArmor clone done this weekend and clean up my exclusions lol

 

so, are these exclusions or protected apps??

 

Exclusions, and protected both they are all listed in that same window, they don't separate the two for some reason, and yes it looks confusing.
I hope they do something about that

 

+1!!

why?

 

a lot of cosmetic changes must still be made!!
C'on Erik!!!, try to grab some hours to make these changes as well (audit mode and so long)...

 

It was reacting to the HMP scan, and with the rest like Macrium I could not take the chance
of a reaction seeing it would interfere with my cloning process, and adding EmsiSoft was just
flat out a good idea to ensure they play nice together.

 

same window but separated by a thin vertical line. with "exclude" written.

 

I don't know if there are better ways to represent these differences but certainly ATM the GUI is not the best!

 

i agree lol

1- exclusions and protection should be in different windows
2- why horizontal scrolling instead of vertical...

 

by the way, do some of you observed a slowdown for displaying items on opening windows via explorer or application?

 

eg of "cosmetic" changes:

- Alert is in audit mode ► tray icon must change
- Protected/excluded apps must be splitted
- if an app has relaxed mitigations, the interface must show it (the same for system wide mitigations like CryptoGuard)
- running applications tab must show a protected app even if it does not have an active/open window
- benefits and advantage (main GUI) must be suppressed in favor of more useful info

....

 

What do you mean by "relaxed" mitigations?
Do you mean disabled mitigations?

 

yes (eg DEP..)

Am i wrong??


** fell free to put it in proper english if i'm not enough clear