HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
    Thanks for the new build :thumb:

    Now that Windows 10 Fall Creators Update has been released it would be good to know what to do with the new Exploit Guard (integrated EMET features). I'm assuming we should turn off all of the mitigations in Exploit Guard, but it would be good to hear from you and Erik about it.
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,436
    Location:
    Under a bushel ...
  3. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    Is 718 compatible with Windows 1709?

    Does it no longer block Windows updates?
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Still can't image with Credential protection on. The imaging process fails because of the SAM file being protected. Having it write to the event log doesn't help.

    Pete
     
  5. plat1098

    plat1098 Guest

    Windows 10 16299.19/Alert 718 beta. Still can't get the Block Untrusted Fonts to stay enabled after closing the interface. It is cleanly installed. On the other hand, dism and sfc complete normally now, so that issue was a prob w/machine. Doesn't look to be a startup/shutdown issue with VoodooShield 4.08 beta either. :)
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    HitmanPro.Alert build 604, the current public non-beta, is compatible with Fall Creators Update (1709).
    Build 718 of HMPA is also compatible with Windows 10 Fall Creators Update (1709). It is even compatible with Exploit Guard introduced with Fall Creators Update. If you applied Windows 10 exploit protection to applications also protected by HMPA, the 'payload restrictions' from Windows 10 are unloaded by HMPA and the mitigations offered by HMPA are applied instead. Note that most exploit mitigations offered by HMPA are actually more comprehensive and faster than the exploit protection introduced with Windows 10 build 1709.
     
  7. plat1098

    plat1098 Guest

    Thanks @markloman, based on your statements, it doesn't seem logical to have both enabled at the same time. So, Defender's mitigations will remain disabled here for now.

    Since my post above might get overlooked, here is one of several entries in Event Viewer regarding Block Untrusted Fonts. Again, Alert 7.18 beta was installed after all ProgramData files were deleted.

    alert buf disable.PNG
    alert buf disable 2.PNG
     
  8. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    Thank you for confirming this Mark!

    What about the Windows Updates being blocked for months?

    (I will install this beta and see what happens)
     
  9. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    HMPA 3.7.0 build 318 still does not like HMP 3.7.20 that it started itself...

    Code:
    Mitigation   CredGuard
    
    Platform     10.0.16299/x64 v718 06_17*
    PID          8656
    Application  C:\Program Files\HitmanPro\HitmanPro.exe
    Description  HitmanPro 3.7.20
    
    \REGISTRY\MACHINE\SAM\
     
  10. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,131
    Had to uninstall because this error was popping up every few seconds when running Firefox 56.0.1 (64-bit) and a beta version of 1Password:

    Code:
    1Password.NativeMessagingHost has stopped working
    1Password runs fine with HMP.A uninstalled.
     
  11. Sand

    Sand Registered Member

    Joined:
    Apr 28, 2016
    Posts:
    26
    Starting from this build, "718" I cannot start AdguardSvc.exe, error code 0x000000005, suggesting there is some .dll injection inside that, that prevent to start the service.
    Same thing with SimpleDNSCrypt I cannot start it.

    Revert back to previous build "717", both work fine.

    https://github.com/AdguardTeam/AdguardForWindows/issues/1974

    Also there are problems in both builds "717" and "718" on doing usb unmount.
     
    Last edited: Oct 18, 2017
  12. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Well thanks for letting me try it out.
    Games that Uplay launch (FarCry 3,4 and probably 5 are unplayable. Reported over 4 months ago.
    Moving on.
     
  13. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    484
    Location:
    USA
    Beta 718 - Mailwasher Pro and IaStorIcon will not start. System errors, no HMPA errors. Tried disabling mitigations and risk reduction factors, no joy. Rolled back to 717.
     
  14. M_G_H

    M_G_H Registered Member

    Joined:
    Sep 3, 2007
    Posts:
    27
    Same as focus, IaStorIcon won't start and Webroot Filtering Extension in all browsers not working. Rolled back to 717 as well.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,436
    Location:
    Under a bushel ...
    Thanks for this. :thumb: But looks best to hold off on build 718.
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    No problems installing 718 beta.

    Win10 1709 build 16299.19 x64/Norton Security v22.11.0.41
     
  17. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    This should no longer be the case if you have renamed/deleted the excalibur.db
    If anyone still has this issue and has not applied the workaround please raise it again.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,436
    Location:
    Under a bushel ...
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,345
    Location:
    the Netherlands
    May I hope a workaround will not be required when later the HitmanPro.Alert 3.7 release version is issued?
    A workaround is OK for a beta, but when the release version is issued there should be no workaround required.
     
  20. plat1098

    plat1098 Guest

    I apologize if this was an issue previously discussed. Here is a mitigation alert involving HitmanPro scanner:

    CredGuard miti.PNG

    Should Credential Theft Protection remain disabled on the beta? Windows 10 16299.19/Alert 718 beta
     
  21. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    HitmanPro.Alert 3.7.0 build 719 BETA

    Fixes ( compared to build 718 )
    • Solved compatibility issue with certain .NET applications (incl. AdGuard and SimpleDNSCrypt).
    Download
    • No longer available due to bug found
    This build has drivers co-signed by Microsoft, thus runs on machines with Secure Boot enabled as well.

    Please let us know how this version runs on your machine :thumb:
     
    Last edited: Oct 20, 2017
  22. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    This should not occur. Could you try again?
     
  23. plat1098

    plat1098 Guest

    Hello @markloman. First installed the Alert 719, then ran HitmanPro from within- and outside of- Alert interface and this is perfect now. :)

    Residual issue is still a failure to enable Block Untrusted Fonts from both machines, each running release and beta respectively and sharing nothing in common via networking. This is partially resolved with machine running Windows 10 Pro as it's now enabled in the OS via group policy. Thanks!

    Hmpa 719 BUF.jpg
     
  24. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Beware that the Block Untrusted Fonts feature of Windows 10 (used by HitmanPro.Alert) become deprecated. More details here: https://blogs.technet.microsoft.com...dropping-the-untrusted-font-blocking-setting/
    We will be removing this specific feature from HitmanPro.Alert soon.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yes if you do any imaging. It will break the image.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.