HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Well for once I am very happy to still be running a 3rd gen (Ivy Bridge) Intel Core chipset!!! Cheers!!! :shifty:

     
  2. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    The way I read this, since the ME runs its own CPU and operating system completely outside the view of the computers host OS, it would be very hard to stop, short of re-flashing the chipset on the motherboard.

    So until we know more, it sounds like mitigating this from within Windows may not be possible. Although I will continue to hold out hope that the Lomans can figure out a way to stop it!!! :thumb:
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,949
    Location:
    Outer space
    Yes, once the ME is compromised, all bets are off. I was just wondering if it would be possible to migitate against it from getting compromised in the first place. Though it looks like that may not be possible either.
     
  4. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    479
    Location:
    Hengelo
  5. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    38
    Location:
    Taiwan
    Waiting for long time , i had also sharing this discount information at other forum :thumb:

    P.S:
    I got some member in other forum send a private message to me ,
    tell me that he using HMPA for trial version a month ago ,
    there is some issue and false alert happen ,
    unfortunately English isn't his main language(me too) ,
    did SurfRight customer service support Chinese language ?

    My English is basic , it's very hard to explain some technology issue detail exactly . :gack:
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    479
    Location:
    Hengelo
    We are native Dutch speakers but also proficient in English and German. For other languages we use Google Translate and Deepl
     
  7. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    38
    Location:
    Taiwan
    Thank you :)
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,582
    Location:
    USA
  9. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    80
    Location:
    Netherlands
    Not that I know of. Just wait and activate your license when the other one runs out.
     
  10. Mr Humphries

    Mr Humphries Registered Member

    Joined:
    Dec 3, 2016
    Posts:
    3
    Location:
    Australia
    I just bought another year's worth, entered the key into Alert and it extended the existing subscription.
     
  11. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    52
    I have been running build 723 (auto-updated from build 604) since November 22 with all features enabled, and I have not had one single issue or alert and nothing in the Event Viewer. As a matter of fact, I had an issue under build 604 that I didn't even know was related to HMP.A but was resolved after upgarding to build 723: The VPN feature in Opera could not connect when launched from a Comodo sandbox, but worked fine outside of the sandbox.

    On another note, after upgrading to build 723, I decided to test it but running through all of the tests available in Sophos Tester. All tests were run using the Dummy target. HMP.A popped up to block all of the attacks except for one:

    Safe Browsing > WinINet hijack:

    Attack : WinINet
    Time : 2017-11-26 10:22:27
    Computer: IOPCC10
    Platform: Windows 10 Home (64-bit)
    Target : Sophos Tester 3.2 (SophosTester.exe)

    Initializing ...
    Process created (PID 7444)
    Target received exploit.
    Target executing exploit ...
    Executing ...
    Wininet functions detoured. Waiting ...
    Result: Exploit succeeded
     
  12. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    577
    Unable to reproduce on another system...
     
  13. RonnyT

    RonnyT Registered Member

    Joined:
    Aug 9, 2016
    Posts:
    27
    Location:
    Planet Earth
    Hi HempOil,

    This test is not applicable on x64 platform, on x86 you need to select a browser instead of dummy and then run the test.
    This should result in a Intruder alert and a red border around your browser.
     
  14. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Mendeley Desktop is supposed to be automatically added.
    This happened after a manual update.

    Mitigation Lockdown

    Platform 10.0.16299/x64 v723 06_3d
    PID 1532
    Application C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe
    Description MendeleyDesktop 1.17.12

    Filename C:\Program Files (x86)\Mendeley Desktop\MendeleyWordPlugin.exe
    Created By C:\Users\*\AppData\Local\Temp\mendeleyDesktopUpdateDownload\up.tmp\Updater.exe

    Command line:
    "C:\Program Files (x86)\Mendeley Desktop\MendeleyWordPlugin.exe" --user-regserver

    Process Trace
    1 C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe [1532]
    2 C:\Windows\explorer.exe [10004]
    3 C:\Windows\System32\userinit.exe [14968]
    4 C:\Windows\System32\winlogon.exe [10804]
    C:\WINDOWS\System32\WinLogon.exe -SpecialSession
    5 C:\Windows\System32\smss.exe [5680]
    \SystemRoot\System32\smss.exe 000000a8 00000084 C:\WINDOWS\System32\WinLogon.exe -SpecialSession

    Thumbprint
    1e429f52ebbb3c5f1e3e4716adf0a7351677ecb20d633bf25a643334edc2df09
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,057
    Untick "Application Lockdown" in the mitigation properties of "Mendeley Desktop".
    Then try to update it again.

    (after getting the Mitigation Lockdown, HMP.A has locked the file "C:\Users\*\AppData\Local\Temp\mendeleyDesktopUpdateDownload\up.tmp\Updater.exe" and unticking Application Lockdown doesn't help at this moment.
    Before updating of Mendeley Desktop try to restart the service of HMP.A or reboot, now HMP.A has released the lock and the update should work)
     
  16. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks!

    Yeah, I did that after I got the block. I, then, restarted the laptop. It's okay now. :)
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,057
    Ok, fine :thumb:
     
  18. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    52
    Oh, OK Ronnie. Thanks for clarifying.

    I should mention that I did get an alert today. I have Credential Theft Protection enabled with the Security Account Manager option checked. It seems that my Comodo Internet Security suite (which includes antivirus) attempts to access the SAM when performing an antivirus scan. I would imagine that this could be a common alert amongst multiple antivirus vendors now that HMP.A protects the SAM. Here is the mitigation message that HMP.A generated:

    Mitigation CredGuard

    Platform 10.0.16299/x64 v723 06_2a
    PID 12148
    Application C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    Description COMODO Internet Security 10.0.2

    SAM access denied.

    Range = LBA 4786216 :56
    Read = LBA 4786256 :8

    Process Trace
    1 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe [12148]
    "C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvScanner -Embedding
    2 C:\Windows\System32\svchost.exe [744]
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
    3 C:\Windows\System32\services.exe [804]

    Thumbprint
    0ac06686907da4909378dac65857018c8b5ef9cb0b03ff0ec73ac8177b7050c5
     
  19. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    155
    Location:
    UK
    Just received these alerts on 723, also with Credential Theft Protection and SAM enabled. Is the only solution to turn off SAM?

    Mitigation CredGuard

    Platform 6.3.9600/x64 v723 1f_0a
    PID 1236
    Application C:\Program Files\ESET\ESET Security\ekrn.exe
    Description ESET Service 11

    SAM access denied.

    Range = LBA 2367008 :512
    Read = LBA 2367008 :8

    Thumbprint
    a2fbea1d1e0c7c27d1037660e0a1a06e76463f07ade85e5e1a267abdd1d14f60

    -------------------------------------------------------------------------------------------------------
    Mitigation CredGuard

    Platform 6.3.9600/x64 v723 1f_0a
    PID 1204
    Application C:\Windows\System32\dwm.exe
    Description Desktop Window Manager 6.3

    SAM access denied.

    Range = LBA 2367008 :512
    Read = LBA 2367008 :64
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    19,295
    Guys just turn off SAM
     
  21. RonnyT

    RonnyT Registered Member

    Joined:
    Aug 9, 2016
    Posts:
    27
    Location:
    Planet Earth
    Please post production version related queries in the production board. For the moment there is no BETA version.
    Thanks.
     
  22. ohgood

    ohgood Registered Member

    Joined:
    Apr 3, 2015
    Posts:
    35
    Location:
    cold upper midwest
    Congratulations Loman bros., RonnyT, Surfright & Sophos! You are out of beta! Great work- many thanks for HMPA, HMP & your other fine products. (I know there's still stuff to work on - but it will always be so :rolleyes:. Thanks again for letting us participate and (sort of) watch you make the sausage! :geek:
     
  23. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    :thumb:
     
  24. P_TT

    P_TT Registered Member

    Joined:
    May 9, 2017
    Posts:
    4
    Location:
    Italy
    I purchased a new key and tried to extend my old license(still valid for hundred days) but it actually replaced the license instead of extending the old one. How can i fix this issue?
    I am not sure what i did wrong, i followed istructions in the email from cleverbridge. Even in the email it says "Activate or Extend a License"...
     
    Last edited: Nov 29, 2017
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,057
    Maybe the support can correct this. But in general it is better to wait before a new key is being used:
     
Loading...