HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,904
    Location:
    Among the gum trees
    Have you got SAM enabled under the Credential Theft Protection tile? If so, disable it.
     
  2. Secure_Guy

    Secure_Guy Registered Member

    Joined:
    May 4, 2016
    Posts:
    49
    I do yes.
    However, the isue should not be happening, regardless....right?
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,904
    Location:
    Among the gum trees
    Last edited: Aug 5, 2018
  4. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    Please disable the SAM protection under the orange feature "Credential Theft Protection". It was shipped off by default and causes these kinds of alert as it does a little to good a job.
     
  5. Secure_Guy

    Secure_Guy Registered Member

    Joined:
    May 4, 2016
    Posts:
    49
    Thanks.
    I have turned this off....for now until these issues are fixed.

    PS: Why has there been no activity here for so long?

    I've been awaiting for my bug fixes to be made for so long since I posted them here.
    I thought the fixes would be made much quicker.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
  7. Secure_Guy

    Secure_Guy Registered Member

    Joined:
    May 4, 2016
    Posts:
    49
    I just got the following error while trying to run Foxtel in Chrome Browser...
    Code:
    Mitigation   ROP
    
    Platform     6.3.9600/x86 v751 06_2a
    PID          5608
    Application  C:\GoogleChromePortable\App\Chrome-bin\chrome.exe
    Description  Google Chrome 69
    
    Callee Type  LoadLibrary
                 ntdll.dll
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  74C36906 KernelBase.dll           LoadLibraryExW +0xc6
    2  74C37565 KernelBase.dll           LoadLibraryExA +0x25
    3  753D8972 kernel32.dll             LoadLibraryA +0x32
    
    4  0659491B widevinecdm.dll        
                8945e8                   MOV          [EBP-0x18], EAX
                837de800                 CMP          DWORD [EBP-0x18], 0x0
                6833d11106               PUSH         DWORD 0x611d133
                895424fc                 MOV          [ESP-0x4], EDX
                8d6424fc                 LEA          ESP, [ESP-0x4]
                895c24fc                 MOV          [ESP-0x4], EBX
                8d6424fc                 LEA          ESP, [ESP-0x4]
                8b542408                 MOV          EDX, [ESP+0x8]
                bb83025506               MOV          EBX, 0x6550283
                0f45d3                   CMOVNZ       EDX, EBX
                89542408                 MOV          [ESP+0x8], EDX
                8d642404                 LEA          ESP, [ESP+0x4]
                8b5c24fc                 MOV          EBX, [ESP-0x4]
                8d642404                 LEA          ESP, [ESP+0x4]
                8b5424fc                 MOV          EDX, [ESP-0x4]
                8d642404                 LEA          ESP, [ESP+0x4]
    
    5  0659D1AE widevinecdm.dll        
    6  06179B37 widevinecdm.dll        
    7  0617851E widevinecdm.dll        
    8  0617992D widevinecdm.dll        
    9  10734A3B chrome_child.dll      
    10 11D54A70 chrome_child.dll      
    
    Loaded Modules
    -----------------------------------------------------------------------------
    011B0000-01309000 chrome.exe (Google Inc.),
                      version: 69.0.3497.81
    771E0000-7734A000 ntdll.dll (Microsoft Corporation),
                      version: 6.3.9600.18895 (winblue_ltsb.180101-1800
    753D0000-754D0000 KERNEL32.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74900000-749E0000 hmpalert.dll (SurfRight B.V.),
                      version: 3.7.8.751
    74C20000-74CF9000 KERNELBASE.dll (Microsoft Corporation),
                      version: 6.3.9600.18938 (winblue_ltsb.180209-0600
    76A30000-76AAC000 ADVAPI32.dll (Microsoft Corporation),
                      version: 6.3.9600.18895 (winblue_ltsb.180101-1800
    76EE0000-76FA3000 msvcrt.dll (Microsoft Corporation),
                      version: 7.0.9600.17415 (winblue_r4.141028-1500)
    77050000-77091000 sechost.dll (Microsoft Corporation),
                      version: 6.3.9600.17734 (winblue_r9.150319-1700)
    75160000-75230000 RPCRT4.dll (Microsoft Corporation),
                      version: 6.3.9600.18941 (winblue_ltsb.180214-0600
    74DD0000-74DF3000 SspiCli.dll (Microsoft Corporation),
                      version: 6.3.9600.18454 (winblue_ltsb.160820-0600
    722C0000-722C8000 VERSION.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    5E690000-5E70F000 chrome_elf.dll (Google Inc.),
                      version: 69.0.3497.81
    75770000-76A2B000 SHELL32.dll (Microsoft Corporation),
                      version: 6.3.9600.19061 (winblue_ltsb.180609-0600
    76AB0000-76C05000 USER32.dll (Microsoft Corporation),
                      version: 6.3.9600.18535 (winblue_ltsb.161109-0600
    6E450000-6E473000 WINMM.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74120000-7413B000 USERENV.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    76C10000-76C16000 PSAPI.DLL (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    75560000-755A5000 SHLWAPI.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    72220000-722BE000 WINHTTP.dll (Microsoft Corporation),
                      version: 6.3.9600.18895 (winblue_ltsb.180101-1800
    74FD0000-7514D000 combase.dll (Microsoft Corporation),
                      version: 6.3.9600.19038 (winblue_ltsb_escrow.1806
    770D0000-771E0000 GDI32.dll (Microsoft Corporation),
                      version: 6.3.9600.18818 (winblue_ltsb.170908-0600
    6E420000-6E443000 WINMMBASE.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    748F0000-748FF000 profapi.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74A50000-74A8C000 cfgmgr32.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    73A90000-73AB1000 DEVOBJ.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74800000-7480A000 CRYPTBASE.DLL (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    747A0000-747F4000 bcryptPrimitives.dll (Microsoft Corporation),
                      version: 6.3.9600.18895 (winblue_ltsb.180101-1800
    770A0000-770C6000 IMM32.DLL (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74EB0000-74FC2000 MSCTF.dll (Microsoft Corporation),
                      version: 6.3.9600.18819 (winblue_ltsb.170909-0600
    754D0000-7555B000 shcore.dll (Microsoft Corporation),
                      version: 6.3.9600.17666 (winblue_r8.150122-1500)
    0FC90000-13D8B000 chrome_child.dll (Google Inc.),
                      version: 69.0.3497.81
    74E00000-74E4F000 WS2_32.dll (Microsoft Corporation),
                      version: 6.3.9600.18340 (winblue_ltsb.160513-1153
    72200000-72220000 IPHLPAPI.DLL (Microsoft Corporation),
                      version: 6.3.9600.18264 (winblue_ltsb.160310-0600
    76C20000-76D49000 ole32.dll (Microsoft Corporation),
                      version: 6.3.9600.18895 (winblue_ltsb.180101-1800
    59550000-5955B000 msdmo.dll (Microsoft Corporation),
                      version: 6.6.9600.17415 (winblue_r4.141028-1500)
    75230000-752C7000 OLEAUT32.dll (Microsoft Corporation),
                      version: 6.3.9600.19003
    74D00000-74D3D000 WINTRUST.dll (Microsoft Corporation),
                      version: 6.3.9600.18508 (winblue_ltsb.161004-0600
    752D0000-7536B000 COMDLG32.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    72840000-729C1000 DWrite.dll (Microsoft Corporation),
                      version: 6.3.9600.18696 (winblue_ltsb.170511-1554
    6C660000-6C6C5000 WINSPOOL.DRV (Microsoft Corporation),
                      version: 6.3.9600.19064 (winblue_ltsb_escrow.1806
    58770000-588B1000 dbghelp.dll (Microsoft Corporation),
                      version: 6.3.9600.17787 (winblue_r10.150331-1500)
    59530000-59546000 USP10.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    72C40000-72CA9000 dxgi.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74A90000-74C18000 CRYPT32.dll (Microsoft Corporation),
                      version: 6.3.9600.18653 (winblue_ltsb.170331-0600
    6E2D0000-6E41F000 urlmon.dll (Microsoft Corporation),
                      version: 11.00.9600.19101 (winblue_ltsb_escrow.18
    6CC20000-6CC2A000 Secur32.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    721B0000-721C4000 dhcpcsvc.DLL (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    77040000-77047000 NSI.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    721F0000-721F8000 WINNSI.DLL (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    74A40000-74A4E000 MSASN1.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    72E90000-73096000 COMCTL32.dll (Microsoft Corporation),
                      version: 6.10 (winblue_ltsb.150806-0600)
    6ECC0000-6EEF6000 iertutil.dll (Microsoft Corporation),
                      version: 11.00.9600.19101 (winblue_ltsb_escrow.18
    6EF00000-6F2E1000 WININET.dll (Microsoft Corporation),
                      version: 11.00.9600.19101 (winblue_ltsb_escrow.18
    06070000-0673E000 widevinecdm.dll (Google Inc.),
                      version: 4.10.1192.0
    58D80000-58D9E000 dxva2.dll (Microsoft Corporation),
                      version: 6.3.9600.17415 (winblue_r4.141028-1500)
    
    Code Injection
    00730000-00731000    4KB C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052]
    00743000-00744000    4KB
    7724B000-7724C000    4KB
    7724A000-7724B000    4KB
    77249000-7724A000    4KB
    012BA000-012BC000    8KB
    012BB000-012BC000    4KB
    012B9000-012BA000    4KB
    00750000-00751000    4KB
    012B6000-012B7000    4KB
    1  C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052]
    C:\GoogleChromePortable\App\Chrome-bin\chrome.exe  --disable-logging --disable-metrics --disable-metrics-reporting --disable-dev-tools --user-data-dir=C:\GoogleChromePortable\Data\profile --disk-cache-dir=C:\GoogleChromePortable\Cache --disk-cache-size=314
    2  C:\Windows\System32\cmd.exe [5912]
    C:\Windows\system32\cmd.exe /c ""C:\GoogleChromePortable\Start_Chrome.bat" "
    3  C:\Windows\explorer.exe [1920]
    4  C:\Windows\System32\userinit.exe [1780]
    
    Process Trace
    1  C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [5608]
    "C:\GoogleChromePortable\App\Chrome-bin\chrome.exe" --type=utility --field-trial-handle=1440,617947502705057132,7596052883681372419,131072 --enable-features=FontCacheScaling,ParallelDownloading,WebRTC-H264WithOpenH264FFmpeg --disable-features=AutomaticTabD
    2  C:\GoogleChromePortable\App\Chrome-bin\chrome.exe [6052]
    C:\GoogleChromePortable\App\Chrome-bin\chrome.exe  --disable-logging --disable-metrics --disable-metrics-reporting --disable-dev-tools --user-data-dir=C:\GoogleChromePortable\Data\profile --disk-cache-dir=C:\GoogleChromePortable\Cache --disk-cache-size=314
    3  C:\Windows\System32\cmd.exe [5912]
    C:\Windows\system32\cmd.exe /c ""C:\GoogleChromePortable\Start_Chrome.bat" "
    4  C:\Windows\explorer.exe [1920]
    5  C:\Windows\System32\userinit.exe [1780]
    
    Thumbprint
    651977ad8b94505e0f411c52f3ef26d7aba9361cbe3b146924631209420ffec3
     
    Last edited by a moderator: Sep 11, 2018
  8. rodneym

    rodneym Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    271
    I would be real excited about this, except for two things.

    1). When I bought it in June 2018, it slowed my PC down.
    2). I think it was CS who tested this software (did a video) or maybe just Hitman (not pro) and it failed.

    *Aside from the above...This is not a stand alone software, as in a replacement for AV right.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    There are two different products: HitmanPro.Alert is a comprehensive anti-exploit software, and HitmanPro, is a second opinion AV scanner (so indeed, not a real-time AV replacement).

    The latter is invoked by HMP.A, but can also be installed standalone.
     
  10. HansF

    HansF Registered Member

    Joined:
    Dec 10, 2015
    Posts:
    24
    When can we expect a new Beta?
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,084
    Location:
    USA
    Is there a particular issue you're hoping a new beta will address?
     
  12. HansF

    HansF Registered Member

    Joined:
    Dec 10, 2015
    Posts:
    24
    No, but it would be nice to have a Beta, that works with the latest Windows 10 Insider builds. That's all.
     
  13. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.9 Build 759 Release Candidate

    Changelog (compared to build 751)
    • Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
    • Added Compatibility with Windows 10 Redstone 5
    • Improved WipeGuard mitigation handling VBR sectors
    • Improved Asynchronous Procedure Call (APC) Mitigation
    • Improved SEHOP mitigation performance improvement
    • Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
    • Improved Windows Vista code injection
    • Fixed Compatibility with Windows XP Embedded POSReady 2009
    • Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
    • Fixed Compatibility with Microsoft Hyper-V failed to start
    • Fixed Compatibility with F-Secure DeepGuard
    • Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
    • Fixed Security issue (CVE assigned)
    • Updated Botan 2.7.0
    • Updated Sqlite 3.24.0
    • Updated All code compiled with Visual Studio C++ 15.8.4
    • Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
    • Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
    Download (with drivers co-signed by Microsoft)
    http://test.hitmanpro.com/hmpalert3b759.exe

    Let us know how this version runs on your machine. :thumb:
     
    Last edited: Sep 12, 2018
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    Hi HansF,
    Please give this version a spin and let us know how it runs on your Insider build.
    Keep in mind that Microsoft experiments all over the scale on insider builds so bugs can change ;)
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Ronny

    Install was just business as usual for me. Glad to see upgrades.

    Thanks,

    Pete
     
  16. guest

    guest Guest

    No issues so far.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,904
    Location:
    Among the gum trees
    Same here. :thumb:
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    So far so good here. Window 7 Pro SP1 x64.
     
    Last edited: Sep 13, 2018
  19. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    982
    Same here also.
     
  20. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,472
    So far, so good on Win 10 1803.

    There is a little, old issue with the media player MPC-BE. It doesn't like HMPA very much. When I hit the play button, it crashes, unless I add MPC-BE to exclusions. I would kinda like to do the opposite, I mean, to add it to Media exploit mitigations.
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,301
    Location:
    the Netherlands
    June 4, 2017, Erik wrote:
    The same applies to MPC-BE, it cannot be supported with HMPA.
    I think what Erik said last year does still apply.
     
  22. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,472
    Thanks. I figured you guys must have reported this already.
    The funny thing is that now, MPC-HC does not conflict, while MPC-BE does.
    But the answer is probably the same as before. :)
     
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,301
    Location:
    the Netherlands
    Thanks very much, shmu26, that is interesting, I wasn't aware of that.
    Is MPC-HC automatically included in the exclusion list, like XhenEd suggested, June 4, 2017?
    If this is not the case, then something else may have changed in MPC-HC or in HMPA.
    @erikloman,
    If MPC-HC is automatically included in the exclusion list, it would probably be a good idea to add the same detection and exclusion mechanism for MPC-BE.
     
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    Got a BSOD on pressing OK to reboot, after update.
    Code:
    On Thu 2018/09/13 11:14:02 AM GMT your computer crashed or a problem was reported
    crash dump file: C:\WINDOWS\Minidump\091318-6515-01.dmp
    This was probably caused by the following module: ntoskrnl.exe (nt+0x1A9380) 
    Bugcheck code: 0x133 (0x0, 0x501, 0x500, 0xFFFFF80384A57378)
    Error: DPC_WATCHDOG_VIOLATION
    file path: C:\WINDOWS\system32\ntoskrnl.exe
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: NT Kernel & System
    Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. This could be caused by either a non-responding driver or non-responding hardware. This bug check can also occur because of overheated CPUs (thermal issue). 
    The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. 
    
    Probably not an issue as I had also updated Sandboxie to 5.27.1 beta in the same session, so may be related.

    After reboot, all seems OK.
     
  25. HansF

    HansF Registered Member

    Joined:
    Dec 10, 2015
    Posts:
    24
    Hi RonnyT,

    this version is running well so far on Windows 10 1809 Build 17754.1 and 1903 Build 18234...and i know about Microsoft's experiments :).
    I think, that they won't make big ones in the 1809 builds anymore, but they'll surely do in the 19H1 builds.
     
    Last edited: Sep 13, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.