HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    918
    Are you sure it’s HMP.A and not the extensions fiasco that Firefox is currently experiencing?
     
  2. OB1W4N5

    OB1W4N5 Registered Member

    Joined:
    Jul 27, 2015
    Posts:
    28
    Good question but it is not the same issue, which I believe has been resolved. I was not impacted by the issue as far as I know since I had certain flags turned on/off in about:config.

    Again this was on Nightly, so not sure if it was something particular to my setup or not.
     
  3. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    211
    Location:
    Planet Earth
    For the users that are using Keepass and have plugins installed the following happened.

    We triggered a so called "Lockdown" alert, this is NOT an indication of malware (so you cannot compare this to an anti-virus alert).
    It means an application is introducing new code on the machine, and when lockdown is active on a mitigation this is not allowed.

    The cause is Keepass seems to compile plugins on the fly by invoking the C# compiler (csc.exe)
    This csc.exe is a so called Lolbin (abused because you can compile code on the fly) and was added to the protections, as a mitigated application tries to spawn this process it will trigger a lockdown.

    See similar issues here
    https://github.com/KoenZomers/KeePassOneDriveSync/issues/87

    We have put a workaround in place to mitigate these lockdowns and will make changes in the next build.
     
    Last edited: May 7, 2019
  4. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    887
    Location:
    Baden Germany
    Thanks for this very informative post.
     
  5. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    918
    Thank you for the explanation.
     
  6. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    906
    Location:
    Land o fruits and nuts, and more crime.
    Beta 3.80 839 CPT1,
    Window 7x64

    Did a reflect restore and Macrium started asking for a license code. Never has happened before.
    A HMPA pop-up RPD or RDP disabled or locked down for this session (A black message bar).

    So, this beta is a no-go!
     
    Last edited: May 7, 2019
  7. HansF

    HansF Registered Member

    Joined:
    Dec 10, 2015
    Posts:
    19
    This is a preview build. I don't know, how SufRight /Sophos determine the differences between Preview and Beta, but for me the preview phase is before the beta phase (this is the way, Microsoft is handling it f. e.).
    It was your own choice to install it and if you did it on your productive system, it was / is your own mistake.

    So, this beta is not a no-go - it's just a preview (not stable) build.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No issues here on Win 7
     
  9. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    906
    Location:
    Land o fruits and nuts, and more crime.
    IT IS A NO-GO FOR ME!
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,509
    Location:
    Among the gum trees
    No issue on my two Win10 x64 1809 machines.
     
  11. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    887
    Location:
    Baden Germany
    No issues on WIN10x64 1903
     
  12. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    918
    I always get random characters when I try to type something in the save dialog of Firefox 67, in Windows 10 1903, with keystroke encryption enabled.

    My text is shown correctly if I disable HPM.A's keystroke encryption.
     
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    887
    Location:
    Baden Germany
    Same here, on two machines running WIN10-1903.

    Random characters in "save as" dialog. (not only related to Firefox)
     
    Last edited: May 27, 2019
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    825
    Same here (Win 10 1903 and build 839 CTP1).
     
  15. hotlips69

    hotlips69 Registered Member

    Joined:
    Nov 3, 2005
    Posts:
    55
    Location:
    Sussex. UK
    I thought this was just me, but I'm also getting random letters in the Save As dialog box using Chrome.
    Using W10 1903 3.7.9 b779
     
  16. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,129
    Location:
    USA
    What is the most current stable version of HMPA?
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,509
    Location:
    Among the gum trees
    Last edited: May 30, 2019
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,388
    The current stable is v3.7.9.779:
     
  19. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,129
    Location:
    USA
    Any known issues with this version? Thought I had read something about a Macrium Reflect slowdown when doing an Image backup. Maybe I'm dreaming or just mis-read :)
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,300
    Location:
    Outer space
    That's the new cryptoguard version in the latest beta. This is the beta thread btw.
     
  21. deputycag

    deputycag Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1
    Was wondering if anyone else noticing something on beta. Recently installed 779 and the logo for "Exploit Protection Assisted by Hardware" is no longer showing. Not sure if this is due to Hitmanpro beta update or update to Windows build 1903.
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,300
    Location:
    Outer space
    Build 839 running fine here so far.(1809)

    Any more info on this?
    With ProcessExplorer I can see that High Entropy ALSR can still be enabled.

    For me, on Windows 1809 the logo shows for both 779 and 839.
     
  23. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,422
    Trying out beta 839 over here, on Windows 10 1809. I haven't used HMPA in a while, and it is performing impressively.

    The only issue I have seen is the known issue of slow backups in Macrium Reflect. And it seems to me that the backups too big. I know this sounds weird, but after installing HMPA, I got a 3gb incremental backup. This was just five minutes after the previous backup.
     
    Last edited: Jun 7, 2019
  24. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,422
    I ran a manual scan and it got stuck at 98%. Probably because of my flaky internet connection. But the internet is back, and the scan did not continue. HMPA at 0% CPU.

    The system is sometimes almost frozen. In the middle of typing this message, I had to wait a minute, because I could not input.

    The scan went down to 90%, and after a few minutes, it started slowly progressing, and reached conclusion.
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,300
    Location:
    Outer space
    I noticed with beta 839, if Cryptoguard is set to v5, qBittorrent download speeds are lower than with v4.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.