HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Mark and Erik

    Okay, I put 92 back on. Now I remember when it changed back, but no matter, as the problem showed up already in 92

    What I can confirm. When the app crash occurs, is I lose the gui, but the service continues running and the protection is there. Also if I stop the service, and then just restart it, all is back to normal including the gui.

    What I am looking for is to try and figure that pattern to when it happens. Will do some more testing tomorrow.

    Pete
     
  2. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    So what happens after the trial period ends in CTP4 build 92? Will the RC be released before or after trial period is up?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    If you want to keep testing PM Erik or Mark for a key. I am sure they plan on releasing before that key runs out.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Mark

    The more I look for a pattern with the VPN, the less I find it. Last night I was about convinced the problem only occurred when I ran Shadowed in ShadowDefender. I fired up the VPN just to check it before shadowing, and by accident I double clicked on the VPN tray icon, and low and behold I got the Appcrash. Today I haven't been able to force one crash. The only saving grace is it is an easy fix to get things going again. Let me know when your month with the VPN runs out, and I'll trying to find a pattern, if there is one.

    Pete
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Grrrr Trying to find a pattern to this conflict I've reported, and today, nothing I did get it the conflict to appear. Hello Mr. Murphy.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Erik and Mark.

    Double Grr. Still no more issues on the VPN issue.

    An update on an issue I reported to Erik via PM. On a nightly basis I copy about 700mb across my network from one machine to the other. Normally it takes between 1 to 1:30 minutes. With HMPA on the machines it takes a bit over 7 minutes. Today I tested to see if the effect was cause by HMPA on both machines or just target vs source machine. Turns out it the speed is only effected if HMPA is active on the source machine. Another words it can be active on the target, but not the source copy is not impacted.

    Then I confirmed another minor issue with Quickbooks. They have a service whereby I can scan in a payment check, and it credits the account, and transmits the check to there merchant service division for processing. The first time it happened, it said it was shutting down the offending program. However I saw no negative impact and finished my work. This time I looked and it was a cryptoguard alert, over the png files the scanning created.

    Guys on the 3rd issue, it may be hard for you to trouble shoot is you have to actively own Quickbooks, and have signed up for the check payment service. I don't expect you to do that, and for me it's just a matter of turning off cryptoguard the few times I process checks. You just need to be aware for your support group.

    On the 2nd issue, I hope it can be solved, but what would be handy to have something within the settings to turn off the protection completely. Stopping and starting the service manually isn't the best.

    On the first one, I know you can't fix it, if it doesn't repeat. At least the fix is simple. Just stop the service and then starting it again. I tried the restart option in the service menu and got a BSOD for my effort.

    I will continue to push and beat on HMPA. Loving the product.

    Pete
     
  7. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    There is no Flyout when using HMPA in admin account, however when using a restricted account it's present.
    Why the difference? I do notice the green border in both accounts (HitmanPr0.Alert//Safebrowsing)
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Using Alert 2.6 or 3 CTP?
     
  9. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Tested both versions. Figured out the problem. Since I use 2 accounts (admin & restricted) I check Sandboxie Drop Rights setting to enable it. Result is no flyout in admin account. Uncheck Drop Rights in Sandboxie then flyout is present. In HMPA 3 CTP ( OpenPipePath) setting is added in Sandboxie as stated in thread.
     
    Last edited: Oct 25, 2014
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    990
    A question. The Hmp.Alert 3 keystroke-function is designed for browsers only? Not for example when using a Wuala login-screen?
     
  11. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    By default, yes. For now only web browsers receive Keystroke Encryption.
    But you can actually apply it to any application you desire. Simply add this application to Exploit Mitigations and select the Other template. If you want to add Keystroke Encryption to existing applications, remove the application from Exploit Mitigations and add it again, selecting the Other template.
     
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    990
    It works with Wuala. Thanks Mark. One thing. I did notice that the keystrokefuncion always uses the same characters for ! namely [AO].

    Edit: I see [A0] OR [AO] when using the shift key. Not shift + 1.
     
    Last edited: Oct 29, 2014
  13. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    460
    I have added PotPlayer v.1.5.3776 32-Bit. If I exit it, sometimes .wmv and .avi files give the error below. The same problem has not occurred yet with .mp4 files EDIT: and .mkv ones.

    Capture.JPG
     
    Last edited: Oct 29, 2014
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    990
    Possible fp with fiddler4setup.exe running sandboxed? Sandboxie 4.14 (W7 64 bits).

    Logboeknaam: Application
    Bron: HitmanPro.Alert
    Datum: 29-10-2014 21:23:36
    Gebeurtenis-id:911
    Taakcategorie: (9)
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****-PC
    Beschrijving:
    Mitigation BlockedProcess
    PID 2380
    Application C:\Program Files\Sandboxie\Start.exe
    Description Sandboxie Start 4.14
    Filename of the process blocked:
    C:\Users\****\Desktop\fiddler4setup.exe
    Command line:
    "C:\Users\****\Desktop\fiddler4setup.exe"
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-10-29T20:23:36.000000000Z" />
    <EventRecordID>150694</EventRecordID>
    <Channel>Application</Channel>
    <Computer>****-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Program Files\Sandboxie\Start.exe</Data>
    <Data>BlockedProcess</Data>
    <Data>Mitigation BlockedProcess
    PID 2380
    Application C:\Program Files\Sandboxie\Start.exe
    Description Sandboxie Start 4.14
    Filename of the process blocked:
    C:\Users\****\Desktop\fiddler4setup.exe
    Command line:
    "C:\Users\****\Desktop\fiddler4setup.exe"
    </Data>
    </EventData>
    </Event>
     
  15. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Deugniet, je bent een stoute jongen ;)
    I know the manual has not been released yet but by protecting Sandboxie with HMPA you've pulled a condom around a condom. You should not add Sandboxie itself to Exploit Mitigations as HitmanPro.Alert will prevent Sandboxie from launching secondary executables downloaded from the web. HMPA's Application Lockdown will kick in and block that new process. So it's meant to do that.
    You might want to disable Application Lockdown for Sandboxie if you insist on forcing the code and memory mitigations on Sandboxie.
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,967
    I have a licensed version of HMP. Justed booted into the snapshot that has HMPA, but it is showing as unregistered. I can't get HMPA to register for some reason.
     
  17. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    990
    Erik, I am indeed a ‘good‐for‐nothing’ ;)

    Removed Sandboxie from Exploit Mitigations and now Fiddler can be sandboxed. Thanks for explanation.
     
  18. BBss

    BBss Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    23
    I'd like to report a new bug in the latest version.

    I have been searching like crazy the last 4 hours to fix a crash problem of the new call of duty game. The Singleplayer .exe starts without problems, but if i run the Multiplayer.exe the game crashes immediately, it doesn't even start up.

    Here is the crash log from eventviewer:

    Code:
    Name der fehlerhaften Anwendung: s1_mp64_ship.exe, Version: 1.2.0.4107, Zeitstempel: 0x54529e61
    Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
    Ausnahmecode: 0xc0000005
    Fehleroffset: 0x0000000000052f0b
    ID des fehlerhaften Prozesses: 0xf1c
    Startzeit der fehlerhaften Anwendung: 0x01cff856b58e877a
    Pfad der fehlerhaften Anwendung: H:\Steam\steamapps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
    Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
    Berichtskennung: f35a1276-6449-11e4-83ff-d9a56b7e9dda
    Vollständiger Name des fehlerhaften Pakets:
    Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 

    I disabled all protections in Hitman Pro Alert, i set every single one to off, and yet the game wouldn't start, so i thought it is no caused by hitman pro. After testing the game on my notebook which resulted with the same error i was sure that it had to be caused by hitman pro alert, so i uninstalled it, restarted and the error was gone. To make sure i reinstalled it and the error came back.

    I had the same problem a few days ago with another application and same error code, but i don't remember what program it was.
    I hope you have a fix for this, it seems to be related to ntdll.dll and hmp alert somehow.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've run into some crashes my self. I've removed it to eliminate one variable.
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Which other program?
     
  21. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    990
    Sent you a mail Erik.
     
  22. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    For some days I get an CTP4 alert at the startup of downloader application Getright v6.5.
    I think this is a false alert, because there was no change for Getright for a long time.
     
  23. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    This is likely caused by Active Vaccination. Could you check again and try running CoD:AW with Vaccination set to Disabled or Passive? Thanks!
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am also going to try disabling active activation
     
  25. BBss

    BBss Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    23
    it was called "Corsair Link Software" but i haven't checked if the error code was the same, it might be caused by somethign else, i cleared the event viewer so i can't check at the moment, i would need to reinstall the software to test.

    Edit: I can confirm that the crash of Corsair Link Software is not related to HMP Alert. So currently the only program i know that doesn't work properly is CoD AW MP. Of course enabling acctive vaccination causes many programs to fail but that is no news i guess ? :p

    That is what i thought at the beginning, but as I wrote before, everything is set to disabled, including vaccination, i disabled every possible protection in hmp alert, it is really strange, it must be caused by something else.

    Dunno if helpful, but another hint: After uninstalling HMP Alert, i have to reboot or the bug still exists, after rebooting everything works. The same happens if i shut down the HMP Alert Service and kill all processes of HMP Alert, the bug still exists.

    P.s.: Windows 8.1 64bit
     
    Last edited: Nov 5, 2014
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.