HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I can only conclude that some tool is clearing out the PendingFileRenameOperations key just before reboot.

    If you uninstall build 120, are the files gone from Program Files? I ask this because the uninstaller is also using the PendingFileRenameOperations key.
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    991
    Uninstalled 120 and rebooted laptop.

    Now: picture 1 is build 120 and picture 2 is build 124.
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      25.4 KB
      Views:
      25
    • 2.JPG
      2.JPG
      File size:
      34.1 KB
      Views:
      19
  3. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,089
    Today I was unable to login into KeePass. Until I typed the password in Notepad and pasted it into KeePass.

    Turned out that the keystroke protection of HPA is turning my keystrokes into garbage when enabled...

    Even weirder: it incidentally happens in Firefox with keystroke protection turned off. Is my keyboard dying instead?
     
  4. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    UI is needlessly convoluted
     
  5. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Could you list all directories and files that HitmanProAlert is using / running? Just so I can add it as exclusion to ESET and MBAM :)

    BTw, could it be that HMPA slows down the boot time? After entering my password at log on of windows 8.1 it seems to load way longer than usaually. Not a big problem for me as I mostly use "Sleep" but I wanted to report/ask this.
     
  6. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    @erikloman Seems that alert 124 is blocking powerpoints from opening. I am studying for final exams so I dont have time to figure out exactly what mitigation is blocking it but when I disable powepoint mitigations fixes the issue. There is NO alert it just blocks it from opening the actual file (not the program) and I get a message that my antivirus may be interfering with opening this file.
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,090
    Location:
    USA
    I don't doubt that it works for you. I asked for suggestions as to how I could troubleshoot the problem on my system.
     
  8. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    797
    Hi,

    Have not received any reply.

    Anyway, just to let you know that I have managed to install HMPA 3 RC 124 succesfully.

    Have a nice day!
     
  9. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    991
    Deleted contents of map C:\Program Files (x86)\HitmanPro.Alert. Build 124 installed succesfully.
     
  10. DouweG

    DouweG Registered Member

    Joined:
    Jan 30, 2013
    Posts:
    13
    Location:
    Netherlands
    Playing a movie with MPC-HC 1.7.7 gives an alert
    It doesn't make a difference what kind of extension the movie has: .mp4, .wmv or .mpg

    Mitigation StackExec

    Platform 6.1.7601/x64 06_3c
    PID 4396
    Application C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC\mpc-hc.exe
    Description MPC-HC 1.7.7

    Callee Type ProtectVirtualMemory
    0x05D6DC50 (496 bytes)

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 74ADB666 hmpalert.dll
    2 73009ED1 avcuf32.dll AvcGetJumpCode +0x58e51
    3 72FB9E5C avcuf32.dll AvcGetJumpCode +0x8ddc
    4 73FB069F (anonymous; avcuf32.dll)
    5 74ADB622 hmpalert.dll
    6 76A6F335 KernelBase.dll GetProcessId +0x1b
    7 72FE2BC3 avcuf32.dll AvcGetJumpCode +0x31b43
    8 72FE30C2 avcuf32.dll AvcGetJumpCode +0x32042
    9 73009E79 avcuf32.dll AvcGetJumpCode +0x58df9
    10 72FB9F53 avcuf32.dll AvcGetJumpCode +0x8ed3
     
    Last edited: Dec 13, 2014
  11. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    I didn't know for sure if HMP scan would work until I tested it on build 124 and that is
    why I posted my result. You offered no other info other than your system locked up when
    starting a HMP scan. Pretty hard to troubleshoot with so little info to work with.
    You could also PM the devs on this.

    Did you check the Windows event logs?
    Were you able to run HitmanPro as a stand-alone app without any issues?
    Did you try running a HMP scan on HMPA RC build 120 before installing build 124?
     
  12. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    417
    124: Reporting in: Still massive lags on Facebook with the autovideoplayback feature there, impossible to scroll when this starts.
    Maybe not a big issue, but still...seems to add a lot of cpu stress on the browser.
    Using Slimjet browser and Panda Antivirus 2015 Pro on Win7Pro x86.

    /E
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,090
    Location:
    USA
    Thanks for the followup. I did PM the dev since the problem seems unique. I did check the Windows Event Log and the only relevant entry I found was a "dirty" system shutdown. I haven't run a scan after installing a new build for quite a while. I know it worked initially but I can't say if the problem relates only to build 124.

    Regarding running HitmanPro as a standalone app, can it be installed along side HMPA?

    FWIW when I attempt a scan with HMPA HitmanPro does load - the icon appears in the notification area along with a notification saying a scan has begun, but an instance later the system is frozen. It is reproducible.
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    See my signature, MBAE should be the only one providing exploit protection for browsers and Java.

    No, they are blocked from running. I'll have to troubleshoot later.

    *Noticed that java programs protected by MBAE aren't affected. Disabling Avast and LinkScanner doesn't help.
     
    Last edited: Dec 13, 2014
  15. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    So I installed the RC on my main machine, but seem to have hit a snag. As you can see in the first picture the green label says my Chrome browser is protected, and even now as I type the little "encrypting" bar is doing it's thing, but you can see in the safe browsing box in the RC it does not show up.

    In pic #2 chrome appears in the Exploit Mitigation section and in pic #3 none of the littel application boxes appear below the safe browsing (chrome is my only browser) or under the EM, which there are a few apps listed in pic #2

    Not sure if this is a bug, or perhaps since I have the RC installed on my virtual machine perhaps it's interfering somehow (on the VM, chrome appears in the browsing section and the little boxes appear under the EM box)
     

    Attached Files:

    • 1st.png
      1st.png
      File size:
      165.7 KB
      Views:
      27
    • 2nd.png
      2nd.png
      File size:
      15.1 KB
      Views:
      27
    • 3.png
      3.png
      File size:
      21.8 KB
      Views:
      30
  16. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    Also one other thing I've noticed and you may have explained this so forgive in advance, but the RC dosnet see to activate within chrome while launched in sandboxie, but I believe the last version of Hitmanpro alert did, just something I've noticed
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is caused by a broken icon handler. Wilders member Victek had the same issue in July and he managed to fix it.
    https://www.wilderssecurity.com/thre...discussion-thread.324841/page-77#post-2392625
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We are trying to reproduce. Thank you for posting!
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  20. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    @erikloman any idea why powerpoint is being blocked by 124? Its not an alert but does not allow a actual file to open. Says your antivirus software may be interfering with powerpoint. Turning off the powerpoint mitigations fixes it.
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you post a screenshot of the message you get?
     
  22. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    It seems that if I disable Stack Exec, Stack Pivot and Control Flow Integrity The problem is resolved. All three must be off.

    http://i.imgur.com/vOOBjKH.png
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Erik

    Don't bother answering this. First post and very spam like.

    Pete
     
  24. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    Besides the fact that it probably is spam or someone who does not know how to use the internet, It is nice to know that lastpass is indeed supported as far as encryption of keystrokes when you enter your password via the browser extension. lol at his name AlertBetaTester
     
  25. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Yes - tested it myself. I was thinking though of did you ever run (do scan) with HMP program before installing HMPA?
    There is also the possibility of a conflict with other security software you have listed. (WSA, MBAM Pro & Comodo)
    HMPA/HMP and MBAM I have used together in testing without issue, but not tried other 2 apps.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.