HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    After further testing HMPA 3RC build 120 & 124 I find that keystroke encryption does not
    work in MS Word or WordPad. (both under default office template)

    Note: Flyout does occur on both apps.

    If however, I remove mitigations from both apps and place them under the other template
    keystroke encryption seems to work.

    Should the keystroke encryption though work under office template for these 2 apps?
    Will encryption work on HMPA build 125 when these 2 apps are under default settings?
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Keystroke Encryption is only enabled on the Browsers and Other template. So Office apps do not have keystroke encryption.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert writes the following files:

    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    C:\Windows\system32\hmpalert.dll
    C:\Windows\SysWow64\hmpalert.dll
    C:\Windows\drivers\hmpalert.sys
    C:\Windows\drivers\hmpnet.sys

    Build 125 should fix the boot slowdown (I think).
     
  4. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    529
    Thanks, I also think boot time is faster now :) great work !

    @Edit: Yes booting is A LOT faster now. Thanks for the fix
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The slowdown when launching Opera browser should also be fixed in build 125.
     
    Last edited: Dec 15, 2014
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,088
    Location:
    USA
    We know you meant Build 125 :thumb:
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Changed it. Let me know how it runs on your end :thumb:
     
  8. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,239
    Testing HMPA 3 build 125:

    Unable to start Pale Moon browser alternate profile (palemoon.exe -p) via run command.
    HMPA automatically terminates browser profile when choose folder option in Create Profile Wizard
    is selected. HMPA alert indicates ROP mitigation. In order to start browser successfully I
    have to disable Control-Flow Integrity (Stops ROP attacks) in Pale Moon code mitigations of
    HMPA. Also did HMP scan and nothing found. Other profile works fine.
     
  9. Aeolis

    Aeolis Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    60
    Hello folks,

    I would like to report the following problem in my system.

    System:
    - Windows 7 Ultimate x64 (fully updated);
    - CIS 8.0.0.4344 (Firewall enabled on Safe Mode, Auto-Sandbox Enabled, Viruscope enabled, HIPS disabled);
    - Emsisoft Anti-Malware 9.0.0.4668;
    - Malwarebytes Anti-Malware 2.0.4.1028; and
    - HitmanPro.Alert version 3.0.21 build 125 Release Candidate.

    Symptoms:

    I install can successfully install HitmanPro.Alert and use my system as usual it just after installation. But as soon as do the first reboot after installation I experience major slowdown on boot and after the system finally boot up I cannot use it at all. After boot up system is sluggish and it ends up at a major lock down. I always have to do a hard reboot and unistall HitmanPro.Alert using safe mode.

    I could not figure out which software or configuration on my system is causing the problem. I hope you can help me. If you need any additional information just let me know.

    After updating to the latest release candidate (build 125) I have noticed a slight improvement in system responsiveness, but still the major problems persists.

    Best regards,

    Aeolis
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I've discovered an unresolved issue related to 64-bit 3rd party hooks. I was able to reproduce with Emsisoft (note, fault is ours, not Emsisoft's). If you are willing to uninstall Emsisoft, does the system boot fast again?
     
  11. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Eric, I have just installed build 125 and still have the problem with entries in the address bar of IE11 being encrypted as per my previous posts #3101 and #3108. As I am running Emsisoft IS I will try with EIS shut down and also uninstalled and report back.

    EDIT: Have tried IE11 with EIS shutdown - problem still exists
    Uninstalled EIS and IE11 works fine, no encryption of the address bar entry.
     
    Last edited: Dec 15, 2014
  12. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    @erikloman @markloman
    Firefox sometimes is not starting and closing correctly in Sandboxie. Process firefox.exe is hanging but no window opens. If i manually exit all programs in sandbox and restart firefox it works after some trials.

    Only happens with Build 124 and Build 125. If I go back to build 120 everything is fine. Don't know how to track this further for you, so if you have any idea just let me know.
     
  13. Aeolis

    Aeolis Registered Member

    Joined:
    Apr 10, 2010
    Posts:
    60
    Hello folks,

    Dear Erik Loman. I have not uninstalled Emsisoft in my system, but I did a quick test disabling both EAM and MBAM auto start without success. The system slowdown is there even with EAM and MBAM not auto starting with Windows.

    Best regards,

    Aeolis
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Ok thank you.
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,966
    Still running v3.0.20 build 120. Justed booted into this snapshot, and HMP quick scan no longer starts at boot. Another program, that I have, AVZ 4.43 will not update.

    ---------------------------
    avz.exe - Application Error
    ---------------------------
    The instruction at "0x00404016" referenced memory at "0x01fec8f0". The memory could not be "read".


    Click on OK to terminate the program
    Click on CANCEL to debug the program
    ---------------------------
    OK Cancel
    ---------------------------

    ScreenShot_Hmp.A_3.0.20 build 120_install_32.gif
     
  16. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,076
    I'm running EIS and MBAM. So I'd better wait for a new build?
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've confirmed removing EIS and 125 boots fine, so EIS is the problem

    Pete
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,549
    Location:
    Outer space
    Upgraded from build 120 to 125, Cyberfox crashes at start:

    Code:
    Problem Event Name:    APPCRASH
      Application Name:    Cyberfox.exe
      Application Version:    34.0.5.5452
      Application Timestamp:    54812864
      Fault Module Name:    xul.dll
      Fault Module Version:    34.0.5.5452
      Fault Module Timestamp:    54812931
      Exception Code:    c0000005
      Exception Offset:    003fe94a
      OS Version:    6.1.7601.2.1.0.256.1
      Locale ID:    1043
      Additional Information 1:    0a9e
      Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
      Additional Information 3:    0a9e
      Additional Information 4:    0a9e372d3b4ad19135b953a78882e789
    I've narrowed it down to some of the Code Migitations; Stack Exec, Stack Pivot and Control-Flow Integrity. If any of these is enabled, Cyberfox crashes.
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,036
    Location:
    Baden Germany
    Don't get me wrong, but I do not run all that fancy stuff, others do.

    So far I have no issues of any kind, at all.

    Hitmanpro.alert just works.
     
  20. rhabdomantist

    rhabdomantist Registered Member

    Joined:
    May 12, 2011
    Posts:
    38
    Location:
    Canada
    Auto-update from 124>125 was slicker than a greased heel in a bucket of bat guano.
    Thanks.
     
  21. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    Upgraded from 120 to 125 without any problems.
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Build 125 still the same behaviour. I should have time tomorrow to properly troubleshoot.

    *It's not Avast or LinkScanner, uninstalled both w/o any changes. Honestly, I'm not sure what it is other than the HMP.A update.

    *Not EMET either, gonna get a Windows 7 64-bit VM to test.
     
    Last edited: Dec 16, 2014
  23. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    Will there be any consideration about adding encryption to offline apps? I use Zemana as of now becuse a lot of my work involves office, but I'm not attached to it and I really like Hitmanpro's lineup of programs, so I'd be all in if this was a potential
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Definitely HMP.A. Noticed the same behaviour on a fresh Windows 7 64-bit VM with the latest updates.
     
  25. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Thanks! And you know what, you can already add Keystroke Encryption to Office applications using Alert's flexible settings. Simply remove the existing mitigations from the Office application that need Keystroke Encryption and then add the application again using the Other template. An example for Microsoft Word:
    1. Open HitmanPro.Alert 3.
    2. Click on the gear icon at the top right corner of the window and select Advanced interface.
    3. Click on the blue tile, Exploit mitigations. Alternatively, click on the Microsoft Word icon and continue at step 6.
    4. From the menu that appears, select Applications.
    5. Select Microsoft Word (under the Office category).
    6. Click on Remove mitigations.
    7. Click on the close icon to return to the main screen. Leave HitmanPro.Alert open.
    8. Now run Microsoft Word, e.g. from Windows' menu Start.
    9. Return to HitmanPro.Alert and click on the blue tile, Exploit mitigations.
    10. From the menu, select Running applications.
    11. Click on Microsoft Word and select the Other template.
    12. Restart Microsoft Word.
    Done. Just click a little, no need to know or type a path or process.
    We'll consider adding Keystroke Encryption to the Office template by default. Thanks!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.