HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Thanks for the quick response. We have some fine tuning to do.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    As above, I tried that with Windows Media Player but still got a ROP alert.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    How was the .bat file produced? Via what application? Does that application have Application Lockdown enabled?
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I know. Media Player is an actual ROP issue. Will have a look at it, as well as the IAF issue.
    Do both issues go away when you try build 131?
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    With build 131 the Media Player still had the ROP issue but no problem with Windows Live Mail or Adobe Reader.

    I sent you the ROP details by PM back on Boxing day my time.

    Thanks.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,979
    I am running XP. So, is that general advice, and I should stick with v3.0.22 build 12RC for the time being?
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,054
    No problems with latest Sandboxie beta 4.15.8 and build 137 (W7 64 bits).
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Erik

    See PM

    Pete
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes I did it, but it does not work, even though the HMPA dll file is loaded into Firefox and Opera.

    This only works when exploit mitigations are active, I suppose? I wanted to add a browser to the "safe browsing" protection, but didn't find a way to do it.

    Yes, I said it in a wrong way. What I meant was that with a "true" installer, there will also be an "uninstaller", that should take care of disabling the GUI/service/driver and deleting those files. Now all of this must be done manually, not a big problem, but this means that malicious software can also easily disable HMPA. But I read that HMPA v3 final will offer this.

    Like I said, it should work out of the box with any or at least the most popular apps, to get it on the same level as KeyScrambler, SpyShelter and Zemana.
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am not sure I see an issue with the installer. It installs fine. If you need to uninstall you can easily to from the control panel as you do with any other app. I don't see anything lacking.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    My bad, I must have missed that, for some reason MyUninstaller doesn't pick it up. And I also did not see any uninstaller in HMPA's folder. But self protection is still an issue.

    http://www.nirsoft.net/utils/myuninst.html
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    May not work with MyUninstaller, but it works with windows uninstaller. Reason you didn't see one, is there isn't one there. As to self protection, to me that can be a bit overrated. With adequate security on the system, something mostly likely can't uninstall it anyway.
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It picks it up as expected.
    MyUninstaller.png
     
  14. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    Have HMPA up and running again and is working. Thanks for the fix Erik. Will continue testing and report back if any other issue developes.
     
    Last edited: Jan 19, 2015
  15. 142395

    142395 Guest

    I want to see browsing function with which I can choose any executable on my system as well as directly specifying name and path. In current implementation, I have to run a program before I add it to protection, but assume I want to add dozens of programs at once, but some of them I rarely need to run or even currently not on the disk. I often temporary install programs in sandbox or in virutualized desktop.
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,657
    Location:
    Outer space
    You don't have to run the application you want to add, afaik, in addition to the Running Applications button, there is also another one that let's you browse for a file. I'm not sure though if that allows you to add multiple programs at once.
     
  17. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    Maybe I'm blind, but: Where ??
     
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,657
    Location:
    Outer space
    Hmm, it looks like it's gone, I'm pretty sure I added an application that way in an older build.
     
  19. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    525
    I have been digging into this bug and can conclude that it is unrelated to HitmanPro.Alert.
    Sorry about any confusion it may have caused.
    I have found that my CAPI2 error are due to a conflict caused by the Microsoft December 2014 updates.
    Some permissions has been changed and this CAPI2 error are thrown each time I have scheduled backup or maintenance on this pc.
    System is blocking itself during access to a specific driver that this Desktop PC has.

    The reason I first believed it was due to HitmanPro.Alert is that I started testing .Alert on this desktop PC in early December.
    I started seeing these CAPI 2 error shortly thereafter on this desktop PC.
    I took a look in Windows Event Viewer on my laptops, that also run Windows 8.1 Pro x64 - none of those have CAPI2 errors.
    I also took a look in Windows Event Viewer on a shared laptop I have here, that runs Windows 10 Technical Preview - it does not have CAPI2 errors either.

    I had begun testing .Alert right after Patch Tuesday - but since .Alert was the newly introduced program on this pc, then naturally it took the spotlight as "probable cause".
    Also since frequent installs/uninstalls of .Alert looked to match pretty well with when errors appeared in Event Viewer, I didn´t see the connection between the backup/maintenance I have scheduled and the CAPI2 errors.

    I have now wiped harddrive in Desktop PC and installed Windows 10 Technical Preview on this to accompany the Win10 test-laptop, and confirmed that the Microsoft December 2014 updates caused the issue.
    Clean Win10+drivers = No errors.
    Clean Win10+drivers+December updates = CAPI2 errors.

    Will alter the affected permissions before proceeding with testing .Alert
    Hope you didn´t waste to much time investigating on this.
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    No problem. Thank you very much for the update! :thumb:
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Yes, apparently you have to choose "show x64 installations", so my mistake. But since I'm now on a fast machine, I will use Windows own tool in the future.

    My bad, I forgot you need to add it to all sandboxes, not just the default-box. BTW, what about the license-key? My old one does not work anymore.
     
  22. brihy1

    brihy1 Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    198
    Location:
    usa
    Im running build137 and when i open ie 11 with homepage bing.com i get the hmpa warning attack interceted?Didnt happen wth previous build.
     
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,054
    Add it to [Globalsettings] for all sandboxes.
     

    Attached Files:

  24. KeyPer4Life

    KeyPer4Life Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,241
    If it hasn't been asked already just wondering why HMPA needs to check for updates every 120 minutes?
     
  25. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,132
    Build 137 is once again turning keyboard input into gibberish in KeePass ( 2.28 ).

    In fact, one in every few characters also becomes something else than entered in Firefox ( 35.0 ).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.