HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. eplose

    eplose Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    51
  2. te7

    te7 Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    4
    Thanks
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,006
    Location:
    .
    HitmanPro and HitmanPro.Alert are activated with the same license.
     
    Last edited: Feb 2, 2015
  4. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Build 143 is running problem-free on my Windows 7 x64 machine.

    Is there a type of security program that might conflict with or duplicate some actions in HMP.A?
     
    Last edited: Feb 3, 2015
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,034
    Location:
    Among the gum trees
    MBAE and EMET do similar exploit mitigations, though not exactly the same.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You can click on the Trial License button to trial HitmanPro.Alert.

    Trial.png

    If that button is greyed out you already enjoyed a free HitmanPro trial. In that case contact me via PM if you want to test all Alert features :thumb:
     
  7. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,486
    Erik,

    I sent you another CrashDump for HMPA that I had. BTW, is 1.43 supposed to auto-update? It never did for me.

    Also, I have a feeling that HMPA is interfering with the boot process on Win7. It only happens randomly, but my system sometimes ends up with a black screen and a moveable or frozen mouse pointer and the only way out is to hold down the power button. The event log shows a bunch of app crashes starting with winlogon.exe, EvtEng.exe, RegSrvc.exe, ndassvc.exe, conhost.exe, svchost.exe, etc. All the crashes are Exception code: 0xc0000005. These all happen before I kill the machine. It may be something else, but this happens on two different machines with HMPA running. I have the dumps of the system app crashes. Maybe something in those dumps might be related to HMPA

    Anyone else seeing these black screens on occasion after booting their system?
     
    Last edited: Feb 3, 2015
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    991
    Possible false alert Macrium Reflect FREE Edition 5.3.7277 (W7 64 bits/build 143).

    Logboeknaam: Application
    Bron: HitmanPro.Alert
    Datum: 3-2-2015 13:30:11
    Gebeurtenis-id:911
    Taakcategorie: (9)
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****-PC
    Beschrijving:
    Mitigation Lockdown
    Platform 6.1.7601/x64 06_17*
    PID 4212
    Application C:\Users\****\AppData\Local\Temp\reflectPatch.exe
    Description Patch Application 3.5.1
    Filename C:\Users\****\AppData\Local\Temp\_ir_vp2_temp_0\vpatch.exe
    Command line:
    "__IRAFN:C:\Users\****\AppData\Local\Temp\reflectPatch.exe"
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-02-03T12:30:11.000000000Z" />
    <EventRecordID>160323</EventRecordID>
    <Channel>Application</Channel>
    <Computer>****-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Users\****\AppData\Local\Temp\reflectPatch.exe</Data>
    <Data>Lockdown</Data>
    <Data>Mitigation Lockdown
    Platform 6.1.7601/x64 06_17*
    PID 4212
    Application C:\Users\****\AppData\Local\Temp\reflectPatch.exe
    Description Patch Application 3.5.1
    Filename C:\Users\****\AppData\Local\Temp\_ir_vp2_temp_0\vpatch.exe
    Command line:
    "__IRAFN:C:\Users\****\AppData\Local\Temp\reflectPatch.exe"
    </Data>
    </EventData>
    </Event>
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Did you add Macrium Reflect to Alert? if so, so NOT enable Application Lockdown. We are working on a manual that describes which type of apps should have Application Lockdown enabled and which ones should not.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you use AppCrashView and send me some of those logs?
     
  11. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    991
    Yes I added Macrium reflect to OTHERS. After removing Relfect from OTHERS no more problems updating.
     
  12. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,486
    Very good decision. I avoid SW that makes it difficult to re-install a license. It shouldn't matter how many times I re-install as long as it's on the same machine. Transferring a license to a new machine is fine and is understandable.
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Lockdown locks down the application (prevents starting downloaded PE files and limits access to autorun locations). Some applications do not like that. As a rule of thumb, only set Application Lockdown on internet facing applications.

    You can add it to OTHERS, but make sure to untick Application Lockdown on Macrium Reflect.
     
  14. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,486
    What logs do you mean? Do you want me to cut and paste the info for each ReportQueue file?
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Build 143 was only released past Friday. We do not immediately update all users to a new release candidate as it may contain unforeseen bugs. Since its been a few days and no show stoppers have been reported I have just now enabled the updater on build 141 so it updates to build 143.
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes. Send me a PM (or email) with 2 or 3 from those crashes. Would like to see the Winlogon crash.
     
  17. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,486
    e-Mail sent

    edit:
    and dumps sent
     
    Last edited: Feb 4, 2015
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,006
    Location:
    .
    What's in the HitmanPro Alert ~ "reports" folder. Noticed files (unreadable) before over install w 143. Now "reports" is empty.
    Where can I find an explanation re Passive vaccination v2 vs Active vaccination v3
    Why does Risk Reduction have a Disable mode. Why would I need / want to disable Risk Reduction ?
    What's the difference between Disable Mitigation and Remove Mitigation.
    What plans for a Help File ~ Maybe a descriptive function of the protection modules.
    What plans to add encryption to Office ~ Notepad / WordPad / ?...or, encryption is just for web facing.
     
  19. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,549
    Thank you, I won't run either of those with HMP.A.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,006
    Location:
    .
  21. guest

    guest Guest

  22. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Except that EMET lets me add any executable I like, while Alert doesn't let me protect certain applications I would prefer to protect, such as PDF X-Change Editor, VSO Downloader, etc. Perhaps Directory Opus too? Can't remember as I don't currently have Alert installed. I do remember that several EXEs I have configured in EMET were off-limits to Alert.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,006
    Location:
    .
    RCE = ?
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,006
    Location:
    .
    Interesting...have EMET on Vista. Never got around to install on W8.x
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,034
    Location:
    Among the gum trees
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.