HitmanPro.ALERT Support and Discussion Thread

HitmanPro.Alert 3 Build 166 Release Candidate

Changelog

• IMPROVED: ROP mitigation
• IMPROVED: LoadLib mitigation
• IMPROVED: BadUSB mitigation
• IMPROVED: Intruder detection in Safe Browsing
• FIXED: Webcam Notifier enable/disable was broken
• FIXED: BSOD caused by race condition in driver

Download
http://test.hitmanpro.com/hmpalert3b166.exe

Please let me know how this version runs on your computer

 

Nice,

I'll give it a try.

 

I'm installing now. Will report back if I have any problems.

Edited 3/10 @ 7:51: I installed HMPA as a new install. I did not update to build 166, and I installed to an image that had never had HMPA installed on it before.

 

Restarted and up and running great here, Erik.

Thanks,
Dave

 

Just so you know NOD 32 flagged the installation 3 times as a potentially unsafe application. Below is the log files from NOD 32.


3/10/2015 6:42:57 PM Real-time file system protection file C:\Windows\system32\drivers\hmpnet.sys a variant of Win64/NetFilter.A potentially unsafe application WatchTower-5\achilles
Event occurred on a new file created by the application: C:\Users\achilles\Downloads\hmpalert3b166.exe.

3/10/2015 6:42:58 PM Real-time file system protection file C:\Windows\system32\drivers\hmpnet.sys a variant of Win64/NetFilter.A potentially unsafe application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Online Armor\oasrv.exe.

3/10/2015 6:43:00 PM Real-time file system protection file C:\Windows\TEMP\UDD10D.tmp a variant of Win64/NetFilter.A potentially unsafe application NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\Windows\System32\svchost.exe.

 

Installed over the top of build 155. No issues so far, however after the restart the first time the tray icon was missing.
Win7 64 Ult.

edit: No beep from NOD32 AV on this machine.

 

Updated over 155 (W8.1 x64). No issues so far.

Had strange BSOD's lately. Hope it's fixed/was caused by HMPA.

 

I tried to activate my license key instead of using the trial, and I keep getting a server error. The only entry I could find that might be related in window's event viewer said check for update failed. Try again in 120 minutes. This entry was recorded before I tried to activate my license though. Maybe you are having server issues, or maybe something else is going on. I'm using Windows 7x64 Ultimate.

 

Installed over build 155 no issues so far..

 

I just clicked on Windows Media Player, and got the welcome screen you get when you run Windows Media Player for the fist time. I had to reconfigure all of my settings for Windows Media Player. I looked in Windows update history, and it did not list any update for Windows Media Player. Has anyone else experienced this after installing, or updating to the latest build? I'm using Windows 7x64 Ultimate.

Edited 3/11 @2:31 am: I rolled my machine back to a time before ever installing HMPA. Windows Media Player still gave me the intro screen you get when you run Windows Media Player for the first time. We can eliminate HMPA as the cause now. It was just a coincidence. It had to have been caused by an update released by Microsoft since several other users are reporting the same thing.

 

I think there is definitely a conflict with this build, and Online Armor firewall. Right after installing this build Windows reported that my firewall was turned off. It also disabled Online Armor Program guard, and anti-keylogger guard. That could account for all the other odd behavior I just posted about above. I'm using Windows 7x64 Ultimate.

I got this event when installing HMPA from NOD 32. According to NOD 32 HMPA was attempting to do something with OA service driver. I'm not sure if this has anything to do with it, but I thought I would mention it in case it did.

3/10/2015 6:42:58 PM Real-time file system protection file C:\Windows\system32\drivers\hmpnet.sys a variant of Win64/NetFilter.A potentially unsafe application NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Online Armor\oasrv.exe.

 

I just had Firefox crash when closing it. Firefox crashes every time I close it now. My computer is going nuts since installing HMPA build 166. I think it is probably due to a conflict between HMPA, and Online Armor. I did not have any problems with build 155 though. Below is crash info from mozilla bug reporter.

AdapterDeviceID: 0x6719
AdapterDriverVersion: 14.501.1003.0
AdapterSubsysID: 0b001002
AdapterVendorID: 0x1002
Add-ons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118,fiddlerhook%40fiddler2.com:2.4.9.7,calomelsslvalidation%40calomel.org:0.74,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.17,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.7,%7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:5.0.12,firefox%40ghostery.com:5.4.3
AvailablePageFile: 14791012352
AvailablePhysicalMemory: 6533427200
AvailableVirtualMemory: 3641425920
BIOS_Manufacturer: American Megatrends Inc.
BlockedDllList:
BreakpadReserveAddress: 235864064
BreakpadReserveSize: 67108864
BuildID: 20150305021524
CrashTime: 1426030400
EMCheckCompatibility: true
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1425914891
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x6719, AdapterSubsysID: 0b001002, AdapterDriverVersion: 14.501.1003.0
D2D? D2D1.1? D2D1.1+ D2D+ DWrite? DWrite+ D3D11 Layers? D3D11 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 217
ShutdownProgress: quit-application
StartupTime: 1426030206
SystemMemoryUsePercentage: 23
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 17159340032
TotalPhysicalMemory: 8580620288
TotalVirtualMemory: 4294836224
URL: https://www.wilderssecurity.com/
User32BeforeBlocklist: 1
Vendor: Mozilla
Version: 36.0.1
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IP] : 2 : 2 :
MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [TCP/IPv6] : 2 : 1 :
MSAFD Tcpip [UDP/IPv6] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IPv6] : 2 : 3 :
RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP TCP Service Provider : 2 : 1 :
RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
RSVP UDP Service Provider : 2 : 2 :
useragent_locale: en-US

This report also contains technical information about the state of the application when it crashed.

 

Yep, had that too!

 

I'm glad i'm not the only one. When your the only one experiencing problems it makes it look like your computer is the problem. It should make it easier to discover the problem.

 

I just reboot for a third time, and Online Armor firewall is working again now. Online Armor Program Guard, and anti-Keylogger guard is working again also. Firefox has also stopped crashing when closing it.

Edit: Btw.. I installed HMPA as a new install. I did not update, and I installed to an image that had never had HMPA installed on it before.

 

No problems with FF here though. Everything else is working fine here.

I wonder if this update is related to WMP?

http://support.microsoft.com/kb/3035126

 

Same here...

 

The link you posted is no good. I checked my update history from today's updates, and I did not find anything listed for Windows Media Player.

 

Firefox is no longer crashing for me, but maybe it will start again later. It did not happen until installing build 166. I did not have any problems with build 155 other than the blue protection border not disappearing around Media Player Classic. The Firefox crash could have something to do with the Online Armor, and HMPA conflict I experienced when installing this build. I had a serious conflict between the two as described in my previous post. Online Armor, and HMPA both inject into Firefox. Online Armor injects into almost everything, and HMPA injects into quite a bit also.

 

This WMP problem can't be related to the new HMP.A. I haven't updated to build 166 yet and I just opened WMP and got the Welcome Screen and it took me though things like it was the first time I used it. Same behavior on all 3 of my Win7 x64 computers running HMP.A b155. There must have been something in the updates from MS today.

 

Woops!

I just got this DEP alert when I closed Firefox 36.0.1.

Code:

Log Name:      Application
Source:        HitmanPro.Alert
Date:          11/03/2015 12:25:03 PM
Event ID:      911
Task Category: (9)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Dave-PC
Description:
Mitigation   DEP

Platform     6.1.7601/x64 06_25
PID          352
Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description  Firefox 36.0.1

IP = 00000000,
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-03-11T01:25:03.000000000Z" />
    <EventRecordID>6900</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Dave-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
    <Data>DEP</Data>
    <Data>Mitigation   DEP

Platform     6.1.7601/x64 06_25
PID          352
Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description  Firefox 36.0.1

IP = 00000000,</Data>
  </EventData>
</Event>

 

Any word if it's compatible with Sophos Endpoint Security yet?

Before it was unusable with it! I'm afraid to test it as it caused severe system instability.

 

I'm still unable to activate my product key. I still get the same server error message I reported in post 4358.