HitmanPro.ALERT Support and Discussion Thread

Can you look in the Windows Event Log and see if the hmpalert service has crashed?

 

Unfortunately not. At least not until next weekend.

I'll try to reproduce it at home first (similar hardware, different software).

 

Thanks Dermot-but I've tried all the suggestions from Mozilla and nuttin works - some I can't do cuz the browser freezes and still have no idea where Flash for FF resides and how to turn off protected mode . which sounds like not such a smart thing to do from it's description in IE

 

Thursday 9th, I wrote,

To which Erik replied,

Since then, I've been testing with some more applications, on both Windows 7 SP1 x64 and Windows Vista SP2 x86.

Regarding the colored borders -
I found that colored borders don't show with maximized LibreOffice applications (Calc, Draw, Impress, Writer), PDF-XChange Viewer, Windows Media Player, VLC media player and GOM Player.
With GOM Player, the colored border doesn't show with non-maximized window either.
And maximized WordPad has a colored border on Windows 7 SP1 x64, but not on Vista SP2 x86.

And I found that colored borders don't show with IE9 and IE11 InPrivate navigation, not when maximized, but not with non-maximized InPrivate navigation either.

Regarding flyouts -
LibreOffice applications (Calc, Draw, Impress, Writer) have a double flyout when starting the application.

And in IE, there is the normal flyout with starting the application, but sometimes there's another flyout with opening a webpage in a new browser tab.
I'm not yet sure what triggers those extra flyouts. And I'm not sure if I have only seen this in IE9, or also in IE11.

I think all those border and flyout stuff is interesting but no real biggie.
If I'm done testing, I will probably disable the colored borders, I don't really need them.
Nevertheless, as others may expect the borders to work, I think it is recommended to check out those bugs.

Another thing,
Regarding Keystroke encryption -
With HMP.A 3, I noticed I that in Internet Explorer I couldn't type the apostrophe (') or the quotation mark (") in webforms like the in Wilders Security Forums reply form, or the Security.nl reply form (and probably other webforms).
I need to disable HMP.A 3 Keystroke encryption to be able to type the apostrophe or quotation mark in webforms as mentioned.
I hope this is not expected behavior and I hope it can be fixed.

And finally,
as already mentioned in an earlier post,
I see Internet Explorer Lockdown when trying to access Properties in right-click context menu in Internet Explorer, of which I also hope it is not expected behavior and it can be fixed.
Edit:
N.B.
Where I say access Properties in right-click context menu in Internet Explorer,
I mean access Properties by right-clicking in some empty space in an open Internet Explorer tab, not access Properties by right-clicking an IE shortcut.

 

Yeah, IE11 + W8.1.x no issue with ' or " and no issue w Properties...I'm build 181
Maybe a W7 thingy

 

No flyout, when HMP.Alert is unistalled. Flyout, when installed.
Cherry keyboard working, when unistalled. Not working, when HMP.Alert is installed.

No question, to allow new USB-keyboard after reinstall, for my cherry keyboard, or another keyboard, that has already been allowed,
but question for permission for any other new keyboard, I've tried.

Conclusion:
HMP.Alert keeps track of known keyboards!
Otherwise it would ask for permission.

Must be confidential, how this bad-usb feature works.

I can't think of any other reason, not to give me advice, how to reset the usb history.

:

 

Confirmed for W7-x64, IE11, hp240, hpa181,..
Firefox however is working fine!

NOT Confirmed for W7-x64, IE11, hp240, hpa181,..
EDIT: Confirmed for W7-x64, IE11, hp240, hpa181,..

 

Thanks.
I hope Erik or Mark will be able to reproduce the mentioned apostrophe and quotation mark Keystroke encryption issue and fix it.

Just to be sure,
I meant access Properties by right-clicking in some empty space in an open Internet Explorer tab, not access Properties by right-clicking an IE shortcut.
That may have been clear, but I'm not sure. To be sure, I also made a clarification in my Internet Explorer Lockdown post.

 

I downloaded EEK with Firefox 37.0.1 to my downloads folder. Then I manually started the EEK executable from within Windows Explorer by double-clicking it.

 

Tried to reproduce the EEK issue on my own PC: this time no alert from HMPA (correct behavior?), so unfortunately I cannot reproduce this issue now (I'm unable to access the other PC until next weekend).

 

installed hmp.a3_181 on xp, not seeing conflicts, slowdowns, or popup alerts so far. have not "tested" it other than running browsers...

 

NO that was not clear to me in the first time.
Now I can Confirm this problem for W7-x64 with IE11, hp240, hpa181,...

 

Oops, my bad.
Good that I make a clarification, and also in my Internet Explorer Lockdown post.

Thanks very much. So I'm not crazy after all.
I hope Erik or Mark will be able to reproduce the mentioned Internet Explorer Lockdown issue and fix it.

 

Mitigation DEP

Platform 6.3.9600/x64 06_45
PID 9564
Application C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Description Firefox 37.0.1

IP = 06FF0010, State = 0x1000, Type = 0x20000, Protect = 0x4

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 61332711 xul.dll ??1ElementAdder@js@@QAE@XZ
8b4604 MOV EAX, [ESI+0x4]
83c420 ADD ESP, 0x20
85c0 TEST EAX, EAX
0f858c000000 JNZ 0x613327ab
8d4c2418 LEA ECX, [ESP+0x18]
e8c2000a00 CALL 0x613d27ea
8d5e28 LEA EBX, [ESI+0x28]
8bcb MOV ECX, EBX
e884000000 CALL 0x613327b6
84c0 TEST AL, AL
7505 JNZ 0x6133273b
384638 CMP [ESI+0x38], AL
7533 JNZ 0x6133276e
8b0f MOV ECX, [EDI]
57 PUSH EDI
e889e2ffff CALL 0x613309cc


Process Trace
1 C:\Program Files (x86)\Mozilla Firefox\firefox.exe [9564]
2 C:\Windows\explorer.exe [3088]
3 C:\Windows\System32\userinit.exe [4092]
_________________________________________
second time since 181 W8.1 x64 FF 37.0.1 (not SBIE'd) Firefox closes with Intercept ...tabs remain on reopen FF

 

+ 1
[8.1 x64][IE 11 EPM on][181]

Mitigation Lockdown

Platform 6.3.9600/x64 06_3c
PID 2444
Application C:\Program Files\Internet Explorer\iexplore.exe
Description Internet Explorer 11

Process Trace
1 C:\Program Files\Internet Explorer\iexplore.exe [2444]
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4584 CREDAT:3151374 /prefetch:2

2 C:\Program Files\Internet Explorer\iexplore.exe [4584]
3 C:\Windows\explorer.exe [2416] 4 C:\Windows\System32\userinit.exe [2316]

I can not confirm this

 

Yes, with IE11 (32 bit) on Windows 7 x64 right-clicking on a webpage and then left-clicking "properties" causes this reproducible crash (see screenshot). However I have no problem typing apostrophe and quotation characters in forms with keystroke encryption enabled.

 

Looks very interesting program. I'll try it.

 

+1
right-clicking on IE11 webpage and then left-clicking "properties"
W8.1 x64 + IE11 EPM + 64bit processes for EPM
Mitigation Lockdown

Platform 6.3.9600/x64 06_45
PID 10824
Application C:\Program Files\Internet Explorer\iexplore.exe
Description Internet Explorer 11


Process Trace
1 C:\Program Files\Internet Explorer\iexplore.exe [10824]
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:8220 CREDAT:267777 /prefetch:2

2 C:\Program Files\Internet Explorer\iexplore.exe [8220]
3 C:\Windows\explorer.exe [3088]
4 C:\Windows\System32\userinit.exe [4092]

 

Well, it was just a general comment, based on new problem reports with IE and Chrome. I just wonder if these are caused by bugs in HMPA or if other things play a role. The people on Wilders Security can deal with this stuff, but Average Joe will not be amused.

 

No reply? I just tested again, and the bug is still there. Also, seemed to have disabled the new install of XBCD and changed the Windows Explorer theme to classic.

 

Just had upgrades from 2.6.5.77 to 3.0.36.181 go bad, the hitmanpro.alert service will not start at boot.
Both computers are Win 7 64 bit, with MSE and MBAM Premium. Strange, it worked on some other ones.
I guess I will try uninstall/reinstall HMPA, yep that fixed it. From now on I will uninstall v 2.6 first

 

If that happens, I usually run the installer as an admin with the /install flag. No need to reboot.

 

Def. think there's an Issue with HMPA and Firefox. Yes I have had issues with Flash Plug-in with FF BUT the Silverlight crash issue is new AND only happens with HMPA active:

1) Switched from NS 2015 to Bitdefender TS 2015 -- Silverlight crashes

2) BD TS 2015 With MBAE disabled - Silverlight crashed

3) BD TS 2015 with MBAE and BD Anti Ransomeware disabled - Silverlight Crashes

Only happens in FF and not in IE11

Friggin Mozilla Mozilla = Godzilla of Plug-ins.

 

Erik,

I have had HMP.A crashing a fair bit lately. I will PM you with the details.