HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    76
    Location:
    Long Beach, WA
    I have seen several more hmpa 190 and 193 that did not update on their own. When I right click the icon I see "No update available". It seems every computer that come into shop is running 2.5 or 187 or 190 or 193. The only ones that have 196 are the ones I manually upgrade with the download file.
     
  2. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    well still no go why isn't it updating auto? I know I can DL it manually but the purpose of auto updating is just that!!!
     
  3. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    hows the fix for the secure desktop issue with keepass coming along devs? appreciated
     
  4. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    447
    Location:
    USA
    Will Windows 10 Edge browser be added to Safe Browsing and Exploit Mitigation in a future release or is this something we should do manually?
     
  5. te7

    te7 Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    4
    When I open Firefox (latest Firefox) I don't get the popup in the top right hand corner saying HPA is protecting it. HPA is version 196. Chrome and IE 11 seem to be OK.
    My PC:
    Windows 7 SP1 Home Premium 64 bit (latest MS updates)
    Security: Norton 360; Malwarebytes Anti Exploit free (both real-time)
    I have several on demand scanners, including HitmanPro and Malwarebytes Anti Malware
     
  6. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    447
    Location:
    USA
    HMPA (build 196) is not playing nice with SandBoxie in Windows 10. I had to uncheck the SandBoxie "Software Compatibility" box for Hitman Pro Alert to get FF39 or IE 11 to run sandboxed. Not sure what kind of security implications this has or if it is a fix on the SandBoxie side or by SurfRight. Things are working nicely now so I'm just reporting.
     
  7. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Hint: Stacking multiple security products (Besides AV + sandboxie/mitigation software) will only cause compatibility issues.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,675
    Location:
    Among the gum trees
    Hi Erik and Mark,

    A bug with HMP.A in Win10 x64.

    I had added Windows Live Mail to the Protected Applications - Other template if it matters. Everything works fine in Win7 but in Win10 when I click on Update All I get three error messages from Windows, one after another. Something about memory not being able to be read or similar. I can post screenshots if required. I don't know which mitigation is causing this and I haven't experimented, but removing all mitigations stops the errors. It is build 196.

    Thanks.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
  10. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
    I have the current beat of Sandboxie, which has the Full access Open Pipe path, but the flyout is not appearing upon start up. Possibly the beat version? Had no problem with the previous version (I believe 2 betas ago).
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Have you set the flyout properly on Alert's main GUI?

    See chapter 3.1 of the Getting Started document:
    http://dl.surfright.nl/HitmanPro Alert Getting Started.pdf
     
  12. bberkey1

    bberkey1 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    243
    Location:
    United States
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Am I being ignored or overlooked here? This isn't the first time the Loman brothers fail to reply to my posts for whatever reason. Is it because they don't have the answer?
     
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,148
    Location:
    the Netherlands
    There's quite a few post Erik and Mark never reply to, in the HMP thread as well.
    I can imagine Mark and Erik don't have the opportunity to reply to all relevant posts (there's threads on other fora than Wilders as well), and I can imagine some posts are overlooked, and I guess sometimes SurfRight may not have the answers, but I must admit it's unfortunate to see the post that are not replied to ...
     
  15. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Don't forget that some questions have already been answered in the past and that running multiple security programs at the same time (Sandboxie, HMPA and EMET for example) is known to cause compatibility issues.
     
  16. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,155
    Really?
    Sandboxie already has a template for HMPA. And HMPA indicates it is compatible with other exploit mitigation software (though it's not necessary to have both).
    In that case, then any issue would be because of the interaction of sandboxie with EMET, right?
     
  17. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Let me rephrase my statement:
    Running half a dozen security protects at the same time might increase the chance of compatibility issues.
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I do not have the answer. I am currently on vacation so I can't test. Maybe others here can provide the answer.

    EDIT: I tried on Windows 8 and the hmpalert.dll is properly injected. But since it is a Metro application, the user interface (flyout, colored border) is not (yet) visible. We have UI support for Metro applications high on our to do list.
     
    Last edited: Aug 2, 2015
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Mark is one of the few in the office (I am on vacation myself). Other colleagues are also on vacation. If you have a pressing question, you have a better chance at mailing support at the moment.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    OK thanks! That's really good to know. Now if they would finally fix Chrome's Metro mode on Windows 10.
     
  21. m0unds

    m0unds Guest

    Tried out hmpalert and the exploit test tool, and noticed that only some of the keystrokes entered into a protected browser aren't actually encrypted.

    Additionally, it's horribly laggy when typing anything with keystroke encryption enabled, regardless of which browser I tried (IE, Chrome, Firefox). Has anyone else observed this? I'm on build 196 in Windows 10 Pro w/ESS 8 installed.

    http://i.imgur.com/u0vu535.png

    Here's a screenshot of the exploit tool's keylogger. Bet you can't guess what phrase I was typing over and over.

    i7 4770, 16GB RAM, SSD, etc.
     
    Last edited by a moderator: Aug 2, 2015
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I will forward the issue to my colleague responsible for the keystroke encryption. He is on vacation currently. When he gets back we will try to reproduce on Windows 10 w/ESS 8.
     
  23. m0unds

    m0unds Guest

    Thanks!
     
  24. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    76
    Location:
    Long Beach, WA
    Unable to open Microsoft Works 9 Spreadsheet XLR files
    Windows 7 64 bit, also has MSE and MBAM Premium

    Mitigation ROP

    Platform 6.1.7601/x64 06_3a
    PID 4976
    Application C:\PROGRA~2\MIDCA9~1\wksss.exe
    Description Microsoft® Works Spreadsheet 9.7

    Branch Trace Opcode To
    -------------------------------- -------- --------------------------------
    RtlEnterCriticalSection +0x37 RET AC_GetAdsAsync
    0x77952347 ntdll.dll 0x03BD6DED msadapi.dll

    0x03B91326 msadapi.dll RET AC_GetAdsAsync
    0x03BD6D40 msadapi.dll

    RtlEnterCriticalSection +0x37 RET AC_GetAdsAsync
    0x77952347 ntdll.dll 0x03BD6D1A msadapi.dll

    GetLastError +0x9 RET AC_GetAdsAsync
    0x75407883 KernelBase.dll 0x03BD6C87 msadapi.dll

    AC_GetAdsAsync * RET AC_GetAdsAsync
    0x03BB3ADF msadapi.dll 0x03BD6C66 msadapi.dll
    9c PUSHF
    83ec1c SUB ESP, 0x1c
    8944240c MOV [ESP+0xc], EAX
    890c24 MOV [ESP], ECX
    89542414 MOV [ESP+0x14], EDX
    895c2408 MOV [ESP+0x8], EBX
    89742410 MOV [ESP+0x10], ESI
    897c2404 MOV [ESP+0x4], EDI
    ff15e011b903 CALL DWORD [0x3b911e0]
    89442418 MOV [ESP+0x18], EAX
    8d4c241c LEA ECX, [ESP+0x1c]
    e82a000000 CALL 0x3bd6cbe
    8944240c MOV [ESP+0xc], EAX
    ff742418 PUSH DWORD [ESP+0x18]
    ff151010b903 CALL DWORD [0x3b91010]
    8b44240c MOV EAX, [ESP+0xc]
    (33A467699BA634A7)


    AC_GetAdsAsync RET AC_GetAdsAsync
    0x03BA523A msadapi.dll 0x03BB9B45 msadapi.dll

    AC_GetAdsAsync RET AC_GetAdsAsync
    0x03BCFE2A msadapi.dll 0x03BB9B37 msadapi.dll

    RtlAllocateHeap +0xe6 RET AC_GetAdsAsync
    0x7795E16C ntdll.dll 0x03BCFE29 msadapi.dll

    RtlImageNtHeader RET RtlImageNtHeader
    0x77963CF3 ntdll.dll 0x77963D1E ntdll.dll

    memcpy RET RtlImageNtHeader
    0x7795DF7C ntdll.dll 0x77963CF3 ntdll.dll

    RtlImageNtHeader RET RtlImageNtHeader
    0x77963D05 ntdll.dll 0x77963CDE ntdll.dll

    RtlLeaveCriticalSection +0x36 RET RtlImageNtHeader
    0x77952306 ntdll.dll 0x77963CC4 ntdll.dll

    RtlImageNtHeader RET RtlImageNtHeader
    0x7796409D ntdll.dll 0x77963C7A ntdll.dll

    RtlTryEnterCriticalSection +0x30 RET RtlImageNtHeader
    0x77962590 ntdll.dll 0x779639C2 ntdll.dll

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 03BD6E08 msadapi.dll AC_GetAdsAsync
    85c0 TEST EAX, EAX
    0f84de050000 JZ 0x3bd73ee
    c745d001000000 MOV DWORD [EBP-0x30], 0x1
    85ff TEST EDI, EDI
    0f84cf050000 JZ 0x3bd73ee
    8b8570ffffff MOV EAX, [EBP-0x90]
    8b4cf004 MOV ECX, [EAX+ESI*8+0x4]
    81e100000080 AND ECX, 0x80000000
    81f900000080 CMP ECX, 0x80000000
    0f859b050000 JNZ 0x3bd73d6
    8b14f0 MOV EDX, [EAX+ESI*8]
    8b8578ffffff MOV EAX, [EBP-0x88]
    8955d4 MOV [EBP-0x2c], EDX

    2 03BD6C94 msadapi.dll AC_GetAdsAsync
    3 03BB9B88 msadapi.dll AC_GetAdsAsync
    4 03B9BFFF msadapi.dll AC_GetAdsAsync
    5 03B9A962 msadapi.dll AC_CreateCustomAdClient +0x80
    6 03B9ADB3 msadapi.dll AC_CreateAdClient +0x28
    7 03B3600F msadctls.dll DllUnregisterServer
    8 03B41C81 msadctls.dll DllUnregisterServer
    9 03B42B97 msadctls.dll DllUnregisterServer
    10 03B39BF4 msadctls.dll DllUnregisterServer

    Process Trace
    1 C:\Program Files (x86)\Microsoft Works\wksss.exe [4976]
    "C:\PROGRA~2\MIDCA9~1\wksss.exe" "C:\Users\Owner\Documents\Cbdy2015\CbdyJune2015.xlr"

    2 C:\Windows\explorer.exe [2328]
    3 C:\Windows\System32\userinit.exe [2224]
     
  25. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    76
    Location:
    Long Beach, WA
    Cannot install Tea Time magazine 10th anniversary collection DVD without disabling Vaccination and or Process protection

    teatimemagazine.com
    Win 7 home 64 bit

    Mitigation Anti-VM

    Platform 6.1.7601/x64 3f_01
    PID 836
    Application C:\Users\LAURIE~1\AppData\Local\Temp\{6974D2F9-25F9-4D62-AE88-7567EE6DB302}\setup.exe
    Description InstallScript Setup Launcher 14.2.1

    VMware
    Process Trace
    1 C:\Users\Laurie Anderson\AppData\Local\Temp\{6974D2F9-25F9-4D62-AE88-7567EE6DB302}\setup.exe [836]
    C:\Users\LAURIE~1\AppData\Local\Temp\{6974D2F9-25F9-4D62-AE88-7567EE6DB302}\setup.exe -media_path:"D:\" -tempdisk1folder:"C:\Users\LAURIE~1\AppData\Local\Temp\{6974D2F9-25F9-4D62-AE88-7567EE6DB302}\"

    2 D:\setup.exe [2244]
    3 C:\Windows\explorer.exe [1228]
    4 C:\Windows\System32\userinit.exe [1268]
    5 C:\Windows\System32\winlogon.exe [804]
    winlogon.exe
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.