HitmanPro.ALERT Support and Discussion Thread

SurfRight is a really small player. Our software HAS to work with other security products. So we test our software with every release (people at Wilders play a large part in this). While we test against big players (Avast!), the big players do not test against small players (SurfRight). So when a big player releases an update, sometimes they break compatibility with the small players. Avast! was working at the time we release build 196 (current build).

We have your problem in investigation but since it is Vista we do not have a high on our list. We are preparing an update and I hope we can include a fix for your specific case.

 

Getting close, Erik?

 

I just had an alert in Firefox going to https://github.com/gorhill/uBlock/wiki . I clicked on Wiki from the About tab in the uBlock origin dashboard when the alert appeared, but I can't recreate the alert.

Spoiler

Mitigation StackExec

Platform 6.1.7601/x86 06_17*
PID 5480
Application C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
Description Adobe Flash Player 18.0 r0

Callee Type ProtectVirtualMemory
0x0017B010 (54 bytes)

Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 74505C76 hmpalert.dll +0x55c76

2 01025158 FlashPlayerPlugin_18_0_0_232.exe
85c0 TEST EAX, EAX
7428 JZ 0x1025184
8b45fc MOV EAX, [EBP-0x4]
3b450c CMP EAX, [EBP+0xc]
7520 JNZ 0x1025184
837e0c00 CMP DWORD [ESI+0xc], 0x0
7428 JZ 0x1025192
8b5508 MOV EDX, [EBP+0x8]
8d4d0c LEA ECX, [EBP+0xc]
51 PUSH ECX
8b4e04 MOV ECX, [ESI+0x4]
52 PUSH EDX
8b5610 MOV EDX, [ESI+0x10]
8d45ec LEA EAX, [EBP-0x14]
50 PUSH EAX
51 PUSH ECX

3 010252DF FlashPlayerPlugin_18_0_0_232.exe
4 01017709 FlashPlayerPlugin_18_0_0_232.exe
5 01018063 FlashPlayerPlugin_18_0_0_232.exe
6 01018148 FlashPlayerPlugin_18_0_0_232.exe
7 010132A0 FlashPlayerPlugin_18_0_0_232.exe
8 01013347 FlashPlayerPlugin_18_0_0_232.exe
9 0100C8B6 FlashPlayerPlugin_18_0_0_232.exe
10 010727AA FlashPlayerPlugin_18_0_0_232.exe

Process Trace
1 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe [5480]
"C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe" --proxy-stub-channel=Flash5860.627334F0.17870 --host-broker-channel=Flash5860.627334F0.24361 --host-pid=5860 --host-npapi-version=28 --plugin-path="C:\Windows\system32\Macromed\Flash\NPS

2 C:\Toolbx\Firefox\plugin-container.exe [5860]
"C:\Toolbx\Firefox\plugin-container.exe" --channel="5680.2.819653717\1725624982" "C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll" -greomni "C:\Toolbx\Firefox\omni.ja" -appomni "C:\Toolbx\Firefox\browser\omni.ja" -appdir "C:\Toolbx\Firefox\browse

3 C:\Toolbx\Firefox\firefox.exe [5680]
4 C:\Windows\explorer.exe [1380]
5 C:\Windows\System32\userinit.exe [440]
6 C:\Windows\System32\winlogon.exe [1036]
winlogon.exe

 

Stack is being made executable. Interesting! Definitely looks suspicious.

 

HitmanPro.Alert 3.0.50 Build 198 Release Candidate

Today we release a small update on the 3.0 branch. If you are running Windows 10 or Kaspersky 16 you may find this update interesting.

Be sure to read our next post outlining Alert 3.1 BETA.

Changelog

• Improved Colored Window Border on Windows 10.
• Improved compatibility with Internet Explorer in combination with Kaspersky 16.
• Improved Software Radar to detect new browsers.
• Fixed support for 32-bit Windows 10 environments.

Release Notes
ESET currently flags our hmpnet.sys driver if you have ESET's "potentially unwanted applications" feature enabled. This is a false positive on behalf of ESET.

Download
http://test.hitmanpro.com/hmpalert3b198rc.exe

Please let me know how this version runs on your computer

 

Is there anything I need to do on my side? Why would it only happen once?

 

Did you find some time to change this new beta for my problem ?
In other words, do you like I test Vista with hmpalert3b198 ?

 

HitmanPro.Alert 3.1 build 310 BETA

Today we release a fresh new version: Alert 3.1.

Major new feature is that Alert can now install Anti-Ransomware only. A lot of customers asked us for this feature and now it is here! This new crypto-ransomware protection only mode also supports Windows Server 2008 R2 (or newer) environments.



Other notable new feature is the support for Windows apps (Metro applications) like Microsoft Edge. The support for Windows apps also required us to rework the Colored Window Border feature so this also received an overhaul.



Changelog (compared to build 196)

• Added support for Microsoft Edge browser.
• Added Exploit Mitigation support for Windows apps (previously called Metro applications).
• Added Anti-Ransomware install mode. This mode also supports Windows Server 2008 R2 (or newer) environments.
• Added new Colored Window Border implementation to support Windows apps (Metro applications).
• Added new Keystroke Encryption implementation.
• Added support for Windows apps (Metro applications) in the Running Applications list available from the Advanced UI.
• Added experimental VTable Hijack mitigation on Adobe Flash.
• Added Control Flow Guard support. All binaries of HitmanPro.Alert have been compiled with Control Flow Guard (CFG).
• Improved DEP mitigation.
• Improved ROP mitigation (thanks Niels Warnars).
• Improved compatibility with Internet Explorer in combination with Kaspersky 16.
• Improved Installer/uninstaller.

Release Notes
ESET currently flags our hmpnet.sys driver if you have ESET's "potentially unwanted applications" feature enabled. This is a false positive on behalf of ESET.

Download
http://test.hitmanpro.com/hmpalert3b310.exe

Please keep in mind that this is a BETA build and it should NOT be used in production environments!

Please let me know how this version runs on your computer

 

Yes please let me know. Meanwhile I have started testing the combination myself.

 

Erik,
I've installed this RC on my Win7 machine and so far it's working fine.

I installed

on my Win10 x64 machine and now I can't open Norton Identity Safe. The Vault login screen appears but I can't type my password.

Norton Security 22.5.2.15

Thanks,
Dave

Edit: Uninstalled the BETA and installed the RC on Win10 and I can now type my password to open Norton Identity Safe.

Edit 2: I'm not seeing the coloured border around Edge. I uninstalled Alert using REVO Pro, restarted and reinstalled the RC and EDGE is not detected at all.

 

3.0 does not support Edge.
3.1 supports Edge.

If you open v3.1 HitmanPro.Alert GUI, do you see Edge listed under the blue tile?

 

Ah, that explains it.

While I had 3.1 installed Edge was not listed until I opened it but was then. Coloured border showed and Keystroke Encryption appeared to be working.

Norton ID Safe is too important for me to lose functionality, so I've had to revert to 3.0 for now.

Thanks.

 

We are able to reproduce the Norton Identity Safe issue. We have it under investigation.

 

Thank you good sir!

 

Upgraded 3.0.48 build 196 and after reboot running without incident on Windows 10x64

Edit: Colored window borders are lining up much better with the edges of the apps. Live encryption indicator is showing on Firefox, Chrome and IE 11.

Also, although I have the "auto hide colored window border" option disabled the colored border only shows when an app has focus.

 

Salutations, Friend!

> Can you provide a link for the stable version of Hitman Pro Alert for Windows 10 that will work with Windows Edge?
> Are their any conflicts with SandBoxie?

> http://forums.sandboxie.com/phpBB3/viewtopic.php?f=11&t=21539

Kind regards,

Moose

 

Did you test a set-up with HMPA, SBIE and Edge yourself?

 

I believe the HitmanPro.Alert 3.1 build 310 BETA announced above is the first version to support Edge.

 

Nice, a new beta!

Updated without a problem (W10 build 10240).

Firefox 40.0.3: a green border.
Edge: no green border (not supported yet).
IE11: no green border.

With Sandboxie beta 5.0.13:
Firefox 40.0.3: a green border.
Edge: cant be sandboxed at this moment.
IE11: no green border.

I use Norton Security with Backup v22.5.2.15.

 

Updated to build 198 or build 310?

Edge is supported by build 310.

 

Still same problems in Vista and Avast with hmpalert3b198.

Going to try it now with hmpalert3b310.exe

 

Just a heads up, Norton ID Safe isn't working with the Beta 3.1 build 310 yet.

 

HMP.A build310 is running fine on my office machine,
but I find the wider border annoying. (1600x1200 resolution, with 125% display)
There should be an option to adjust the wide of the border.

In Google Chrome the border now fades in when I hover over the new tab button...annoying.
In previous version I had to move the mouse pointer to the rim of the window.

Beside that, I like the new feature, Anti-Crypto only, for servers

 

Build 310: no border with Edge. IE11 also no border.