HitmanPro.ALERT Support and Discussion Thread

yes

 

See Erik's post:

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-290#post-2538057

 

I decided to resolve the ambiguity by removing WSA (my license was almost finished anyway). The HMPA live encryption indicator now works consistently. The only functionality that WSA offered which I don't have covered is protection against unauthorized screenshots. I'm not sure yet how to add that back to the mix.

 

Thanks! I missed that.

Will try enabled for now and see what my browsing experience is like.

 

Yep, Thanks. So, you ran WSA along with your signature..?

 

erikloman:

Sorry to report than my experiment has shown that it is HitmanPro Alert does not play nice with EMIS 11, at least on my PC. That saddens me because I really like your program and now I am left to hoping that Emisoft's new focus on improving it's defenses against ransomeware will be successful.

I have used BOTH MBAE and HMPA together with NO issues with Bitdefender IS 2016 and Norton Security. Dunno why it doesn't get along with Emisoft IS 11.

OS Win 8.1

 

Yes, I was running WSA along with HMPA, MBAM and WFC. They all got along OK apart from the issue of WSA breaking HMPA's keystroke encryption. I went back to Windows Defender for AV temporarily, but I will be experimenting.

 

Do you have problems with EMIS if you uninstall MBAE? In that case: don't run run MBAE and HMPA at the same time.

 

Works just fine here.

 

Well, your signature looks good. Thanks

 

And here.
EAM that is, not EIS.

 

If you read what I wrote earlier you would understand that I tried EMIS 11 With MBAE alone and with HMPA alone. Using EMIS 11 with HMPA ON MY PC causes frequent random freezing of my PC. MY PC is fine with EMIS 11 and MBAE alone.

I am very happy for all those for whom EMIS 11 and HMPA work well together on their PCs.

 

Since Win 10 Update (TH) the following error occurs with Beta 336 if I try to run Acrobat Reader:

Mitigation StackExec

Platform 10.0.10586/x64 06_3a
PID 5588
Application C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Description Adobe Acrobat Reader DC 15.9

Base 0x00090000
Stack top 0x0017D000
ESP 0x0018D1A8
Stack bottom 0x00190000

Code Injection
00E07000-00E08000 4KB C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [6904]
77C17000-77C18000 4KB
77C16000-77C17000 4KB
1 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [6904]
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\nytew\Downloads\Abholvollmacht_Ausweis_Pass-barrierefrei.pdf"
2 C:\Windows\explorer.exe [5716]
3 C:\Windows\System32\userinit.exe [6032]

Process Trace
1 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [5588]
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --channel=6904.0.338061407 --type=renderer /prefetch:1 "C:\Users\nytew\Downloads\Abholvollmacht_Ausweis_Pass-barrierefrei.pdf"
2 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe [6904]
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\nytew\Downloads\Abholvollmacht_Ausweis_Pass-barrierefrei.pdf"
3 C:\Windows\explorer.exe [5716]
4 C:\Windows\System32\userinit.exe [6032]

 

Another problem with open videos .avi

Mitigation LoadLib

Platform 10.0.10586/x64 06_17*
PID 5448
Application C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Description Reproductor de Windows Media 12

Callee Type ProtectVirtualMemory
0x0DBC0000 (2301952 bytes)

Allocated by C:\Windows\SysWOW64\guard32.dll

 

Just had a blue-screen, can't remember exactly what it said but it said something like "driver_stuffs_stuffs_stuffs (hmpnet.sys)" (no dump, sorry)

 

Guard32.dll = Comodo

 

Comodo reflectvely loading a 2MB dll. Wow.

 

We have this under investigation. Seems related to Win10 th2. Thats why I hate MS for giving devs just 2 weeks time to test their software on the biggest kernel change since Vista.

 

If you start eg. firfox and it freezes, please make a dump via TaskManager of the freezing hmpalert.exe process.

 

I've been looking for confirmation on this either way, but does HitmanPro Alert support any sort of passive or silent install? I can't seem to find whether it supports any install switches and I've not been able to see anything about this scanning through the 300 pages on this forum.

 

I did upgrade to Th2 but then I went back to normal RTM (build 10240) by restoring an image I had made before upgrading. So this didn't happen in Th2 for me.

Edit: Just got "Bad_Pool_Caller" as well but can't tell if that one is related to HMPA. (no dumps)

 

Supported list of command line options:

/install
Installs HitmanPro.Alert on the computer.

/uninstall
Uninstalls HitmanPro.Alert from the computer.

/mode=Full|CryptoGuard
Installs either full protection or just the anti-ransomware protection. Alert 3.1 or newer.

/update
Forces check for update.

/noautoupdate
Disables automatic update.

/silentalert
Hides the flyout and colored window border. Also doesn't show an alert to the end user when an exploit is blocked. So attack is still blocked and logged to the Windows Event Log.

/lic=XXXXX-XXXXX-XXXXX-XXXXX
Activates Alert during installation. Must be combined with /install

/flyout=Never|PerSession|PerApplication
Configures safety notifier

/vaccination=disabled|passive|active|exclude(“path1;path2;path3”)
Configures vaccination during install.

/show
Shows the user interface. Alert 3 must be installed.

/scan
Starts a malware scan. Alert 3 must be installed.

Hope this helps.

 

@erikloman

Which registry keys/folders of HMPA/HMP should be protected against Process Termination and potential modifications by malwares?

 

I have witnessed on two instances (Steam and Newsleecher) that Alert consumes a lot of CPU (Intel Core i5-3450) during downloads.

 

I think HMPA 336 Beta is silently crashing (Edit: By "silently" I mean not alerting me about it in any way) on my system. I have several like these in event viewer: "The HitmanPro.Alert service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service." and I will receive several safety notifications during one session even though it's set to once per logon session (I believe it's related to these crashes)

I DO have Malwarebytes Anti-Exploit Free as well but up until now they've played nicely together, perhaps they don't like each other on my system anymore, I'll try uninstalling it as well as re-installing 336 Beta. (Also have Comodo Firewall, Zemana AntiLogger Free and Zemana AntiMalware installed (Keystroke encryption turned off in HMPA))