HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,332
    Location:
    the Netherlands
    Thanks very much, Erik.
    But, er .. Tracker Update (TrackerUpdate.exe) is PDF-XChange Viewer's component for updating from within the program. It doesn't produce executables, or so I would think. I do not understand why HMPA would lockdown TrackerUpdate.exe.
    Nor do I understand how PDF-XChange Viewer could be updated successfully, while I used the updater component for updating and the updater component was locked down.
    Perhaps it could be wise if SurfRight could have a look at HMPA's reaction to TrackerUpdate.exe.

    Just to be sure, I ran PDF-XChange Viewer's current installer, PDFXVwer.exe 2.5.316.0. That worked fine, without interruption.
     
  2. hjlbx

    hjlbx Guest

    @erikloman
    @markloman

    HMP.A 3.1 Build 347
    W8.1 x86-64 OEM (Toshiba)

    HMP.A does not auto-add WordPad to protected applications.

    This issue with Word Pad persists from Build 344.

    I know others will chime in here and say that WordPad is automatically added on their specific system.

    On my specific system the issue is reproducible every time I install HMP.A Builds 344 and 347.
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You have two Word Pad applications on your machine, a 32-bit and a 64-bit Word Pad. Maybe that is cause of the confusion?
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I have replied via email.
     
  5. hjlbx

    hjlbx Guest

    @erikloman

    I have to manually add to Applications list and apply Office mitigations.

    I thought HMP.A used to auto-add WordPad to Applications upon initial installation ?
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Alert reads from the registry which apps should be protected. For example, the apps attached to the .rtf extension are automatically added. On standard systems, WordPad is attached to .rtf files. On your system WordPad seems no longer attached to .rtf? Please have a look in the registry under HKCR\.rtf and see what is listed there.
     
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,332
    Location:
    the Netherlands
    That is interesting information.
    LibreOffice, for instance, automatically associates .rtf. If you don't want that, you need to restore the association with WordPad.
    Erik, do you mean that when, for instance, LibreOffice associates .rtf, HMPA won't protect WordPad?

    Perhaps you remember that once I reported that first HMPA automatically added GOM Media Player for exploit mitigation, but later GOM Player was no longer among HMPA's protected applications? I reported that, but there never was a response to that report.
    Could it be that I changed GOM Player's file associations (I did, but I don't remember if it was in connection to that case), and that because of that GOM Player was no longer among HMPA's protected applications?

    If that would be true - I don't think it would be very wise to only protect applications that are associated to certain file extensions, as the same files can also be opened with other applications.

    However, I guess that is not what you meant, at all. :)
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,825
    Location:
    The Netherlands
    Was you able to block Norton?
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Not yet implemented.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.1.1 build 350 PreRelease

    Changelog
    • Improved Webcam Filtering to support Windows Hello.
    • Improved overall performance (compared to build 348 ).
    • Changed BadUSB default to off for new installs.
    • Changed Action mode to be only accessible from Advanced Interface.
    • Updated network component.
    Download
    http://test.hitmanpro.com/hmpalert3b350.exe

    Please let me know how this version runs on your computer :thumb:
     
  11. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,029
    No problems upgrading build 350 PreRelease. About Action mode. Maybe warn the user like 'Are you sure? YES/NO'

    Win10 1511 build 10586.63 x64/Norton Security with Backup v22.5.5.15
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,104
    Location:
    USA
    Updated to build 350 without incident. After rebooting BadUSB was off as expected (turned it back on) :thumb:
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Update was fine, and BadUSB was also off here.

    ERIK and MARK. Heimdal is still blocking your test site. You need to get them to correct it.
     
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,332
    Location:
    the Netherlands
    If BadUSB is only default to off for new installs, it shouldn't be off after updating, should it?
     
  15. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    @erikloman @markloman
    Please update the translation, the new strings have been added. Just download it from the usual link.
     
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    Here too.
    Bad USB was set to off, after update from 347 to 350.

    No way this should happen, when auto updating productive used machines.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    was there a 348...?
    3.1.1 build 350 + Enabled BadUSB
     
  18. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Updated from build 347 (BadUSB on) to build 350 without any issues.
    After the reboot BadUSB in build 350 was off and I turned it back on.
    However b350 was not a new install but an update from b347.
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Will be fixed in 351. Thanks all!
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,069
    Location:
    .
    Disable mitigations feels like on-the-fly. > No warning.
    Remove mitigations feels like not on-the-fly. > Warning.
     
    Last edited: Jan 13, 2016
  21. hotlips69

    hotlips69 Registered Member

    Joined:
    Nov 3, 2005
    Posts:
    55
    Location:
    Sussex. UK
    HitmanPro.Alert 3.1.1 build 350 upgraded perfectly on my W8.1 machine with BadUSB turned off after a reboot (from ON previously)
    I also updated my PDF X-Viewer to the latest v2.5 b316 without any issues on this build.

    I've been closely following this thread for well over a year, but only post when I've got something relevant to say.

    Please explain why BadUSB is OFF by default now as this is an important security feature surely?
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    Strange ... Heimdal is not blocking the site on my machine - unless it has been fixed now.
    Edit: Stranger still. I see now that it is in the Websites Blocked list in the log, but it did not prevent me from downloading.
     
    Last edited: Jan 14, 2016
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,419
    Location:
    Under a bushel ...
    I have asked support at Heimdal to whitelist test.hitmanpro.com (and some others).
     
  24. guest

    guest Guest

    build 350 run fine for me ;)
     
  25. hjlbx

    hjlbx Guest

    @erikloman
    @markloman

    "Upgrade" process from b347 to b350 without incident.

    BadUSB disabled as reported earlier.

    *** MAJOR PROBLEM ***

    • Windows 8.1 x86-64 - Clean Install
    • COMODO Internet Security Pro 8.2
    • COMODO sandbox is configured to force-run Cyberfox\Internet Explorer inside the sandbox
    • With build 347 installed, Cyberfox\Internet Explorer will force-run sandboxed

    • Install build 350, Cyberfox\Internet Explorer will NOT force-run sandboxed; when executed it will run OUTSIDE of COMODO's sandbox
    • build 350 messes with COMODO's sandbox
    • Uninstall build 350 (or revert back to build 347), and Cyberfox\Internet Explorer will again be able to be be force-run inside COMODO sandbox
     
    Last edited by a moderator: Jan 14, 2016
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.