HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Krond

    Krond Registered Member

    Joined:
    Aug 28, 2005
    Posts:
    55
    no specific Firewall and not specific security product. This is tested on a "naked" Win7, so win7-firewall and Windows Defender deactivated (not MSE, this is not installed).
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    My Ping has slowed a little but I don't know if that is related to HMP.A or network congestion.
     
  3. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    No speed impact, with HMP.A 3.1.8.360, combined with Kaspersky endpoint security10. (100Mb line)
    Confirmed on 6 machines.
     
  4. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,976
    I hadn't been in my HMPA snapshot for six days, or so. However, after booting into the snapshot, there was a notification that there was an update to v3.1.8 build 360 from v3.1.7 build 357... After, the first reboot I got a BSOD. Rebooted again, and this time it was OK.

    ScreenShots_HMPA_update_v3.1.8.build 360_01.gif
     
  5. volt99

    volt99 Registered Member

    Joined:
    Feb 22, 2015
    Posts:
    4
    Looking at your taskbar, i can see why :D
     
  6. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    Another false positive:

    Platform 10.0.10586/x64 06_3c

    Keyboard name QPAD DX-20 mouse
    Hardware ID HID\VID_22D4&PID_120A&REV_0077&MI_01&Col01


    Actual device: http://qpad.com/products/mice/dx-20/

    BadUSB & Vaccination are already off.
     
  7. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    :'(

    VMPlayer isn't a valuable solution for me because it implants a lot of services and doesn't offer snapshot functionality...
     
    Last edited: Feb 28, 2016
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You mean that when BadUSB is off you get this message?!?
     
    Last edited: Feb 28, 2016
  9. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Most mouses have a keyboard controller (for the extra mouse buttons).

    Can you reproduce the message you got? Uninstall, install, plugin the mouse.
     
  11. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    Ok I will try. I got this message during my OS bootup right before seeing the desktop. The protections mentioned above were off before this boot so they should be off for good.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
  13. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,024
  16. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    Norton returns...
     
    Last edited: Mar 5, 2016
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    To clarify, did you test it? I'm guessing because it's not white-listed by HMPA, it should be able to detect the API hooking.

    I'm thinking about installing a VM on my new machine, but I hardly test security tools anymore.
     
  18. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118

    I haven't had that issue anymore. I don't know why I got it in the first place but so far so good. I will let you know if I see it again.
     
  19. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    484
    Running HMP.A 3.1.8 build 360 on Vista HP SP2 x64 -- no problems to report. :thumb:
     
  20. zentech

    zentech Registered Member

    Joined:
    Mar 4, 2016
    Posts:
    1
    In use on XP SP3 from Feb 28, 2016. Some probs.

    1. Trying to disable HitmanPro.Alert I switched off Safe browsing, Exploit mitigations and Security. After (re)starting some apps the colored border was still there. (cont. in 2.).

    2. Hmm, maybe after a reboot? But a reboot takes to long so I tried en-and disabling the service When the enabling bar was halfway: BSOD. Probably caused by : hmpnet.sys ( hmpnet+935b )

    3. Chrome acted odd, all of a sudden couldn't find websites-->several different Chrome errors: could not resolve hostname etc. A transparant square (!?) on HTML5 Youtube videos. Closing the tab and reload didn't help.(cont. in 4.)

    4. So I looked in the taskmanager: hmpalert.exe approx 50% CPU use. Trying to disable the service a Windows message appeared something like: HitmanPro.Alert could not be reached. Status in Windows Services: Stopping.

    5. At one point HMPA saw two Opera's. Since I don't use it much I decided to uninstall Opera. HMPA blocked the uninstall
    Mitigation Lockdown

    Platform 5.1.2600/x86 06_0f*
    PID 2988
    Application C:\Program Files\Opera\35.0.2066.92\installer.exe
    Description Opera Installer 35

    Filename C:\Program Files\Opera\35.0.2066.92\installer.exe
    Created By C:\WINDOWS\Temp\opera autoupdate\CProgram FilesOpera\installing\installer.exe

    Process Trace
    1 C:\Program Files\Opera\35.0.2066.92\installer.exe [2988]
    "C:\Program Files\Opera\35.0.2066.92\installer.exe" /uninstall
    2 C:\Program Files\Opera\launcher.exe [3332]
    "C:\Program Files\Opera\Launcher.exe" /uninstall
    3 C:\WINDOWS\system32\rundll32.exe [3804]
    "C:\WINDOWS\system32\rundll32.exe" Shell32.dll,Control_RunDLL appwiz.cpl,,3
    4 C:\WINDOWS\system32\control.exe [684]
    "C:\WINDOWS\system32\control.exe" appwiz.cpl,,3
    5 C:\WINDOWS\explorer.exe [2648]
    6 C:\WINDOWS\system32\userinit.exe [2156]

    6. Freeze of the system (first time since I build this PC (2007)) After hard reset and some use: freezed again.

    After uninstalling HitmanPro.Alert:

    7. Wanted to install (an updated version of) Sandboxie as alternative. Firefox can't download the file (another "first" since 2007), the installer file remains in the downloadprocess, it's named: SandboxieInstall.exe.part. As a test tried to download the Faststone installer: same. So there seems to be a problem with downloading executables. PS HitmanPro.Alert could be downloaded ;)

    8. Downloaded SBIE with Chrome. When Chrome used Sandboxed with default settings: every download fails.
     
  21. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    If you avoid rebooting because 'it takes to long', you are probably creating some issues yourself.
     
  22. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    484
    HMP.A on Windows 7 HP SP1 x64 is preventing Windows Media Center from playing live TV:

    HMPA vs WMC.jpg
    The same thing had happened several builds ago on my Vista system, and I was instructed to disable the webcam notifier. Then I did the same thing on the Win7 system. However, HMP.A is intercepting WMC on Win7 despite the webcam notifier's being disabled.

    What other setting(s) should I disable or change, to be able to play TV again?
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,596
    Location:
    Outer space
    @erikloman
    Can you clarify?
     
  24. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    I've installed HMP.alert on a relatively new Windows 10 laptop running only Windows Defender. I am also running Office 2010. Since installing HMP.alert a few days ago I'm getting a few times a day a crash and restart of the Intel HD520 driver / igfx file. It seems to be only happening when I have Excel 2010, Outlook and IE11 open and uploading or acessing my files on a webserver. I get no exploit / attack warnings, just screen goes black for a second or two and the driver restarts in conjunction with the relevant Windows 10 notification.

    Is this a known issue? If so, what components to disable?
    Fyi I have already excluded the hmpalert.exe process from WD.
    I have also temporarily disabled all exploit mitigations for Excel, Word, Powerpoint and the problem is not recurring. But I don't want to keep all these apps permanently disabled.

    By the way, I've noticed that hmp.alert has not detected and not protecting Outlook 2010, is this normal?

    Not sure how relevant this may be, or not, I used to get something similar on a completely different PC with Windows 7 and running Webroot SA and I thought it was a conflict between HMP.alert and WRSA, but now I am not running the two together.
     
    Last edited: Mar 6, 2016
  25. e23

    e23 Guest

    @erikloman
    @markloman

    Hi,

    after update to 360 I still have my IPv6 settings reset when hmpa-service starts.
    I have the value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents set to 0xff.
    As soon as hmpalert.exe starts the value is reset to 0x00.
    For now I have created a task at logon which disables IPv6 again so that the interfaces won't be installed again.
    I really think hmpa shouldn`t change these settings at all.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.