HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,115
    Location:
    USA
    Is the crash reproducible if you re-enable the mitigations on the Office apps?

    Regarding Outlook you can add it manually. Run Outlook, click on the Exploit Mitigation tile in HMPA advanced interface, select "Running applications", and you should see Outlook.exe in the list under "Not Protected". Use the Office template.
     
    Last edited: Mar 6, 2016
  2. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    I have since both reset then re-installed .alert and today re-enabled full protection, I will let you know if there are any more problems.

    For Outlook 2010, I guessed that it was omitted deliberately because there may be some stability issues or fine-tuning of settings required? Even after re-install it does not auto-detect Outlook. I will enable it but would like to be aware of why it does not auto-detect and if you have any suggestions for a stable existence, or is Office default setting fine, as you suggest?
     
  3. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    128
    Location:
    Alps
    I have a question regarding .alert and the claim to provide "safe browsing". In simple terms, does it offer some isolation of the browser session from malware that might already be residing undetected on the PC, for example through detection of keyloggers which I know is a function of .alert? Or does it mainly focus like Sandboxie in some ways in helping keep the bad stuff out?

    The reason for my question is that I'm trying to get more of an understanding of whether .alert can be a replacement for a standalone tool such as Safepay from Bitdefender which although it creates a kind of virtual container, still uses a version of Chrome in the free version that's nearly 2 years old! I know I'm not comparing like with like exactly, but how much protection does .alert offer against intercepting / watching say an online banking session, other than encrypting keystrokes?
     
  4. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    yes...even if 'isolation' isn't the proper term (definition?).
    Safe Browser should be interpreted as a kind of alarm that alert you about compromized surfing (it's a sort of defence ex-post)...

    no, absolutely

    i don't know Safepay but anyway i'll rely solely on Surfright software...
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    .... and presume, Windows Defender + Windows Firewall ....
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,115
    Location:
    USA
    I don't know why HMPA didn't pickup Outlook automatically in your case; it did on my two systems. I'm not aware of the need for special settings. If I needed to add it manually I would just use the Office template. Individual mitigations, etc, can be toggled manually afterward if necessary.

    Regarding Bitdefender Safepay when I last tried it it did not allow browser plugins. Of course that is part of its protection philosophy, but I find that too restrictive.
     
  7. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    HitmanPro.Alert alerted me of webcam access that came from a legitimate anti-theft software. I hope there's a way for HMP.A not to interfere because that alert might just cause my laptop to be in danger more.
    What happened was that I tried to test (simulate) Prey to see if it was operational. Then, when it activated, HMP.A alerted me that Prey wants to access the webcam. The problem is when my laptop would really be stolen. If the thief would be aware of Prey because of HMP.A's alert, then finding my laptop might get more difficult.

    Is there anything I can do?
     
    Last edited: Mar 8, 2016
  8. Cibb

    Cibb Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    1
    Problems with HitmanPro.Alert 3.0 Build 360 + Tom Clancy's The Division (Ubisoft)
    (Sorry my english is bad)

    Hi, ...

    I'm using HitmanPro.Alert 3.0 Build 360 on 3 PCs (Windows 10 Pro X64)

    If I have HitmanPro.Alert 3.0 Build 360 installed, I could not play Tom Clancy's The Division on all 3 PCs.

    Starting the Game, logging in, .... and ingame i can't do anything. If I use my keyboard: no moving by pressing WASD, no interactions, ... nothing happens by pressing a key.

    I have tried to disable all possible features ... (incl. "Keystroke Encryption") really ALLE Features are disabled
    I have tried to set all executables from Tom Clancy's The Division (incl. Ubisoft-Launcher) on the exceptions list

    Nothing happens! Further (Ingame) no moving by pressing WASD, no interactions, ... nothing happens by pressing a key.

    The only working solution was uninstalling HitmanPro.Alert 3.0 Build 360

    The error is repeatable
     
  9. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    HMPA is blocking the latest version of Keepass that was released today. Instal was fine but can't run the program.
    Have gone back to the previous version of Keepass.
    HMPA 3.1.8 build 360
    Keepass version being blocked 2.32
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What is the message?
     
  11. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    Sorry. Is this too much? I'll delete if so.
    Attack intercepted. Keepass 2.32 has been terminated to prevent execution of malicious code.
    Mitigation Caller Check
    Platform 10.0.10586/x64 06_25
    PID 6276
    Application C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
    Description KeePass 2.32

    Callee Type CreateProcess
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

    Stack Trace
    # Address Module Location
    -- ---------------- ------------------------ ----------------------------------------
    1 00007FFD94ECC9E6 KernelBase.dll CreateProcessW +0x66
    2 00007FFD974C3B53 kernel32.dll CreateProcessW +0x53

    3 00007FFD14BBA916 (anonymous; clr.dll)
    488b9588000000 MOV RDX, [RBP+0x88]
    c6420c01 MOV BYTE [RDX+0xc], 0x1
    48bae4051574fd7f0000 MOV RDX, 0x7ffd741505e4
    833a00 CMP DWORD [RDX], 0x0
    7406 JZ 0x7ffd14bba936
    ff154262595f CALL QWORD [RIP+0x5f596242]
    8bf0 MOV ESI, EAX
    e8e391ca5e CALL 0x7ffd73863b20
    85f6 TEST ESI, ESI
    0f95c1 SETNZ CL
    0fb6c9 MOVZX ECX, CL
    898d94000000 MOV [RBP+0x94], ECX
    488b8dd8000000 MOV RCX, [RBP+0xd8]
    4885c9 TEST RCX, RCX

    4 00007FFD14BB5CD8 (anonymous; clr.dll)
    5 00007FFD14BB5928 (anonymous; clr.dll)
    6 00007FFD14BB537F (anonymous; clr.dll)
    7 00007FFD14BB4DEE (anonymous; clr.dll)
    8 00007FFD14BB1095 (anonymous; clr.dll)
    9 00007FFD14BB0C30 (anonymous; clr.dll)
    10 00007FFD1499A507 (anonymous; clr.dll)

    Process Trace
    1 C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1884]
    2 C:\Windows\explorer.exe [3504]
    3 C:\Windows\System32\userinit.exe [3344]
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    BTW, I have another question. Isn't it true that it doesn't matter if reflective code injection is used to inject code into the browser, HMPA should always be able to detect API hooking, correct?

    https://github.com/stephenfewer/ReflectiveDLLInjection
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    Did you add KeePass to the exploit protection list? If so, you need to remove it, it doesn't need exploit protection.
     
  14. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    I didn't add it. It was already there as far as I can remember. Never caused a problem until now.
     
  15. hitman_user

    hitman_user Registered Member

    Joined:
    Nov 25, 2015
    Posts:
    18
    I can not confirm this behaviour, keepass 2.32 works fine with hmpA!
     
  16. Fingol

    Fingol Registered Member

    Joined:
    Jun 10, 2013
    Posts:
    55
    Location:
    UK
    Hmm don't know why it dislikes mine then. Is yours guarded under exploit mitigation?
     
  17. FLX

    FLX Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    2
    Hey,

    I can not confirm this kind of problem.
    I was running the trial for a few days and everything worked fine.
    Today I bought HMPA and the game is still running fine. I have all features enabled.
    I am running Win10 Pro X64 also. HMPA is Version 3.1.8 build 360.

    However. I had a big issue with MSI Afterburner and RivaTuner on this game. The game was freezing when I pressed a key on the keyboard, after I stopped pressing the key the game continued. Maybe you are using these programs also to watch your GPU temperature ingame?
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,894
    Location:
    The Netherlands
    OK, so has the problem been fixed when you removed it?
     
  19. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    488
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    KeePass is added by Alert to Other. Why wouldn't I want master password encryption. Why wouldn't I want KeePass in Other. Enpass is also added by Alert to Other. Why don't KeePass and Enpass need exploit protection..? Each has desktop client with browser extension.
    HitmanProAlert keepass enpass.PNG
     
    Last edited: Mar 10, 2016
  21. PeZzy

    PeZzy Registered Member

    Joined:
    Apr 2, 2011
    Posts:
    56
    I am able to play "The Division", but I have been crashing a considerable amount today. Only one error in event viewer related to the game...

    Faulting application name: TheDivision.exe, version: 1.0.0.0, time stamp: 0x56d052b7
    Faulting module name: hmpalert.dll, version: 3.1.8.360, time stamp: 0x56cdc923
    Exception code: 0xc00000fd
    Fault offset: 0x000000000000c6a3
    Faulting process id: 0x89c
    Faulting application start time: 0x01d17a9c64fd70ca
    Faulting application path: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
    Faulting module path: C:\Windows\system32\hmpalert.dll
    Report Id: 4f8cf9fa-8c39-44de-b190-f42176d4de8b
    Faulting package full name:
    Faulting package-relative application ID:
     
  22. dios

    dios Registered Member

    Joined:
    Mar 9, 2016
    Posts:
    14
    I can't even get The Division to launch with hmpa installed, even with exploit mitigation turned off globally and all the other preventions turned off. Everytime I get something like the error log below, the fault module and exception code are the same each time. This is on Win 8.1. After uninstalling hmpa, the game launches without issues. Perhaps the Denuvo anti-tamper is acting up with this game. I don't have any other game that use Denuvo so maybe others can try whether those games also don't work with hmpa.

    Code:
    Faulting application name: TheDivision.exe, version: 1.0.0.0, time stamp: 0x56d052b7
    Faulting module name: ntdll.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
    Exception code: 0xc0000005
    Fault offset: 0x00000000000546fb
    Faulting process id: 0x21e0
    Faulting application start time: 0x01d179f554f54342
    Faulting application path: F:\Ubisoft\Tom Clancy's The Division\TheDivision.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 97b96153-e5e8-11e5-84eb-e82aea034ea8
    Faulting package full name:
    Faulting package-relative application ID: 
    As to the Keepass not launching with the mitigation Caller Check, I have had this too. It seems if you disable hmpa mitigations for Keepass and let Keepass run once without it, you can then re-enable the mitigations and it will continue to work fine.
     
    Last edited by a moderator: Mar 10, 2016
  23. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    time to play videogame for Surfright :D...
     
  24. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    I just bought The Division because of this issue :D Happy times!
     
  25. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    KeePass should be in Other because this profile includes Keystroke Encryption which is important to protect the master password against keyloggers.
    I am investigating this issue. Stay tuned.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.