HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    493
    Location:
    italy
    or revert to v3 and keep on CFI :p...
     
  2. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    570
    Location:
    Hengelo
    HitmanPro.Alert 3.1.9 build 362 Released

    Changelog
    • Improved CryptoGuard mitigation (Anti-Ransomware) to fix a bug introduced with build 357.
    • Improved ROP mitigations.
    • Improved keystroke scrambling of Keystroke Encryption.
    • Fixed compatibility with VirtualBox hardening.
    • Fixed compatibility with Microsoft Edge 31.14279 (Redstone).
    • Fixed compatibility with Microsoft OneNote' e-mail function.
    • Updated embedded libpng library.
    Download
    hmpalert31.exe

    Please let us know how this version runs on your computer.
    We expect to enable the automatic updater to install this build (362) later this week.
     
  3. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    493
    Location:
    italy
    no problem to report so far (specs in my signatures)

    Txs a lot!
     
  4. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    954
    Same here.
     
  5. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    493
    Location:
    italy
    i'm now enjoing again with Virtualbox :D
     
    Last edited: Apr 4, 2016
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,064
    Location:
    USA
    Smooth upgrade from build 361 to 362 on Windows 10 x64; no issues to report :thumb:
     
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,271
    Location:
    USA
    Working good here.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The download file doesn't say 362, is that correct?
     
  9. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,271
    Location:
    USA
    Correct. "hmpalert31"
     
  10. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    HMP.alert build 362 is running fine, no issues so far!
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,064
    Location:
    USA
    Yes. You can confirm version 3.1.9.362 by right clicking and going to Properties/Details/Product Version.
     
  12. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    36
    Location:
    Italia
    thanks for the information.
     
  13. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    So far no issues with 362,DL over top,

    running nicely along side BD, ZAM, and MBAM all in real time protection.
     
  14. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    493
    Location:
    italy
    exactly

    @Theblackstar
    Io e te possiamo anche parlare in italiano! :D
     
  15. Armadax

    Armadax Registered Member

    Joined:
    Sep 13, 2015
    Posts:
    19
    Location:
    Zuid-Holland
    No issues.
     
  16. hjlbx

    hjlbx Guest

    @erikloman
    @markloman

    HMP.A 3.1.9 build 362
    Chrome 49
    Firefox 45
    Cyberfox 45
    Internet Explorer 11

    Protection Border with Keystroke Encryption display enabled

    Keystroke Encryption display either does not show keystrokes or it will show a few and then freeze
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Thanks guys
     
  18. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    362 working as designed. Thank you.
     
  19. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Build 362 seems to work fine here. :)
     
  20. jynx

    jynx Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    37
    Location:
    Right here
    build 362 work fine, can virtualbox run without error
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,890
    A little while ago, I had my Opera browser open, and which I had to close because it was starting to get slow when loading pages.

    When I restarted the browser, I got an immediate intruder alert from HMPA...I tried to take screenshot but I couldn't get to to show in the GUI....I did manage to copy and paste [ and save] to notepad the details of the alert.

    I then had to reboot, as my system became unresponsive as a result of the alert.

    P.S. I am actually using Opera 12.15, even though in the details, it indicates another version of Opera.

    Code:
    Intruder
    
    ID 12468
    Application C:\Program Files\Opera Next\opera.exe
    Description Opera Internet Browser 12.15
    
    Detour Report
    # Address Owner Disassembly
    -- ---------- ------------------------ ------------------------
    closesocket
    1 0x71AB3E2B WS2_32.dll JMP 0x654b00c
    2 0x0654B00C (anonymous) JMP 0x19033d1f
    3 0x19033D1F fs_ccf_ni_umh32.dll
    
    connect
    1 0x71AB4A07 WS2_32.dll JMP 0x71ab4a02
    2 0x71AB4A02 WS2_32.dll JMP 0x215002d
    3 0x0215002D (anonymous; kswebshield.dll)
    
    getpeername
    1 0x71AC0B68 WS2_32.dll JMP 0x71ac0b63
    2 0x71AC0B63 WS2_32.dll JMP 0x21500c9
    3 0x021500C9 (anonymous; kswebshield.dll)
    
    getsockname
    1 0x71AB3D10 WS2_32.dll JMP 0x71ab3d0b
    2 0x71AB3D0B WS2_32.dll JMP 0x2150095
    3 0x02150095 (anonymous; kswebshield.dll)
    
    recv
    1 0x71AB676F WS2_32.dll JMP 0x654400c
    2 0x0654400C (anonymous) JMP 0x1903437f
    3 0x1903437F fs_ccf_ni_umh32.dll
    
    recvfrom
    1 0x71AB2FF7 WS2_32.dll JMP 0x654500c
    2 0x0654500C (anonymous) JMP 0x190342fd
    3 0x190342FD fs_ccf_ni_umh32.dll
    
    select
    1 0x71AB30A8 WS2_32.dll JMP 0x654e00c
    2 0x0654E00C (anonymous) JMP 0x1903451d
    3 0x1903451D fs_ccf_ni_umh32.dll
    
    send
    1 0x71AB4C27 WS2_32.dll JMP 0x1895bd2
    2 0x01895BD2 kswebshield.dll JMP 0x654200c
    3 0x0654200C (anonymous) JMP 0x1903428d
    4 0x1903428D fs_ccf_ni_umh32.dll
    
    sendto
    1 0x71AB2F51 WS2_32.dll JMP 0x654300c
    2 0x0654300C (anonymous) JMP 0x19034211
    3 0x19034211 fs_ccf_ni_umh32.dll
    
    WSAAsyncSelect
    1 0x71AC0991 WS2_32.dll JMP 0x654d00c
    2 0x0654D00C (anonymous) JMP 0x19033c35
    3 0x19033C35 fs_ccf_ni_umh32.dll
    
    WSAConnect
    1 0x71AC0C81 WS2_32.dll JMP 0x71ac0c7c
    2 0x71AC0C7C WS2_32.dll JMP 0x2150061
    3 0x02150061 (anonymous; kswebshield.dll)
    
    WSAEnumNetworkEvents
    1 0x71AB657D WS2_32.dll JMP 0x655000c
    2 0x0655000C (anonymous) JMP 0x19033b97
    3 0x19033B97 fs_ccf_ni_umh32.dll
    
    WSAEventSelect
    1 0x71AB64D9 WS2_32.dll JMP 0x654c00c
    2 0x0654C00C (anonymous) JMP 0x190345b7
    3 0x190345B7 fs_ccf_ni_umh32.dll
    
    WSAGetOverlappedResult
    1 0x71AC0D1B WS2_32.dll JMP 0x654f00c
    2 0x0654F00C (anonymous) JMP 0x19033c8b
    3 0x19033C8B fs_ccf_ni_umh32.dll
    
    WSARecv
    1 0x71AB4CB5 WS2_32.dll JMP 0x654800c
    2 0x0654800C (anonymous) JMP 0x19033e52
    3 0x19033E52 fs_ccf_ni_umh32.dll
    
    WSARecvFrom
    1 0x71ABF66A WS2_32.dll JMP 0x654900c
    2 0x0654900C (anonymous) JMP 0x19033dbc
    3 0x19033DBC fs_ccf_ni_umh32.dll
    
    WSASend
    1 0x71AB68FA WS2_32.dll JMP 0x1895e03
    2 0x01895E03 kswebshield.dll JMP 0x654600c
    3 0x0654600C (anonymous) JMP 0x1903416c
    4 0x1903416C fs_ccf_ni_umh32.dll
    
    WSASendTo
    1 0x71AC0AAD WS2_32.dll JMP 0x654700c
    2 0x0654700C (anonymous) JMP 0x19033ef7
    3 0x19033EF7 fs_ccf_ni_umh32.dll
    
    WSASocketW
    1 0x71AB404E WS2_32.dll JMP 0x654a00c
    2 0x0654A00C (anonymous) JMP 0x19033d41
    3 0x19033D41 fs_ccf_ni_umh32.dll
    
    SysAllocStringByteLen
    1 0x77124C35 OLEAUT32.dll JMP 0x18977b4
    2 0x018977B4 kswebshield.dll
    
    SysAllocStringLen
    1 0x77124B39 OLEAUT32.dll JMP 0x1897779
    2 0x01897779 kswebshield.dll
    
    HttpOpenRequestA
    1 0x771C2B41 WININET.dll JMP 0x1896f2c
    2 0x01896F2C kswebshield.dll
    
    HttpOpenRequestW
    1 0x771CF507 WININET.dll JMP 0x1896fe5
    2 0x01896FE5 kswebshield.dll
    
    InternetConnectW
    1 0x771CEE30 WININET.dll JMP 0x1897060
    2 0x01897060 kswebshield.dll
    
    InternetOpenUrlA
    1 0x771C5AA2 WININET.dll JMP 0x18970de
    2 0x018970DE kswebshield.dll
    
    InternetOpenUrlW
    1 0x771D5C07 WININET.dll JMP 0x1897191
    2 0x01897191 kswebshield.dll
    
    CoGetClassObject
    1 0x77515205 ole32.dll JMP 0x18b1cdf
    2 0x018B1CDF kswebshield.dll
    
    CopyFileA
    1 0x7C8286EE kernel32.dll JMP 0x1897392
    2 0x01897392 kswebshield.dll
    
    CopyFileExA
    1 0x7C85F39C kernel32.dll JMP 0x1897206
    2 0x01897206 kswebshield.dll
    
    CopyFileExW
    1 0x7C827B32 kernel32.dll JMP 0x18972f4
    2 0x018972F4 kswebshield.dll
    
    CopyFileW
    1 0x7C82F87B kernel32.dll JMP 0x1897477
    2 0x01897477 kswebshield.dll
    
    CreateProcessA
    1 0x7C80236B kernel32.dll JMP 0x58550000
    2 0x58550000 (anonymous; ksfmon.dll)
    
    CreateProcessInternalA
    1 0x7C81D54E kernel32.dll JMP 0x58980000
    2 0x58980000 (anonymous; ksfmon.dll)
    
    CreateProcessInternalW
    1 0x7C8197B0 kernel32.dll JMP 0x58990000
    2 0x58990000 (anonymous; ksfmon.dll)
    
    CreateProcessW
    1 0x7C802336 kernel32.dll JMP 0x70dd0000
    2 0x70DD0000 (anonymous; ksfmon.dll)
    
    LoadLibraryA
    1 0x7C801D7B kernel32.dll JMP 0x71c90000
    2 0x71C90000 (anonymous; kwsui.dll)
    
    LoadLibraryExA
    1 0x7C801D53 kernel32.dll JMP 0x46570000
    2 0x46570000 (anonymous; kwsui.dll)
    
    LoadLibraryExW
    1 0x7C801AF5 kernel32.dll JMP 0x55c02ec
    2 0x055C02EC (anonymous; ksfmon.dll) PUSH DWORD 0x55c0000
    JMP 0x1524b20
    3 0x01524B20 ksfmon.dll
    
    LoadLibraryW
    1 0x7C80AEEB kernel32.dll JMP 0x45470000
    2 0x45470000 (anonymous; kwsui.dll)
    
    ReadFile
    1 0x7C801812 kernel32.dll JMP 0x655200c
    2 0x0655200C (anonymous) JMP 0x19034068
    3 0x19034068 fs_ccf_ni_umh32.dll
    
    WinExec
    1 0x7C86250D kernel32.dll MOV EDI, EDI
    PUSH EBP
    MOV EBP, ESP
    JMP 0x41cb0000
    2 0x41CB0000 (anonymous; kwsui.dll)
    
    WriteFile
    1 0x7C810E27 kernel32.dll JMP 0x655100c
    2 0x0655100C (anonymous) JMP 0x19033fa7
    3 0x19033FA7 fs_ccf_ni_umh32.dll
    
    KiFastSystemCall
    1 0x7C90E510 ntdll.dll CLD
    JMP 0x7c90e521
    2 0x7C90E521 ntdll.dll JMP 0x100577dd
    3 0x100577DD hmpalert.dll
    
    NtCreateProcess
    1 0x7C90D14E ntdll.dll JMP 0x1896ec5
    2 0x01896EC5 kswebshield.dll
    
    NtCreateProcessEx
    1 0x7C90D15E ntdll.dll JMP 0x1896e5b
    2 0x01896E5B kswebshield.dll
    
    ShellExecuteEx
    1 0x7CA40ED5 SHELL32.dll JMP 0x1897e90
    2 0x01897E90 kswebshield.dll
    
    CoGetClassObjectFromURL
    1 0x7E21EA2F UrlMon.dll JMP 0x1897fc9
    2 0x01897FC9 kswebshield.dll
    
    URLDownloadToCacheFileW
    1 0x7E23BB54 UrlMon.dll JMP 0x189847f
    2 0x0189847F kswebshield.dll
    
    URLDownloadToFileA
    1 0x7E23BE5D UrlMon.dll JMP 0x18984fa
    2 0x018984FA kswebshield.dll
    
    URLDownloadToFileW
    1 0x7E23BAEE UrlMon.dll JMP 0x18985e2
    2 0x018985E2 kswebshield.dll
    
    
    Code Injection
    7FFA0000-7FFA1000 4KB C:\Program Files\F-Secure\SAFE\fshoster32.exe [668]
    00400000-00401000 4KB
    
    
    
    
    
    
     
    Last edited: Apr 4, 2016
  22. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    454
    Upgraded to Build 362 - so far ok on Win 7 x64
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I upgraded to 362 on win 7 x64. One improvement. I was getting ROP failures on Rhapsody's Music Service, and that is fixed. But with PowerDVD15 subscription version I still get FP's on IAF, and have to turn it off.

    Pete
     
  24. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,288
    Location:
    USA, MICHIGAN
    Question...

    I DL'ed 362 manually over top and now noticed that when I go to open the program using the desktop icon UAC prompts me twice before it brings up the UI, Also I don't see HMPA listed in my programs.

    did it not install right why im seeing these changes in behavior?
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,064
    Location:
    USA
    It sounds like something went wrong. When I pull up the UI for build 362 from either the taskbar notification icon or a desktop shortcut I don't get a UAC prompt. You might want to try an uninstall/re-install.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.