HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    False positive :blink: ? Lockdown should be disabled for Steam because Steam's whole purpose is to do what lockdown is intended to prevent. Suffice to say that Steam is not even guarded by Alert by default.
     
  2. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    You are asking for problems if you add every random executable you can find to HMP.Alert if you don't know what you're doing. Just use the default configuration and the chances of getting such false positives are slim.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,023
    Location:
    Among the gum trees
    Trying that now as it is becoming a pain in my posterior seeing Alert crash and / or high CPU usage after certain updates.
     
  4. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    850
    Location:
    The Netherlands
    Build 366 running fine here.
    Added Microsoft Outlook 16 and Notepad ++ to the office template.
    Nitro Reader 5 is not protected by default because the exe now different: nitropdfreader.exe
    Added that one to the office template and now Nitro reader 5 is protected.
     
  5. saenta

    saenta Registered Member

    Joined:
    Mar 29, 2016
    Posts:
    4
    Location:
    Germany
    I know that it's because I added steam, after the first alert I deleted the rule, restarted steam (even multiple times) but the alert was still there. Don't know why it wasn't working, tried it again, now it works.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Steam is an installer and launcher. You should definitely uncheck Application Lockdown on Steam as Steam drops executables on the system. Application Lockdown does not allow those to run.
     
  7. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    @erikloman
    HitmanPro.Alert 3.1.9 Build 366 PreRelease ......... :
    W7-x64 Prof. with build 366 (installed over build 365) is running fine, had no issues before running Microsoft Office.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    366 is also running fine here, on two w7 x64 desktops. Powerdvd is the only issue, and it's not a biggie
     
  9. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    366 works fine on Win 10 64 bit. No problems. Never had issues with Word and Excel with earlier versions.
     
  10. miguelgrado

    miguelgrado Registered Member

    Joined:
    May 25, 2014
    Posts:
    35
    Location:
    Asturias-España
    have installed the Firefox 46RC version and all the time crash...
    Try everything until you disable protection of Hitman Pro alert and then no more errors
     
  11. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    36
    Location:
    ITALIA
    To me, after installing the patches M$ in April, the same I have disabled the mitigations I had manually added HitmanPro.Alert v 3.1.9.364.

    I added 9 x 64 v 9.2.523 ACDSee Pro, Photoshop x 64 v 13.0.1.3, Nitro Pro 10 x 64 v 10.5.8.44 and Notepad (notepad.exe). Remained protected only Mozilla Thunderbird and all the same SW puts her under protection.

    I tried to disable and remove protections, reboot your PC, redo the whole thing and install the latest version of HitmanPro.Alert but no way does not retain the mitigations.

    Then I restored the last image created with Shotcut before updates M$ and everything works perfectly. Then after rebuilt upgrades has returned to usual.

    As on the net I didn't found anything about it, as soon as I have time I uninstall a patch at a time and defer the mitigations, so I should find out which patch is guilty of this.

    Now I have installed HitmanPro. Alert v 3.1.9.366 released a few hours ago.

    Platforms: Windows 7 ultimate 64 bit.


    Today I found the culprit.

    Is the patch KB3146706

    Everything is back to working perfectly.

    http://postimg.org/image/h6mx87ncn/

    http://postimg.org/image/krnuojy7r/

    Hello and thank you
     
  12. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    494
    Location:
    italy
    as already pointed out long ago, some basic concepts* should be better highlighted because cyclically the usual questions are proposed again or you bump into the usual problems (strange indeed that the same SurfRight has neglected its getting start manual)...




    *
    Alert 3 + EMET(MBAE) → yes/no?
    Software Radar logic (what's its goal?)
    caution adding random executables to shielded apps (specifically how to manage Zip software/Games client)
    CryptoGuard folder (goal/how to manage it?)
    ....
     
    Last edited: Apr 21, 2016
  13. __simon__

    __simon__ Registered Member

    Joined:
    Apr 28, 2013
    Posts:
    14
    Location:
    UK
    I still get an ROP with Microsoft Office 2013 on Windows 8.1 (x64)

    Word:
    Code:
    Mitigation   ROP
    
    Platform     6.3.9600/x64 06_3a
    PID          6880
    Application  C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
    Description  Microsoft Word 15
    
    Branch Trace                      Opcode  To                            
    -------------------------------- -------- --------------------------------
    0x0E1021DC MSO.DLL                   RET  0x0E1020ED MSO.DLL            
    
    0x0E31ABE9 MSO.DLL                   RET  0x0E31C55A MSO.DLL            
    
    ?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x0E31C553 MSO.DLL            
    0x0E0FB4B9 MSO.DLL                                                      
    
    0x0E1527E0 MSO.DLL                 ~ RET  0x0E3151D7 MSO.DLL            
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x0E1527E0 MSO.DLL            
    0x0E0F2963 MSO.DLL                                                      
    
    0x0E6BDB6E MSO.DLL                 ~ RET* 0x0E15277E MSO.DLL            
                84c0                     TEST         AL, AL
                7435                     JZ           0xe1527b7
                8bce                     MOV          ECX, ESI
                e83b87d400               CALL         0xee9aec4
                8bc8                     MOV          ECX, EAX
                e8e907d500               CALL         0xeea2f79
                85c0                     TEST         EAX, EAX
                7813                     JS           0xe1527a7
                6a00                     PUSH         0x0
                8bce                     MOV          ECX, ESI
                e893f6f800               CALL         0xf0e1e30
                e327                     JECXZ        0xe1527c6
                06                       PUSH         ES
                f0a90000d089             TEST         EAX, 0x89d00000
                07                       POP          ES
                57                       PUSH         EDI
                                     (28A2DAC93E03C905)
    
    
    0x0F0A9BFB MSO.DLL                 ~ RET* 0x0E6BDB6E MSO.DLL            
                c20400                   RET          0x4
    
    
    0x0F39C516 MSO.DLL                 ~ RET  0x00C40E17 (anonymous; WWLIB.DLL)
    
    0x0F60DEFF MSO.DLL                   RET  0x0F39C500 MSO.DLL            
    
    0x0E0F26AC MSO.DLL                   RET  0x0F60DEFE MSO.DLL            
    
    0x0EE9980D MSO.DLL                 ~ RET  0x00C40D5A (anonymous; WWLIB.DLL)
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x0EE9980D MSO.DLL            
    0x0E0F2963 MSO.DLL                                                      
    
    0x0E14A92E MSO.DLL                 ~ RET  0x0EE99806 MSO.DLL            
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  0E1020F8 MSO.DLL                
                8bce                     MOV          ECX, ESI
                8986ac000000             MOV          [ESI+0xac], EAX
                e8d8000000               CALL         0xe1021dd
                8bc6                     MOV          EAX, ESI
                5e                       POP          ESI
                c3                       RET        
    
    2  0E31C67E MSO.DLL                
    3  0E31C55F MSO.DLL                
    4  0E3151E9 MSO.DLL                
    5  00C447CA (anonymous; WWLIB.DLL)
    6  0E3449E4 MSO.DLL                
    7  0E343652 MSO.DLL                
    8  0E11D464 MSO.DLL                
    9  0E10EF1E MSO.DLL                
    10 0E10B45C MSO.DLL                
    
    Process Trace
    1  C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE [6880]
    2  C:\Windows\explorer.exe [1500]
    3  C:\Windows\System32\userinit.exe [1480]
    Excel:
    Code:
    Mitigation   ROP
    
    Platform     6.3.9600/x64 06_3a
    PID          1876
    Application  C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
    Description  Microsoft Excel 15
    
    Branch Trace                      Opcode  To                             
    -------------------------------- -------- --------------------------------
    0x56AC21DC MSO.DLL                   RET  0x56AC20ED MSO.DLL             
    
    0x56CDABE9 MSO.DLL                   RET  0x56CDC55A MSO.DLL             
    
    ?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x56CDC553 MSO.DLL             
    0x56ABB4B9 MSO.DLL                                                       
    
    0x56B127E0 MSO.DLL                 ~ RET  0x56CD51D7 MSO.DLL             
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x56B127E0 MSO.DLL             
    0x56AB2963 MSO.DLL                                                       
    
    0x5707DB6E MSO.DLL                 ~ RET* 0x56B1277E MSO.DLL             
                84c0                     TEST         AL, AL
                7435                     JZ           0x56b127b7
                8bce                     MOV          ECX, ESI
                e83b87d400               CALL         0x5785aec4
                8bc8                     MOV          ECX, EAX
                e8e907d500               CALL         0x57862f79
                85c0                     TEST         EAX, EAX
                7813                     JS           0x56b127a7
                6a00                     PUSH         0x0
                8bce                     MOV          ECX, ESI
                e893f6f800               CALL         0x57aa1e30
                e327                     JECXZ        0x56b127c6
                06                       PUSH         ES
                f0a90000d089             TEST         EAX, 0x89d00000
                07                       POP          ES
                57                       PUSH         EDI
                                     (28A2DAC93E03C905)
    
    
    0x57A69BFB MSO.DLL                 ~ RET* 0x5707DB6E MSO.DLL             
                c20400                   RET          0x4
    
    
    0x57D5C516 MSO.DLL                 ~ RET  0x02BA0698 (anonymous; EXCEL.EXE)
    
    0x57FCDEFF MSO.DLL                   RET  0x57D5C500 MSO.DLL             
    
    0x56AB26AC MSO.DLL                   RET  0x57FCDEFE MSO.DLL             
    
    0x5785980D MSO.DLL                 ~ RET  0x02BA0038 (anonymous; EXCEL.EXE)
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x5785980D MSO.DLL             
    0x56AB2963 MSO.DLL                                                       
    
    0x56B0A92E MSO.DLL                 ~ RET  0x57859806 MSO.DLL             
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  56AC20F8 MSO.DLL                 
                8bce                     MOV          ECX, ESI
                8986ac000000             MOV          [ESI+0xac], EAX
                e8d8000000               CALL         0x56ac21dd
                8bc6                     MOV          EAX, ESI
                5e                       POP          ESI
                c3                       RET         
    
    2  56CDC67E MSO.DLL                 
    3  56CDC55F MSO.DLL                 
    4  56CD51E9 MSO.DLL                 
    5  02BA11A5 (anonymous; EXCEL.EXE) 
    6  56D049E4 MSO.DLL                 
    7  56D03652 MSO.DLL                 
    8  56ADD464 MSO.DLL                 
    9  56ACEF1E MSO.DLL                 
    10 56ACB45C MSO.DLL                 
    
    Process Trace
    1  C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE [1876]
    2  C:\Windows\explorer.exe [1500]
    3  C:\Windows\System32\userinit.exe [1480]
    PowerPoint:
    Code:
    Mitigation   ROP
    
    Platform     6.3.9600/x64 06_3a
    PID          2280
    Application  C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe
    Description  Microsoft PowerPoint 15
    
    Branch Trace                      Opcode  To                             
    -------------------------------- -------- --------------------------------
    0x557721DC MSO.DLL                   RET  0x557720ED MSO.DLL             
    
    0x5598ABE9 MSO.DLL                   RET  0x5598C55A MSO.DLL             
    
    ?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ()     RET  0x5598C553 MSO.DLL             
    0x5576B4B9 MSO.DLL                                                       
    
    0x557C27E0 MSO.DLL                 ~ RET  0x559851D7 MSO.DLL             
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x557C27E0 MSO.DLL             
    0x55762963 MSO.DLL                                                       
    
    0x55D2DB6E MSO.DLL                 ~ RET* 0x557C277E MSO.DLL             
                84c0                     TEST         AL, AL
                7435                     JZ           0x557c27b7
                8bce                     MOV          ECX, ESI
                e83b87d400               CALL         0x5650aec4
                8bc8                     MOV          ECX, EAX
                e8e907d500               CALL         0x56512f79
                85c0                     TEST         EAX, EAX
                7813                     JS           0x557c27a7
                6a00                     PUSH         0x0
                8bce                     MOV          ECX, ESI
                e893f6f800               CALL         0x56751e30
                e327                     JECXZ        0x557c27c6
                06                       PUSH         ES
                f0a90000d089             TEST         EAX, 0x89d00000
                07                       POP          ES
                57                       PUSH         EDI
                                     (28A2DAC93E03C905)
    
    
    0x56719BFB MSO.DLL                 ~ RET* 0x55D2DB6E MSO.DLL             
                c20400                   RET          0x4
    
    
    0x56A0C516 MSO.DLL                 ~ RET  0x005B6DBE (anonymous; PPCORE.DLL)
    
    0x56C7DEFF MSO.DLL                   RET  0x56A0C500 MSO.DLL             
    
    0x557626AC MSO.DLL                   RET  0x56C7DEFE MSO.DLL             
    
    0x5650980D MSO.DLL                 ~ RET  0x005B6875 (anonymous; PPCORE.DLL)
    
    _MsoRegOpenKeyExW@16 +0x13a          RET  0x5650980D MSO.DLL             
    0x55762963 MSO.DLL                                                       
    
    0x557BA92E MSO.DLL                 ~ RET  0x56509806 MSO.DLL             
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  557720F8 MSO.DLL                 
                8bce                     MOV          ECX, ESI
                8986ac000000             MOV          [ESI+0xac], EAX
                e8d8000000               CALL         0x557721dd
                8bc6                     MOV          EAX, ESI
                5e                       POP          ESI
                c3                       RET         
    
    2  5598C67E MSO.DLL                 
    3  5598C55F MSO.DLL                 
    4  559851E9 MSO.DLL                 
    5  005B4416 (anonymous; PPCORE.DLL)
    6  559B49E4 MSO.DLL                 
    7  559B3652 MSO.DLL                 
    8  5578D464 MSO.DLL                 
    9  5577EF1E MSO.DLL                 
    10 5577B45C MSO.DLL                 
    
    Process Trace
    1  C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe [2280]
    2  C:\Windows\explorer.exe [1500]
    3  C:\Windows\System32\userinit.exe [1480]
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    366 working without problems on Win 8.1 x64, other than previously reported
    - slow opening TP-Link router page
    - ROP alert with MusicBee portable
    - Tracker Software internal updater for PDF-XChange Editor is blocked (though I can't retest this without an update available). New versions need to be manually downloaded and installed.
    Edit: MusicBee was added with Media template, and PDF-XChange Editor with Office template.
     
    Last edited: Apr 22, 2016
  15. WSpu

    WSpu Registered Member

    Joined:
    May 26, 2014
    Posts:
    3
    I need the codecs from QuickTime for Adobe Creative Cloud. See also https://blogs.adobe.com/creativecloud/quicktime-on-windows/
     
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,036
    Location:
    Baden Germany
    Build 366:

    Installing over previous build: no issues, as with previous versions.
    Adobe Acrobat DC: no issues, as with previous versions
    Adobe Photoshop-Elements14: no issues, as with previous versions
    Microsoft Office2013-professional-plus: no issues, as with previous versions
    Microsoft Viso2013-professional: no issues, as with previous versions
    Others: no issues...
    But I did not ad any software to mitigations, that was not auto-detected, by HMP.A

    That's my advice:
    Do not ad various software to mitigations, let HMP.A do the job.

    Quick Time: Haven't installed it for years, didn't miss it. All test files play in MP-Classic-Home-Cinenema, with CC-Codec-Pack installed.
    Maybe some Adobe software needs Quick Time, or just the codec....
     
  17. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    883
    Location:
    USA
  18. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    I'm not getting any flyouts and colored border window with Cyberfox(64 bit Intel edition).
    It's a new Windows installation so I don't know with which version of Alert it started.
    Cyberfox was added by default by software radar. Removing it and adding it again does not help.
    Safety notifications are set at application start, colored border window enabled with keystroke indicator. Disabling and re-enabling doesn't help either.
    Safety notification works fine with IE and Exploit test tool. I can't try Exploit test tool on Cyberfox because the 64 bit version is no longer available.

    Alert build 364 with AppGuard 4.3 and Outpost Firewall 9.3(Win7x64)
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Verify wether Cyberfox is listed under "Beschermd" in "Actieve Processen" when it is running.
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    Thanks for the reply. It's listed under Niet Beschermd/Not Protected.
    It's version 45.0.3 btw, forgot to mention that.
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,392
    Location:
    Under a bushel ...
    Right click and add then with template Browser?
    My Cyberfox 45.0.3 (portable) is protected (green border / flyouts) after adding it.
     
  22. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,552
    Location:
    Outer space
    It was already added by default. I also tried removing it and adding it again myself but that didn't help.
     
  23. miguelgrado

    miguelgrado Registered Member

    Joined:
    May 25, 2014
    Posts:
    35
    Location:
    Asturias-España
    Firefox RC 46 build 5...crash also....

    Hitman no fuction in firefox 46
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Make sure that the path of the process matches the path of the mitigation.
     
  25. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Hi
    I am running HMPA 3.1.9.364 and Kaspersky Internet Security 16.0.0.614(f) on Windows 10/64bit.
    I am reporting that I have experienced the following issue:
    In a Kasperksy "Safe Money" protected browser, certain text fields of my banking site, but not all, are displaying random characters when typing. This was fixed immediately (no reboots, nothing restarted) by disabling Keystroke Encryption in HMPA. Seems like a conflict between the two systems, could you please check? I haven't experienced any other conflicts or slowdowns.
    Thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.