HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I also think there is a newer KB3146706 released by MS. When it was first released, it was unchecked for me. I checked it and got a BSOD on reboot. When they re released it was checked and it installed fine.
     
  2. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118


    Any comments on these? For testing purposes I have now uninstalled HitmanPro.ALERT just to make sure is my PC's random freezing caused by these constant update checks or not.
     
  3. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,292
    Location:
    USA, MICHIGAN
    I'll check thanks
     
  4. Nizarawi

    Nizarawi Registered Member

    Joined:
    May 26, 2008
    Posts:
    137
    Updated to 371 , Everything is running smoothly
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Probable false positive while opening IE 11 from a site pinned to my Taskbar.
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          28/05/2016 10:38:55 AM
    Event ID:      911
    Task Category: (9)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      David-HP
    Description:
    Mitigation   ROP
    
    Platform     10.0.10586/x64 06_3a
    PID          1412
    Application  C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Description  Internet Explorer 11
    
    Branch Trace                      Opcode  To                          
    -------------------------------- -------- --------------------------------
    0x728454C7 iertutil.dll            ~ RET  0x728452BA iertutil.dll      
    
    RtlReleaseSRWLockExclusive +0x1d     RET  0x728454C6 iertutil.dll      
    0x77B7F76D ntdll.dll                                                  
    
    0x77BDAA4D ntdll.dll                 RET  +0x1db71                    
                                              0x747CDB71 hmpalert.dll      
    
    MsgWaitForMultipleObjectsEx +0x1ab   ~ RET* 0x00F34305 iexplore.exe      
    0x7798C4AB user32.dll                                                  
                0000                     ADD          [EAX], AL
                005c8e01                 ADD          [ESI+ECX*4+0x1], BL
                00945e00008c01           ADD          [ESI+EBX*2+0x18c0000], DL
                0010                     ADD          [EAX], DL
                0402                     ADD          AL, 0x2
                94                       XCHG         ESP, EAX
                0100                     ADD          [EAX], EAX
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0001                     ADD          [ECX], AL
                80ffff                   CMP          BH, 0xff
                                     (2C02AFC16AC4BBEF)
    
    
    SetManipulationInputTarget +0xd6     RET  MsgWaitForMultipleObjectsEx +0x1a8
    0x779A8576 user32.dll                     0x7798C4A8 user32.dll        
    
    InvalidateRect +0x1c               ~ RET  MsgWaitForMultipleObjectsEx +0x184
    0x779A895C user32.dll                     0x7798C484 user32.dll        
    
    Wow64SystemServiceEx +0x257        ~ RET  TurboDispatchJumpAddressEnd +0xb
    0x55326347 wow64.dll                      0x55371C87 wow64cpu.dll      
    
    0x55338404 wow64.dll                 RET  Wow64SystemServiceEx +0x244  
                                              0x55326334 wow64.dll        
    
    0x552A8610 wow64win.dll            ~ RET  Wow64SystemServiceEx +0x155  
                                              0x55326245 wow64.dll        
    
    0x552B3804 wow64win.dll            ~ RET  0x552A860B wow64win.dll      
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  7284538D iertutil.dll        
                8bd8                     MOV          EBX, EAX
                85db                     TEST         EBX, EBX
                0f84b4da0100             JZ           0x72862e4b
                8b450c                   MOV          EAX, [EBP+0xc]
                8918                     MOV          [EAX], EBX
                a1587a8072               MOV          EAX, [0x72807a58]
                8945f8                   MOV          [EBP-0x8], EAX
                85c0                     TEST         EAX, EAX
                0f85f0da0100             JNZ          0x72862e9c
                e891000000               CALL         0x72845442
                8bc3                     MOV          EAX, EBX
                8b4dfc                   MOV          ECX, [EBP-0x4]
                5f                       POP          EDI
                5e                       POP          ESI
                33cd                     XOR          ECX, EBP
                5b                       POP          EBX
    
    2  7284F25C iertutil.dll        
    3  72826452 iertutil.dll        
    4  72826149 iertutil.dll        
    5  72812F02 iertutil.dll        
    6  7281501A iertutil.dll        
    7  72812D66 iertutil.dll        
    8  76FB38F4 kernel32.dll             BaseThreadInitThunk +0x24
    9  77BB5DE3 ntdll.dll                RtlUnicodeStringToInteger +0x253
    10 77BB5DAE ntdll.dll                RtlUnicodeStringToInteger +0x21e
    
    Process Trace
    1  C:\Program Files (x86)\Internet Explorer\iexplore.exe [1412]
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6516 CREDAT:75009 APPID:Microsoft.Website.72CC912D.B278EB8C /prefetch:2
    2  C:\Program Files\Internet Explorer\iexplore.exe [6516]
    "C:\Program Files\Internet Explorer\iexplore.exe" -w "C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\XXXXX weather - local weather forecast.website"
    3  C:\Windows\explorer.exe [3204]
    4  C:\Windows\System32\userinit.exe [4088]
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2016-05-28T00:38:55.669793400Z" />
        <EventRecordID>5226</EventRecordID>
        <Channel>Application</Channel>
        <Computer>David-HP</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\Internet Explorer\iexplore.exe</Data>
        <Data>ROP</Data>
        <Data>Mitigation   ROP
    
    Platform     10.0.10586/x64 06_3a
    PID          1412
    Application  C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Description  Internet Explorer 11
    
    Branch Trace                      Opcode  To                          
    -------------------------------- -------- --------------------------------
    0x728454C7 iertutil.dll            ~ RET  0x728452BA iertutil.dll      
    
    RtlReleaseSRWLockExclusive +0x1d     RET  0x728454C6 iertutil.dll      
    0x77B7F76D ntdll.dll                                                  
    
    0x77BDAA4D ntdll.dll                 RET  +0x1db71                    
                                              0x747CDB71 hmpalert.dll      
    
    MsgWaitForMultipleObjectsEx +0x1ab   ~ RET* 0x00F34305 iexplore.exe      
    0x7798C4AB user32.dll                                                  
                0000                     ADD          [EAX], AL
                005c8e01                 ADD          [ESI+ECX*4+0x1], BL
                00945e00008c01           ADD          [ESI+EBX*2+0x18c0000], DL
                0010                     ADD          [EAX], DL
                0402                     ADD          AL, 0x2
                94                       XCHG         ESP, EAX
                0100                     ADD          [EAX], EAX
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0001                     ADD          [ECX], AL
                80ffff                   CMP          BH, 0xff
                                     (2C02AFC16AC4BBEF)
    
    
    SetManipulationInputTarget +0xd6     RET  MsgWaitForMultipleObjectsEx +0x1a8
    0x779A8576 user32.dll                     0x7798C4A8 user32.dll        
    
    InvalidateRect +0x1c               ~ RET  MsgWaitForMultipleObjectsEx +0x184
    0x779A895C user32.dll                     0x7798C484 user32.dll        
    
    Wow64SystemServiceEx +0x257        ~ RET  TurboDispatchJumpAddressEnd +0xb
    0x55326347 wow64.dll                      0x55371C87 wow64cpu.dll      
    
    0x55338404 wow64.dll                 RET  Wow64SystemServiceEx +0x244  
                                              0x55326334 wow64.dll        
    
    0x552A8610 wow64win.dll            ~ RET  Wow64SystemServiceEx +0x155  
                                              0x55326245 wow64.dll        
    
    0x552B3804 wow64win.dll            ~ RET  0x552A860B wow64win.dll      
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  7284538D iertutil.dll        
                8bd8                     MOV          EBX, EAX
                85db                     TEST         EBX, EBX
                0f84b4da0100             JZ           0x72862e4b
                8b450c                   MOV          EAX, [EBP+0xc]
                8918                     MOV          [EAX], EBX
                a1587a8072               MOV          EAX, [0x72807a58]
                8945f8                   MOV          [EBP-0x8], EAX
                85c0                     TEST         EAX, EAX
                0f85f0da0100             JNZ          0x72862e9c
                e891000000               CALL         0x72845442
                8bc3                     MOV          EAX, EBX
                8b4dfc                   MOV          ECX, [EBP-0x4]
                5f                       POP          EDI
                5e                       POP          ESI
                33cd                     XOR          ECX, EBP
                5b                       POP          EBX
    
    2  7284F25C iertutil.dll        
    3  72826452 iertutil.dll        
    4  72826149 iertutil.dll        
    5  72812F02 iertutil.dll        
    6  7281501A iertutil.dll        
    7  72812D66 iertutil.dll        
    8  76FB38F4 kernel32.dll             BaseThreadInitThunk +0x24
    9  77BB5DE3 ntdll.dll                RtlUnicodeStringToInteger +0x253
    10 77BB5DAE ntdll.dll                RtlUnicodeStringToInteger +0x21e
    
    Process Trace
    1  C:\Program Files (x86)\Internet Explorer\iexplore.exe [1412]
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6516 CREDAT:75009 APPID:Microsoft.Website.72CC912D.B278EB8C /prefetch:2
    2  C:\Program Files\Internet Explorer\iexplore.exe [6516]
    "C:\Program Files\Internet Explorer\iexplore.exe" -w "C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\XXXXX weather - local weather forecast.website"
    3  C:\Windows\explorer.exe [3204]
    4  C:\Windows\System32\userinit.exe [4088]
    </Data>
      </EventData>
    </Event>
    Win10 x64.

    HMP.A Build 371.
     
  6. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Hi all, long time no post heh. Just curious if there's a way to whitelist something in hmpa.alert. I recently installed a new game, Overwatch by Blizzard, and hmpa.alert blocks it. I know this because I tested in Selective Mode. Win 10 home.

    Thank you for any assistance.
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello Dragonsteel,

    In the HMP.A main GUI, click the blue "Exploit mitigation" button > then "Applications". All the way to the right you will find "Exclude" where you can "Add exclusion".
    HTH...
     
  8. Dragonsteel

    Dragonsteel Registered Member

    Joined:
    Jun 27, 2013
    Posts:
    64
    Location:
    United States
    Thank you puff-m-d!
     
  9. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello Dragonsteel,

    You are most welcome ;) ...
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Got this ROP false positive today with the first attempt to run Outlook. It ran fine the second time. I'm running Office 2013 32 bit (15.0.4823.1000) and HMPA build 371

    ********************

    "Mitigation ROP

    Platform 10.0.10586/x64 06_5e
    PID 468
    Application C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
    Description Microsoft Outlook 15

    Branch Trace Opcode To
    -------------------------------- -------- --------------------------------
    0x5C910B58 MSO.DLL RET 0x5C910A69 MSO.DLL ^02BE

    0x5CB35DBB MSO.DLL ~ RET 0x5CB37988 MSO.DLL

    ?AuthHandlerSupportAutoLogonBasedOnURL@Http@Mso@@YAXXZ() RET 0x5CB37981 MSO.DLL ^04E6
    0x5C90A75C MSO.DLL

    0x5C960D1C MSO.DLL ~ RET 0x5CB316F5 MSO.DLL ^0001

    _MsoRegOpenKeyExW@16 +0x13a RET 0x5C960D1C MSO.DLL ^0301
    0x5C902BA3 MSO.DLL

    0x5DAE5C70 MSO.DLL ~ RET* 0x5C960CBA MSO.DLL ^01FB
    84c0 TEST AL, AL
    7435 JZ 0x5c960cf3
    8bce MOV ECX, ESI
    e8a79ad400 CALL 0x5d6aa76c
    8bc8 MOV ECX, EAX
    e8b41ad500 CALL 0x5d6b2780
    85c0 TEST EAX, EAX
    7813 JS 0x5c960ce3
    6a00 PUSH 0x0
    8bce MOV ECX, ESI
    e816435a01 CALL 0x5df04fef
    7f34 JG 0x5c960d0f
    1880ad0000f0 SBB [EAX-0xfffff53], AL
    8907 MOV [EDI], EAX
    57 PUSH EDI
    8bce MOV ECX, ESI
    (7B1000D376A23D10)


    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 5C910A74 MSO.DLL
    8bce MOV ECX, ESI
    8986ac000000 MOV [ESI+0xac], EAX
    e81f010000 CALL 0x5c910ba0
    8bc6 MOV EAX, ESI
    5e POP ESI
    c3 RET

    2 5CB37A99 MSO.DLL
    3 5CB3798D MSO.DLL
    4 5CB31707 MSO.DLL
    5 015B026D (anonymous; outlook.exe)
    6 5CB5D8DC MSO.DLL
    7 5CB5B62B MSO.DLL
    8 5C92D94A MSO.DLL
    9 5C91D28D MSO.DLL
    10 5C91D05A MSO.DLL

    Process Trace
    1 C:\Program Files\Microsoft Office 15\root\office15\outlook.exe [468]
    2 C:\Windows\explorer.exe [6624]
    3 C:\Windows\System32\userinit.exe [6604]"
     
  11. Man van het noorden

    Man van het noorden Registered Member

    Joined:
    Jun 26, 2014
    Posts:
    12
    Location:
    NL
    Since build 371 I noticed that opening .VOB, .MPG, .MPEG and .AVI files (and probably there are more media type files) with Windows Media Player lead to a ROP (see below). Opening the same files with for instance Media Monkey works without any problems.

    Mitigation ROP

    Platform 6.1.7601/x86 06_25
    PID 800
    Application C:\Program Files\Windows Media Player\wmplayer.exe
    Description Windows Media Player 12

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 76224712 advapi32.dll RegQueryInfoKeyW +0xdb
    2 7621E09B advapi32.dll CryptGenRandom +0x153

    3 6A1C1EBA msmpeg2adec.dll
    8945e4 MOV [EBP-0x1c], EAX
    33f6 XOR ESI, ESI
    8b45dc MOV EAX, [EBP-0x24]
    3bc6 CMP EAX, ESI
    e8e50df4ff CALL 0x6a102cae
    880b MOV [EBX], CL
    0a20 OR AH, [EAX]
    c40505a018c9 LES EAX, [0xc918a005]

    4 6A1C505D msmpeg2adec.dll
    5 6A1BD30A msmpeg2adec.dll
    6 6A136A61 msmpeg2adec.dll
    7 6A13834E msmpeg2adec.dll
    8 69EF2225 qdvd.dll
    9 69EF22E6 qdvd.dll
    10 69EF23CD qdvd.dll

    Process Trace
    1 C:\Program Files\Windows Media Player\wmplayer.exe [800]
    "C:\Program Files\Windows Media Player\wmplayer.exe" /Play "E:\Videos\Concerten\Billy Joel\Ultimate Collection, The\VIDEO_TS.VOB"
    2 C:\Windows\System32\rundll32.exe [3388]
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\MyOpenAs.dll,MyOpenAs_RunDLL E:\Videos\Concerten\Billy Joel\Ultimate Collection, The\VIDEO_TS.VOB
    3 C:\Windows\explorer.exe [3664]
    C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding

    and

    Mitigation ROP

    Platform 6.1.7601/x86 06_25
    PID 2632
    Application C:\Program Files\Windows Media Player\wmplayer.exe
    Description Windows Media Player 12

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 76224712 advapi32.dll RegQueryInfoKeyW +0xdb
    2 7621E09B advapi32.dll CryptGenRandom +0x153

    3 6A1B8053 msmpeg2adec.dll
    8945e4 MOV [EBP-0x1c], EAX
    33f6 XOR ESI, ESI
    8b45dc MOV EAX, [EBP-0x24]
    3bc6 CMP EAX, ESI
    e84cacf4ff CALL 0x6a102cae
    880b MOV [EBX], CL
    0a20 OR AH, [EAX]
    c40505a018c9 LES EAX, [0xc918a005]

    4 6A1C1C2E msmpeg2adec.dll
    5 6A1B5B15 msmpeg2adec.dll
    6 6A136A61 msmpeg2adec.dll
    7 6A13834E msmpeg2adec.dll
    8 6A1FA566 quartz.dll
    9 6A1FA746 quartz.dll
    10 6A1FA6A0 quartz.dll

    After completely disabling Windows Media Player in Exploit Mitigation the issue is gone.
     
  12. Akexi_Qatazi

    Akexi_Qatazi Registered Member

    Joined:
    May 17, 2016
    Posts:
    3
    Hello,

    This is my first post. I hope that I am doing this correctly and that you see this. I am currently using a trial version of HitMan Pro 3 Alert BETA 3.1.10 Build 371. I had previously tried HitMan Pro 3 Alert 3.1.10 Build 368. However, after the initial scan, all other attempts at scanning failed even after re-installing. This current BETA version seems to be working much better with Bitfender Total Security 2016. Here are my questions.

    1. I am using Windows 7 64x home Premium. After installation of HitmanPro Alert BETA, I scanned my computer. The HitmanPro scan opened and scanned without incident. However, the next time it scanned something differerent happened. If Hitman Pro Scan is supposed to be free with HitmanPro alert, why did I have to activate a separate trial license when I tried to scan my computer again two days later? There is no question that this is a separate activation from HitmanPro Alert. Firstly, for HitmanPro to scan, I had to activate the trial because there was no other option available. Secondly, the amount of time remaining until the trial expires is different for each HitmanPro product. This leads to my next question. This leads to my next question.

    2. HitmanPro and HitmanPro Alert trials are supposed to be be for 30 days. I only received 29 days for my trials. Why?

    3. I have seen three different colored window borders; a green border is around my browser, a blue border is around Windows Explorer and a black border is around the Control Panel. In the previous version I tried, only my browser was bordered. I am glad to see the that all of these are now bordered, but I would like to know why the colors are all different and what do the different border colors represent. I am especially concerned that the black border means that something is wrong.

    4. As a result of partitioning my hard drive, I now also have an A drive in addition to the regular drives. Hitman Pro Alert does not protect my A drive. Shouldn't the A drive also be given the same protection? If it is, how and where do I configure HitmanPro Alert to protect my A drive? If not, why? I use Sandboxie and I partitioned my drive because I wanted to use it to surf the internet, download and play games while keeping my C drive protected from what I was doing on my A drive. By the way, if there is a way to configure HitmanPro Alert to protect my A drive, please "dumb down" your answer. Sadly, I am not computer savvy.

    5. I have scanned my computer 3 times and HitmanPro has deleted the Ask.com Ask Bar from the the following location listed below three times, yet it keeps showing up because it hasn't been deleted. How do I permanently rid my computer of this? Why isn't HitmanPro permanently able to delete this file?
    C:\Users\User Name\AppData\Local\Google\Chrome\User Data\Default\Web Data

    6. HitmanPro Alert stopped Bitdefender from shredding a web page that I just downloaded. Yet when the file was scanned HitmanPro found nothing except that
    Ask.com Ask Bar that's not getting deleted. I also scanned it with Bitdefender and Malwarebytes Pro and nothing was found. How can I safely delete this? HitmanPro
    Alert stops me when I try.

    Here are the details:

    C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe

    CryptoGuard

    Mitigation CryptoGuard
    Platform 6.1.7601/x64 06_2a PID 5224
    Application C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe
    Description Bitdefender File Vault Wizard Helper 20.0.26
    Filename C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe
    C:\Users\User Name\Desktop\How to Recover Files From a Dead Computer_files\a_data_006\allow_unblock.png
    C:\Users\User Name\Desktop\How to Recover Files From a Dead Computer_files\a_data_006\ghostery_facebook.png
    C:\Users\User Name\Desktop\How to Recover Files From a Dead Computer_files\a_data_006\ghosty_blocked.png Process Trace 1
    C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe [5224] "C:\Program Files\Bitdefender\Bitdefender 2016\bdfvwiz.exe" C:\Users\AMBERK~1\AppData\Local\Temp\bdf49C5.tmp 2
    C:\Windows\explorer.exe [3288] 3 C:\Windows\System32\userinit.exe [3308]


    I forgot to add that HitMan Pro 3 Alert 3.1.10 Build 368 did not auto update. I do not have Windows update KB3146706 installed.

    Thank you for taking the time to read all of this.
     
  13. Akexi_Qatazi

    Akexi_Qatazi Registered Member

    Joined:
    May 17, 2016
    Posts:
    3

    Hello,
    I am so ashamed. Even though I double checked, I still gave you the wrong link again. I am really bad when it comes to anything related to computers including the internet, which is why I read and don't post. Unfortunately, I have reached a point where I have to start asking questions online. Here is the correct link.

    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-401#post-2591567

    Thanks again
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.1.10 Build 373 Released

    Changelog (compared to 368 )
    • Improved compatibility with Firefox 46.
    • Improved compatibility with Bitdefender 2016.
    • Improved Attack Surface Reduction compatibility with System Mechanic.
    • Improved ROP mitigation.
    • Fixed ROP false positive in Microsoft Office (occurs on some computers).
    • Fixed code injection issue with Windows 7 KB3146706.
    Download
    Automatic update is rolling!
    ... or
    http://www.hitmanpro.com/downloads

    Please report any issues you may have with this build :thumb:

    Spoiler: We are working towards a public BETA of version 3.5 which is slated for end of this week or early next week. Depends on how many issues we find/are able to resolve prior to release.
     
  15. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Thanks for the update!

    I apologize if this has been reported already. ESET's Banking browser does not start if HMP.A is installed.
     
  16. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    Good!
    :thumb:
     
  17. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Thanks very much.
    One minor detail: the SurfRight downloads page says, 3.1.9.373, where it should say 3.1.10.373
     
  18. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Fixed it, thanks :thumb:
     
  19. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    210
    Is the Trusteer Rapport fix that was mentioned for 372 here included in 373? Thanks
     
  20. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    The color of the border is determined by the "template" used by HMPA for protecting the application. The templates determine which features are appropriately enabled for different types of apps, such as browsers, MS Office apps, etc. You can view which features are enabled for a specific app by clicking on its icon in the advanced UI.

    HMPA does not protect drives per se, it protects applications.

    Try going to "Control Panel/Programs and Features". If there's an entry for the Ask Toolbar uninstall it from there.

    The CryptoGuard feature of HMPA is designed to block what looks like encrypting behavior and file shredding tends to trigger it. Disable CryptoGuard before shredding files and you won't have a problem (just remember to turn it back on).
     
  21. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    I received a notification of a new HMPA build to install on the next boot; after rebooting build 373 installed and is running fine :thumb:

    Looking forward to the 3.5 public beta :)
     
  22. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    System Mechanic works again after installing 373 ....
     
  23. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    No obvious problems with build 373 (w7 x64)
     
  24. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Just wondering, is explorer.exe protected from exploits by default? If not, should I add it? I understand that HMP.A would terminate explorer.exe in case of an exploit, that doesn't bother me so much since it'll just relaunch. Just wondering if there is any point in adding explorer.exe manually to the list of protected applications?
     
  25. Akexi_Qatazi

    Akexi_Qatazi Registered Member

    Joined:
    May 17, 2016
    Posts:
    3
    Victek,
    Thank you for taking the taking to respond to my post.

    1. I googled UI and found out that means User Interface. Is that the same as advanced settings? If so, I do not see what you are referring to. I have left clicked everything possible to open on the HitmanPro Alert thingy (I have no idea what it's called) that opens on my desk top. Right clicking did nothing . Would you please tell me how "you can view which features are enabled for a specific app by clicking on its icon in the advanced UI." Also, I checked the folder where HitmanPro Alert was installed and the only thing there is the hpmalert.exe and update files.

    2. I should have been more specific about what I was referring to with my A drive. I have copied my browsers to my A drive. HitmanPro Alert does not protect my browser when I open from my A drive. Shouldn't my browser also be protected even though it's being opened in a different drive? There's a black colored border around the A drive when I open it. However, when I open my browser, there is nothing.

    3. I should have mentioned in my first post that I don't have an Ask Toolbar installed nor anything by FoxIt. However, I typed in "ask" and did a search on my computer and there are 3 locations where it's placed. The first two are located in:
    C:\Users\User Name\Google\Chrome\User Data\Default\Local Storage\http_nortonsafe.search.ask.com_0.localstorage
    C:\Users\User Name\Google\Chrome\User Data\Default\Local Storage\http_nortonsafe.search.ask.com_0.localstorage-journal

    The third is located here:
    C:\Users\User Name\AppData\Local\Google\Chrome\User Data\Default\Web Data

    The third location is the one HitmanPro Alert identifies and deletes but doesn't delete. My concerns are the following:
    a. HitmanPro Alert is stating that removal is complete when it isn't, leaving a false sense of security.
    b. I know that Ask has been a thorn in many people sides. However, HitmanPro is supposed to be the one that's able to remove this. If HitmanPro Alert can't remove something that's not a threat, what hope do I have that I will be protected from something worse? I mean no offense to the developers of HitmanPro, however, I do believe that I have a legitimate concern.

    4. "Disable CryptoGuard before shredding files and you won't have a problem (just remember to turn it back on)." - Thanks for letting me know about this. I thought I was going to have to wipe my hard drive and re-install everything.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.