HitmanPro.ALERT Support and Discussion Thread

I use Office 2013 and all of those apps were added automatically. Have you checked the list of applications by clicking the Exploit Mitigation tile (advanced UI)?

 

Indeed I did before asking that here..

office 2016 / office 365 applications such as outlook, onenote etc are not added.

Separately, Outlook for Windows 10 - which comes inbuilt in Windows is also not added to the list - automatically.

 

I understand that you would like to know why they weren't added automatically. Hopefully Erik or Mark can help with that, but meanwhile you can add the apps manually.

 

Just wondering if someone can shed some light on this oddity.

When launching MediaMonkey for the first time after booting the PC HitMan blocks the launch and the tech details say a CallerCheck was blocked. If I close the notice and try to launch MediaMonkey again it launches without issue. Anyone have any idea what a CallerCheck is and why it only is triggered after a reboot of the system?

 

If you purchase HitmanPro for Enterprise licenses, are you able to install HitmanPro.Alert on each computer as well? I'm a bit confused as Alert only seems to be on the "for home" page, not business, and only the HitmanPro for home user page mentions that you can use .Alert.

 

Hi guys,
i think i've got a false positiv. A scan with Hitman was without any results.
The alert interupts the start of the game "Mini-Metro" out of Steam.
Can you please check it.

Best regards

Code:

Mitigation   CallerCheck

Platform     10.0.10586/x64 06_3a
PID          10916
Application  C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  059782A4 (anonymous; mono.dll)  
            8bf8                     MOV          EDI, EAX
            8b0570591f10             MOV          EAX, [0x101f5970]
            85c0                     TEST         EAX, EAX
            750f                     JNZ          0x59782bf
            8bc7                     MOV          EAX, EDI
            8b55dc                   MOV          EDX, [EBP-0x24]
            8b4de0                   MOV          ECX, [EBP-0x20]
            8911                     MOV          [ECX], EDX
            8b7df0                   MOV          EDI, [EBP-0x10]
            c9                       LEAVE      
            c3                       RET        

2  059781D5 (anonymous; mono.dll)  
3  05977BF2 (anonymous; mono.dll)  
4  0597507A (anonymous; mono.dll)  
5  0595E571 (anonymous; mono.dll)  
6  100F06DA mono.dll              
7  1005D89E mono.dll                 mono_runtime_invoke +0x51
8  013F488E MiniMetro.exe          
9  01494DF9 MiniMetro.exe          
10 01494F9E MiniMetro.exe          

Process Trace
1  C:\Program Files (x86)\Steam\SteamApps\common\MiniMetro\MiniMetro.exe [10916]
2  C:\Program Files (x86)\Steam\Steam.exe [7340]
"C:\Program Files (x86)\Steam\steam.exe" "steam://rungameid/287980"
3  C:\Windows\explorer.exe [8200]
4  C:\Windows\System32\userinit.exe [9104]
5  C:\Windows\System32\winlogon.exe [8476]
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
6  C:\Windows\System32\smss.exe [2820]
\SystemRoot\System32\smss.exe 00000118 00000074 C:\WINDOWS\System32\WinLogon.exe -SpecialSession

 

No you are not. I did that blunder and had to request for a refund.

Buy the home edition of HMP. This should do.

Sophos/ Surfright, should have ideally enabled the same options for HMPA for enterprise customers as well. I don't know why was this not done.

 

Thank you Victek. I know that. My question was about - out of the box addition, instead of users having to add it manually. It' not just about me.

 

I use Enterprise with HMPA just fine.

 

Yes, I bought Enterprise and use it with both HMP and HMPA. I had asked support the very same question as it is not clear on their web page. Here was the response from support:

"When you purchase the Enterprise license, you need to install both programs.
Then you activate HitmanPro.
HitmanPro.Alert will automatically activate itself as well (no manual activation necessary)."

I don't know why the other poster thinks there is a problem because I have 130 PCs with both HMP Enterprise and HMPA on them!

 

It's a bit hit and miss, some of my PCs didn't get Outlook 2010 added and I had to add it manually.

 

The reason for this is we'd have to add another category to HMPA because of Application Lockdown.
For office applications (i.e. Word, Excel, PowerPoint, Acrobat, etc.), Application Lockdown does not allow the download/creation and running of new applications; you'd typically use a web browser for this task. And since many people receive applications (in .zip, .rar, or other archive) by mail, this will become a problem (our Application Lockdown is way more strict than any other similar tool). But if you do not want to introduce new binaries through Outlook (or other mail applications), by all means, let HitmanPro.Alert protect it.

 

I would have thought that this was the default position?

 

Hi Mark
tell me please what information is sended to the microsoft server ?

 

When an alert is triggered, exploit technical details are sent to an Microsoft Azure server. The information is used to improve Alert (reduce false detections and increase detections).

 

Ok thanks

 

When I wrote an email to support telling HMP Enterprise licenses were not working for HMPA, i was asked to purchase HMP Home licenses first and then got a refund for HMP Enterprise.

EDIT:
Did a Math. A license for 10 machines costs 15.95 per machine, when bought for the enterprise. But when you buy a 3 machine license for HMP home, the cost falls to 12.67 per machine. Makes sense why Support advised me to buy HMP Home to use for HMPA.

@celicynd I don't have a 130 member team like @eddiewood has. So I was happy with the discount received.

 

Dumb question - so should Outlook get classified under Browsers template?

 

@erikloman why the Office Template in HMPA doesn't have keylogging protection?

i think Excel or Words may be used for sensitive reports, and people wouldn't like their keystroke recorded while using them.

 

It's logical to add additional keylogging protection for these kind of apps.
Or the user can choose the "other"-template.
If i compare the templates (registry: HKLM\SOFTWARE\HitmanPro.Alert\_templates_) it's the same as the "Office"-template but with additional keylogging protection (KbdGuard) enabled.

 

using the Other Template with Office when you have the Office Template would be a bit dumb

 

Any ETA regarding v3.5?

 

but then you have keyboard logging protection

 

Just updated to 374 before the auto update did it. So far everything seems good like before.

 

Any ETA when 374 will go Auto??