HitmanPro.ALERT Support and Discussion Thread

Unfortunately I don't think that there was ever an explanation provided. It certainly still works great, though I do still wonder why they only keep the 32-bit version updated.

 

374 version is having issues with Futuremark's 3DMark:

Mitigation BlockedProcess

Platform 10.0.10586/x64 06_3c
PID 1996
Application C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\jre\bin\javaw.exe
Description Java(TM) Platform SE binary 8.0.45

Filename of the process blocked:
"C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\dxinfo.ex

Command line:
"C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\dxinfo.exe"

Code Injection
00550000-00551000 4KB C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe [1296]
1 C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe [1296]
2 C:\Program Files (x86)\Steam\Steam.exe [4456]
3 C:\Windows\explorer.exe [3904]
4 C:\Windows\System32\userinit.exe [3876]

Process Trace
1 C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\jre\bin\javaw.exe [1996]
"C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\jre\bin\javaw.exe" -Djava.io.tmpdir="C:\ProgramData\Futuremark\3DMark\tmp" -Djna.tmpdir="C:\ProgramData\Futuremark\3DMark\tmp" -XX:MaxHeapSize=86m -XX:+AggressiveHeap -XX:+DisableAttachMechanism
2 C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe [1296]
3 C:\Program Files (x86)\Steam\Steam.exe [4456]
4 C:\Windows\explorer.exe [3904]
5 C:\Windows\System32\userinit.exe [3876]

 

Ah, that's ugly. 3DMark is using Java to install Windows binaries on the machine. That is not permitted obviously, Java should only run Java code and not mingle with other non-Java binaries. We'll take a look at this. Thanks!

 

Is Steam or 3DMark listed under the Browsers template under green tile)?

 

Steam is listed in green and blue tile. No 3DMark though.


Thanks for taking a look into this.

 

It should NOT be listed at the green tile. That says that Steam is a webbrowser which isn't.

 

@erikloman
@markloman

On 64 bit systems, what alert is shown for process hollow - "Code Injection" ??

For example, Cerber or other hollow process ransomware ?

Need above infos for testing...

 

I tried to use the Search but could not find this yet. I noticed that when running HMPA, I am not able to type the quote character (") in many browsers. Is this a known issue? I guess it has to do with the keystroke encryption functionality. See also the topic here: https://productforums.google.com/fo...e=footer#!msg/chrome/p-kslIXSrdc/ENm9qri3BQAJ.

 

Does hitting the space bar after the " character help?

 

What is your Windows version?
And what are your settings for Keyboards and Languages?
With Windows 7 with language Dutch + keyboard layout United States (international), I have no issue typing the double quotation mark character ("). (Shift+"+Space bar)

 

I have a registered version of HitmanPro.Alert. Do I need a standalone Hitman Pro 3 for scanning?
HMPA has a scanner ...

 

You may download and install the standalone, and HMP.A will call that when scanning.
You may also just click the scan option of HMP.A, then look for the executable in the temp folder (I forgot the temp folder name), and then copy that to anywhere you like, like Program Files.

 

No, that does not help . I forgot to mention, but outside of any browser (like Word, Notepad etc.) the quote character just works fine (it appears immediately after pressing the quote key on the keyboard, no space required).

 

I am using Windows 10 64-bits. I tried both Dutch + US Int. and English + US Int., but both of them gave this particular issue. When I enable the HMPA keystroke encryption, nothing happens when typing Shift+"+Space. When I disable the keystroke encryption, Shift+"+Space gives me the " character without any problems.

 

Thanks, loekverhees.
If I remember correctly, we've seen the same issue before, with a previous version of HMP.A, with Windows Vista and/or Windows 7. (I'm not sure about Windows 8.x and 10.) That issue was fixed quite some time ago.
Perhaps the issue you are having is a new HMP.A issue specific for Windows 10?
Does anyone else see that same issue with Windows 10 x64?

 

More problems (This time Steam was only in blue tile.)


Mitigation Lockdown

Platform 10.0.10586/x64 06_3c
PID 5336
Application C:\Program Files (x86)\Steam\bin\x86launcher.exe
Description x64launcher.exe 3.0

Filename C:\Program Files (x86)\Steam\bin\x86launcher.exe
Created By C:\Program Files (x86)\Steam\Steam.exe


Process Trace
1 C:\Program Files (x86)\Steam\bin\x86launcher.exe [5336]
"C:\Program Files (x86)\Steam\bin\x86launcher.exe" -hproc 1e6f4 -hthread 159ac -baseoverlayname C:\Program Files (x86)\Steam\gameoverlayrenderer.dll
2 C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe [4188]
"C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe" -upc_steam_required_product_id 2957 -uplay_steam_mode
3 C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe [7240]
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" -gamelauncher_wait_handle 868 -upc_uplay_id 1843 -upc_game_version 1 -upc_exe_path QzpcUHJvZ3JhbSBGsWxlcyAoeDg2KVxTdGVhbVxzdGVhbWFwcHNcY29tbW9uXFRvbSBDbGFuY3kncyBSYWluYm93IFNpeC
4 C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe [4384]
"C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe" -upc_steam_required_product_id 2957 -uplay_steam_mode
5 C:\Program Files (x86)\Steam\Steam.exe [6256]
6 C:\Program Files (x86)\Steam\Steam.exe [3660]
7 C:\Windows\explorer.exe [3848]
8 C:\Windows\System32\userinit.exe [3836]

 

Steam should not have Application Lockdown enabled either as steam downloads executables. Application Lockdown blocks binaries written to disk by the mitigated application.

I will try to add some automated config for steam in a next build.

 

Hi @erikloman

Please check your Email. I have completed the Danish translations.

 

@erikloman
@markloman

On 64 bit systems, what alert is shown for process hollow - "Code Injection" ??

For example, Cerber or other hollow process ransomware ?

Need above infos for testing...

 

This will be very nice. Thanks Erik.

 

Thanks. Steam has millions of users so some kind of automation might be useful for HitmanPro.Alert with future in mind.

 

I've asked 3DMark to get rid of Java and I got an answer that I'm using a bad security software. At least I've tried.

http://steamcommunity.com/app/223850/discussions/0/365172547941613773/

 

Are there plans to Test/ Integrate with the Upcoming Firefox 48 build due to release on 8-2-16. It will likely have several JIT and J/S fixes.

Release notes for latest beta: https://www.mozilla.org/en-US/firefox/48.0beta/releasenotes/
https://developer.mozilla.org/en-US/Firefox/Releases/48

I believe that the new add-on structure will be implemented in this build.

XUL.dll seems to be the most problematic interaction with HitmanPr.Alert. That and the grahics (I have an Intel i7 6th gen processor)

 

@erikloman
@markloman

On 64 bit systems, what alert is shown for process hollow - "Code Injection" ??

For example, Cerber or other hollow process ransomware ?

Need above infos for testing...

 

@erikloman

Sent you a mail.