HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    Installed HMPA 3.5.2 build 558 pre-release. It is still causing firefox to freeze. Have to click firefox tray icon and select close. The select close program when windows prompts to Close or Wait. This happened on 2 PCs.One a desktop and one a laptop.
    Both Win 10 anniversary. If HMPA is uninstalled, the problem goes away. this has happened with the last several versions. I am running the 64 bit version of firefox.
     
    Last edited: Sep 6, 2016
  2. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
    @erikloman
    @markloman

    Explorer.exe crashes with b557.

    Code:
    <?xml version="1.0" encoding="UTF-16"?>
    <WERReportMetadata>
        <OSVersionInformation>
            <WindowsNTVersion>6.1</WindowsNTVersion>
            <Build>7601 Service Pack 1</Build>
            <Product>(0x1): Windows 7 Ultimate</Product>
            <Edition>Ultimate</Edition>
            <BuildString>7601.23418.amd64fre.win7sp1_ldr.160408-2045</BuildString>
            <Revision>1130</Revision>
            <Flavor>Multiprocessor Free</Flavor>
            <Architecture>X64</Architecture>
            <LCID>1055</LCID>
        </OSVersionInformation>
        <ProblemSignatures>
            <EventType>APPCRASH</EventType>
            <Parameter0>Explorer.EXE</Parameter0>
            <Parameter1>6.1.7601.17567</Parameter1>
            <Parameter2>4d672ee4</Parameter2>
            <Parameter3>ole32.dll</Parameter3>
            <Parameter4>6.1.7601.19131</Parameter4>
            <Parameter5>569a9398</Parameter5>
            <Parameter6>80000001</Parameter6>
            <Parameter7>0000000000179b94</Parameter7>
        </ProblemSignatures>
        <DynamicSignatures>
            <Parameter1>6.1.7601.2.1.0.256.1</Parameter1>
            <Parameter2>1055</Parameter2>
            <Parameter22>615a</Parameter22>
            <Parameter23>615ac103077875ce3f0c98cf45efba70</Parameter23>
            <Parameter24>17c0</Parameter24>
            <Parameter25>17c038ac96f91e9655ff20258974cde6</Parameter25>
        </DynamicSignatures>
    </WERReportMetadata>
    
     
    Last edited: Sep 6, 2016
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Build 558 has just been released.

    #11299
     
  4. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Just purchased a 3 year licence, tried to active HMP.Alert and it says "the entered product key is not suitable for this product" :(

    Am I doing something wrong?
     
  5. busy

    busy Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    117
  6. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    Build 558 has fixed 556/557 issues with black-screen and chrome extensions crashing,

    but MPC-HC has still to be excluded manually, and Photoshop-Elements needs Control-Flow-Integrity to be disabled...
    I don't want to complain, but there should be an exception for most popular Applications.

    I suggest a cloud based whitelist for know good applications, that interfere with HMP.A
     
    Last edited: Sep 6, 2016
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Working good here on Windows 7 x64.
     
  8. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118

    This is great news. Wish I could attend there. I hope that you will record that and share it with us via YouTube or something. I will keep an eye on Intercept X as I've been asking and waiting for something like that for quite a while already. :)
     
  9. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    many developers have the attitude you just said but I think it is wrong, a manual is part of the product in my view.

    It also shouldnt be particurly a time consuming task to have one either.

    My main concern now is the false positives, I am not sure what view I take currently.

    EMET when I used to use also had false positives, and arguably those were more severe as EMET developers never took action to resolve those false positives so e.g. to prevent firefox from cashing I disabled ROP protection, whilst HMPA can run firefox with ROP protection.

    However the issue with HMPA is how it hooks to everything running on the system by default which means false positives can crash installers, security software and other stuff. Which can be much more damaging than crashing a browser session. This approach actually conflicts with the advice that was given to me when I first started using HMPA, some may remember I originally asked about adding stuff like svchost and explorer to HMPA and I was told one shouldnt be adding every executable to the protection as stability is compromised yet HMPA seems to hook onto everything anyway unless its manually excluded.

    Of course the other gain with HMPA is it is much better performance wise than EMET, if an exe was added to EMET with most protections enabled, then the performance drop off was very visible, this is not the case with HMPA. I am still going to use HMPA but with these concerns, thankfully the false positives I have had have been mostly on my win10 testing machine rather than this desktop.
     
  10. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    Btw do you know/have any plans to integrate Sophos Intercept X with major MSP systems like Kaseya or LabTech?
     
  11. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    in my view this should be a priority, when interaction is added then false positives are no longer such an issue.
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Their are much less hooks in non-mitigated applications. Also the amount of code in these smaller number of hooks is much less. Still there are a few applications that do not like to be injected (mostly games and third party AVs).
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is high on our list, but due to resource constrains this did not make it in. It is already in Alert but not yet fully implemented and therefor disabled. Note though that it does NOT work on per-alert basis where you have to say allow/block.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Cloud-assisted whitelisting is in this build but not yet fully operational due to resource constraints. Keep an eye out for this in the next builds!
     
  15. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    978
    Location:
    UK
    thanks for the replies erik, I think will stick with build 546 for now as some of the bugs (the black screen boot issue especially) I find scary. I will wait until a release gets posted with no issues reported.
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,028
    No problems upgrading build 558 PR.

    Win10 1607 build 14393.105 x64/Norton Security v22.7.1.32
     
  17. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    @erikloman @markloman
    I've sent you PM's about this issue.
    Should I be emailing support instead?

    UPDATE: Erik has kindly resolved the issue :thumb:
     
    Last edited: Sep 7, 2016
  18. guest

    guest Guest

    no problem here with 558
     
  19. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Had a false positive with internet explorer using 556, but 558 working well for me.
     
  20. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Updated HMP.alert from build 546 to build 558.
    Both W7-x64 and W10-x64 AU are running without issues!
     
  21. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    Enterprise licenses is missing, that is a HUGE difference.
     
  22. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    I take it from the new website that the Enterprise license has been dropped? Where does that leave my 130 user license when I come to renew it?
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,602
    Location:
    Outer space
    Oops, I compared the new price to the 3PC license :oops:
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    I'm covered for the next few years because of the last Black Friday deals but it would be good if Wilders' beta testers could get a reasonable discount. The new prices are well above what I can afford to pay, and above what I'm prepared to pay.
    ... And my licenses cover both HMP.A and HMP.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,285
    Location:
    Among the gum trees
    Erik has said in this thread that after a certain date that HMP and Alert had separate licenses.


    I know! You obviously don't understand what I wrote, but that's OK.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.