HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    This was reported before some time ago, but HMPA still triggers alert for Tracker Software PDF-XChange Editor self-updater (Tracker Update).
    This is a relatively well-known app, so should be excluded, else what is the work-around (other than downloading and installing latest version, which works fine)?

    Mitigation Lockdown

    Platform 10.0.10586/x64 06_45
    PID 9772
    Application C:\Users\Paul\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.exe
    Description Tracker Update 6

    Filename C:\Users\Paul\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.exe
    Created By C:\Program Files\Tracker Software\Update\TrackerUpdate.exe


    Process Trace
    1 C:\Users\Paul\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.exe [9772]
    "C:\Users\Paul\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.exe" -StateFile:"C:\Users\Paul\AppData\Local\Temp\TrackerUpdate\TrackerUpdate.state.xml"
    2 C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2332]
    "C:\Program Files\Tracker Software\Update\TrackerUpdate.exe" -Auto
    3 C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe [15160]
    4 C:\Windows\explorer.exe [4012]
    5 C:\Windows\System32\userinit.exe [8628]
     
  2. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    I don't know what you mean by having "no space for security". All that I and my x86 users know is that the Java app doesn't start, but is fine without HMP.A being installed. Note: I know nothing of Java myself, I am just a user of this app too.

    Adding the Java binaries to the Exclude category would open the computer up to Java based attacks wouldn't it?

    "Java Web Launcher 8" is the process that runs when I run this Java app. There is a desktop shortcut to a .jnlp file located on my C: drive which then appears to connect to a bunch of Java files in a folder share on a Oracle database server.

    If the Exclude category did more, like excluding whole folders where this Java app resides or the host IP address of the server then would that help perhaps? The Exclude category appears a bit limited compared to AV programs that can exclude whole files, folders, drives etc.
     
  3. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    Hi, quick question. I have setup everything to maximum. Even Cryptoguard and MBR protection etc. I also have bitlocker turned on.

    I tried enabling intel virtualisation settings in bios and my system crashed. Wouldn't boot windows. On changing the setting back, windows was up. Does this have to do with HMPA?
     
  4. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,004
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Tarnak

    I noticed you had to say "I think" makes the post silly and quite useless.
     
  7. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    Thank's i think its bitlocker then.
     
  8. @Tarnak, @Victek and @Fad
    Correct guess

    @Peter2150
    Pardon me to notice that the reverse (posting without thinking) also results in and silly and useless posts, so what what is your point?
     
    Last edited by a moderator: Sep 15, 2016
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yep, but one is by accident another is on purpose
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,131
    Location:
    USA
    Just got this intercept on dasHost.exe


    HMPA intercept dasHost.png
     
  11. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,392
    Location:
    the Netherlands
    There have been more reports of that.
    September 4, Erik replied:
     
  12. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,054
    Location:
    Baden Germany
    @Victek :
    As a workaround you can try the following:
    Rename the three files to say .old

    I can't test it myself, because my win8.1 uses the default icon, not the TV-vendor specific icon,
    although there are three vendor specific files in the device icon folder
     
  13. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    HMP.A interferes with my DVDFab Passkey license. When I open DVDFab Passkey I see that my license has gone from "never expire" to "expired". When I manually re-enter the license, it says it is accepted and informs me the program must be restarted. Upon restart the license remains "expired". Shutting down the service and rebooting has no effect. However running in safe mode, or with HMP.A uninstalled, the license status says "never expire" and the program functions as intended.

    I excluded the executables but that seemed to have no effect. I'm not sure why this is happening, but it renders DVDFab Passkey useless. I'm using the latest beta.

    Suggestions?

    Meanwhile... corrupted downloads w/Chrome continue (even with Eagle downloader extension disabled).
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
    Does it only happen with Chrome?
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What other AVs are you running?
     
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,809
     
  17. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    Congrats on the Sophos Intercept X launch!
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    Its ok now somehow.
     
  19. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    The problem with sophos is that they simply don't market directly. It depends on how you look at it. The pricing is not available. You have to contact sales for everything. They then pass the lead to someone local in your area.

    Am not saying this is entirely bad. But then, its not entirely straightforward as one click purchase and done.

    Anyhow.. Congrats on getting your product out under the Sophos Brand!... hope to see it as part of the Sophos UTM too someday!
     
  20. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    When I tried to download from freegapps.com, I had the same problem with Pale Moon IIRC. Currently HMP.A is uninstalled as I need my DVDFab Passkey working today, so I can't reconfirm. I also recall (many pages ago) another user here experiencing corrupted downloads, FWIW.
     
  21. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    80
    Location:
    Kissimmee, FL
    Customer cannot print from word, excel, chrome, IE, wordpad, adobe reader until I turn off loadlib mitigation for each

    Two different Win 7 32 bit computers
    HMPA 3.5.2 558

    Mitigation LoadLib

    Platform 6.1.7601/x86 1f_04
    PID 4880
    Application C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    Description Microsoft Office Word 12


    Process Trace
    1 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE [4880]
    2 C:\Windows\explorer.exe [3376]
    3 C:\Windows\System32\userinit.exe [1576]



    Mitigation LoadLib

    Platform 6.1.7601/x86 1f_04
    PID 6780
    Application C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    Description Microsoft Office Excel 12


    Process Trace
    1 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [6780]
    2 C:\Windows\explorer.exe [3376]
    3 C:\Windows\System32\userinit.exe [1576]



    Mitigation LoadLib

    Platform 6.1.7601/x86 1f_04
    PID 5952
    Application C:\Program Files\Google\Chrome\Application\chrome.exe
    Description Google Chrome 52


    Process Trace
    1 C:\Program Files\Google\Chrome\Application\chrome.exe [5952]
    2 C:\Windows\explorer.exe [3376]
    3 C:\Windows\System32\userinit.exe [1576]
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.5.3 Build 561 BETA

    Changelog
    • Added CryptoGuard v4.5
    • Added more details to the LoadLib mitigation
    • Fixed Skype video not working with Intel® Quick Sync Video H.264 Encoder MFT
    • Several minor improvements
    Release Notes
    This BETA version uses drivers that have not yet passed through Windows 10 AU cross-signing yet; so if you run a fresh install of Windows 10 AU and have SecureBoot enabled, skip this BETA.

    Download
    http://test.hitmanpro.com/hmpalert3b561.exe

    Please let me know how this version runs on your computer :thumb:
     
    Last edited: Sep 17, 2016
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you try the BETA build 561 from this post?
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,559
    Location:
    Among the gum trees
    Secunia PSI 2 (protected by Alert) is still trying to verify internet connection, but that may be unrelated. Otherwise, so far so good.
     
  25. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    No problems at all (so far) with 561 beta
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.