HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    845
    Same here.

    Win10 1607 build 14393.187 x64/Norton Security v22.7.1.32
     
  2. numen

    numen Registered Member

    Joined:
    Jul 31, 2016
    Posts:
    10
    Location:
    Europe
    Thanks Erik! All fine here except for corrupted downloads in Opera with Avira Web Protection on (as has been the case with all builds from 3.5 branch). Since there have been some more reports now on corrupted downloads, I hope you will be able to get to the bottom of the issue :)
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Avira net filter and HMPA do not seem to work together. We have posted this to our supplier of the netfilter. Hopefully a fix will be forthcoming.
     
  4. numen

    numen Registered Member

    Joined:
    Jul 31, 2016
    Posts:
    10
    Location:
    Europe
    Thanks Erik for acknowledging the issue. Fingers crossed on the fix for this!
     
  5. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    490
    Location:
    italy
    to counteract New Locky – Zepto Variant? (2)
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,448
    Location:
    .
    3.5.3 build 561
    KeePass master password window = No keystroke encryption bar
    Firefox master password window = Yes keystroke encryption bar
    Enpass master password window = Yes keystroke encryption bar

    any plans for Tamper Protection
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    CryptoGuard v4.5 improves detection for ransomware doing partial encryption.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,085
    Could it help in that case to exclude opera.exe from the netfilter of HMP.A? (as a temporary fix) :cautious:
    Code:
    There is a registry key to disable monitoring per-port, per-IP or per-processname:
    
    HKLM\Software\HitmanPro.Alert\
    NetFilterExclude  REG_MULTI_SZ  opera.exe   // do not filter ProcessName opera.exe
    
    If you make changes you have to restart the HitmanPro.Alert service so that it reads the new excludes.
    
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,685
    Location:
    The Netherlands
  10. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    76
    Location:
    Long Beach, WA
    The computers are at a business I support. The next available date I can try the beta there is Friday Sept 23. I will try it then if the testing is still needed
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Erik

    I have the new beta on my two win 7 x64 Pro desktops. Looks good so far.

    Pete
     
  12. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    441
    Location:
    England
    "There is a registry key to disable monitoring per-port, per-IP or per-processname:"


    This appears not to work here - can anyone confirm that it is actually working, in any case ?
     
  13. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,162
    Location:
    the Netherlands
    One minor glitch on my Windows 7 x64:
    With HMP.A setting "Safety notification Once per logon session", after updating 3.5.2.558 to 3.5.3.561 beta, there was no safety notification when opening a protected application.
    After another reboot, I got the safety notification when opening the first protected application, as meant to.
     
    Last edited: Sep 17, 2016
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,162
    Location:
    the Netherlands
    Do you mean you added PSI 2 to HMP.A's protected applications?
    What is the reason for adding PSI 2 to Alerts protected applications?

    With PSI 2 not added to HMP.A's protected applications, no issues with PSI 2 and HMP.A 3.5.3.561 beta, on my Windows 7 x64.
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,267
    Location:
    USA
    So far no problems here Windows 7 x64.
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,741
    Location:
    Among the gum trees
    Yes
    I don't know, really. I have only manually added two programs to Alert, the other being Windows Live Mail. Ever since I've been using Alert with exploit protection PSI 2 has been protected by Alert and I have had no problems.
    No problem here now so it may of been a temporary glitch. PSI is well known to have server issues from time to time.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,085
    I tested it with "per-processname", and it's working. But i haven't tested the other option.
     
  18. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,162
    Location:
    the Netherlands
    @Krusty13, #11549,

    If PSI 2 has been protected by Alert ever since you've been using Alert and you had no problems, and there's no problem now, yes, then probably it was a temporary PSI 2 glitch. You're right that PSI is known to have server issues from time to time, I've seen it a couple of times, over the years.
    Good to know it wasn't a HMP.A issue.

    And for adding PSI 2 to Alert's protected applications without a good reason for that, well, if it doesn't cause any issues then it's probably fine. But still, I think best practice would be not to add applications to Alert's protected applications without good reason, as Erik and/or Mark have mentioned.
     
  19. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Problem with Bitdefender's Active Threat Control still remains... See this post.

    Problem with slow loading of TP-Link router interface still remains... See this post.

    Very sad to see that the problem with the TP-Link router exists for more then 6 months now! While the Bitdefender bug exists for about 2 months now! How is that for problem solving! :thumbd:

    Uninstalling HMPA... again!
     
    Last edited: Sep 18, 2016
  20. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    No problems here with 561 beta. Win 10 Pro 64(1607), Kaspersky AV, Chrome 64-bit
     
  21. plat1098

    plat1098 Guest

    Build 558 b. on Windows 10 v. 1607, no issues because DEP mitigations are disabled. :cautious:
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Those are being worked on. Fixes on these are not yet complete so they did not make it in this build. Maybe the next one or the builds after that. For TP Link we need a fix from our netfilter supplier.
     
  23. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    How do I change the location of (or resize) the orange encrypted text block? On the latest Chrome Hangouts extension, it visually masks the text I am typing and makes editing cumbersome.
     
  24. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    OK... my bad here... I had overlooked an executable that was tucked away in a subdirectory. Found it when browsing Event Viewer. Added that to exclusions and licensing is now happy.

    That said, I'm not sure I understand the "code injection" and how that involved my security software.

    Code:
    Mitigation   SelfProtection
    
    Platform     6.3.9600/x64 06_3a
    PID          6584
    Application  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyBluray.exe
    Description  DVDFab is the all-in-one software package for copying Blu-ray/DVD and converting video file. 1.0
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  02560000 (anonymous; DVDFabPasskeyBluRay.exe)
                6800005602               PUSH         DWORD 0x2560000
                68412f4500               PUSH         DWORD 0x452f41
                6814e50102               PUSH         DWORD 0x201e514
                e870bbeffd               CALL         0x45bb84
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
    
    2  02550000 (anonymous; DVDFabPasskeyBluRay.exe)
    3  02540000 (anonymous; DVDFabPasskeyBluRay.exe)
    4  0044C8AC DVDFabPasskeyBluRay.exe
    
    Code Injection
    00190000-001A0000   64KB C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE [3820]
    00400000-00401000    4KB
    
    Process Trace
    1  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyBluRay.exe [6584]
    2  D:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe [6644]
    
    
    Code:
    Mitigation   SelfProtection
    
    Platform     6.3.9600/x64 06_3a
    PID          3512
    Application  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyDVD.exe
    Description  DVDFab is the all-in-one software package for copying Blu-ray/DVD and converting video file. 1.0
    
    Stack Trace
    #  Address  Module                   Location
    -- -------- ------------------------ ----------------------------------------
    1  02560000 (anonymous; DVDFabPasskeyDVD.exe)
                6800005602               PUSH         DWORD 0x2560000
                68412f4500               PUSH         DWORD 0x452f41
                68d0e27300               PUSH         DWORD 0x73e2d0
                e870bbeffd               CALL         0x45bb84
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
                0000                     ADD          [EAX], AL
    
    2  02550000 (anonymous; DVDFabPasskeyDVD.exe)
    3  02540000 (anonymous; DVDFabPasskeyDVD.exe)
    4  0044C8AC DVDFabPasskeyDVD.exe
    
    Code Injection
    00190000-001A0000   64KB C:\Program Files (x86)\Charter Security Suite\apps\ComputerSecurity\Common\FSHDLL64.EXE [3820]
    00400000-00401000    4KB
    
    Process Trace
    1  D:\Program Files (x86)\DVDFab Passkey\Options\DVDFabPasskeyDVD.exe [3512]
    2  D:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe [6644]
    
     
    Last edited: Sep 18, 2016
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    29,085
    You can't change the location but you can hide it.
    Go to "Safety Notification", then "Colored Window Border", and untick "Show live Keystroke Encryption in colored window border"
    HMPA_keystroke-encryption.jpg
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.