HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Disabling the SSL/TLS filtering in Avira will greatly improve performance and compatibility.
     
  2. plat1098

    plat1098 Guest

    mood:

    Thank you for checking.
     
  3. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    148
  4. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    When making a HitmanPro Kickstart USB-stick I receive the following error:
    Code:
    Mitigation   WipeGuard
    
    Platform     10.0.14393/x64 06_5e
    PID          9860
    Application  C:\Program Files\HitmanPro\HitmanPro.exe
    Description  HitmanPro 3.7.14
    
    Master Boot Record (MBR)
    
    Process Trace
    1  C:\Program Files\HitmanPro\HitmanPro.exe [9860]
    2  C:\Windows\explorer.exe [10000]
    3  C:\Windows\System32\userinit.exe [10752]
    4  C:\Windows\System32\winlogon.exe [5244]
    C:\WINDOWS\System32\WinLogon.exe -SpecialSession
    5  C:\Windows\System32\smss.exe [6360]
    \SystemRoot\System32\smss.exe 000000ec 0000007c C:\WINDOWS\System32\WinLogon.exe -SpecialSession
    Even with the HitmanPro Alert service off I get this error:
    upload_2016-10-3_23-22-17.png

    Hopefully you guys can help me out. Thanks!
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    You need to temporarily disable HMP.A's Master Boot Record protection.
    To do so, open the HMP.A user interface,
    in settings, choose Advanced interface,
    click the orange Risk reduction tile, and then CryptoGuard,
    and then (temporarily) disable Master Boot Record (MBR) protection (uncheck bottom check box).
    After that, you can create your Kickstart USB-stick.
    Please let us know if that helps.
    N.B.
    After you are done, please re-enable HMP.A's Master Boot Record protection.
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,652
    WipeGuard prevented you from making an USB-Stick (modifying the MBR).
    To disable it temporarily, go to "Risk Reduction" - "CryptoGuard" - and untick the option: "Master Boot Record (MBR) Protects disk data structure"
    After you're done with making an USB-stick, you should re-enable the option.
    Edit: Oh, i was some seconds too late.. ;) (See the post above me)
     
  7. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    899
    Location:
    Baden Germany
    This is expected behavior, as the KickStart builder will wipe the USB drive, reformat it and write a boot record.

    To build a KickStart USB drive, disable CryptoGuard, and MBR protection, under the orange title.
    Don't forget to turn it back on afterwards.

    Ups, I was 6min. to late
     
  8. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    Already tried that the first time but forgot to mention it. Now tested it for the second time but unfortunately I receive the same error.
    Also turning off the Crypto option as a whole doesn't work. Reboot after change?
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    We're quite a helpful bunch.
    I think it's great.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Oops, so that didn't turn out to be helpful at all, I'm sorry.
    In that case, I'm not sure what you need to prevent that error.
    I hope someone else knows, or otherwise Erik can tell you, I suppose.
    Good luck.
     
  11. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    899
    Location:
    Baden Germany
    With both CryptoGuard and MBR protection disabled:
    Reboot, format your usb drive, build KickStart device.

    Just tested myself, it worked.
     
  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Thanks, Hiltihome.

    I thought that disabling CryptoGuard would also disable MBR protection, but now I notice that it doesn't. To disable both CryptoGuard and MBR protection, MBR protection needs to be unticked separately. Good to know.

    By the way, have you tested whether disabling both CryptoGuard and MBR protection without rebooting would help?
     
  13. lawdude

    lawdude Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    38
    Installed 564. This evening Privazer would not open. Uninstalled 564 and reinstalled 562. Privazer works again.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Do you get an error or an alert?
     
  15. lawdude

    lawdude Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    38
    Both. Closed everything out. Tried to open Privazer and got an error. Uninstalled and reinstalled Privazer. Error again. Uninstalled 564 and reinstalled 562 and Privazer opened right up. Sorry, I didn't do much to figure it out other than reinstall 562
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    When you open the HMP.A user interface, and click "Number of alerts", or "Last alert", that will open Windows Event Viewer.
    This takes a moment as a HMP.A module is added to Event Viewer.
    In the HitmanPro.Alert Events section, information can be seen regarding HMP.A events.
    Is there an entry regarding the mentioned HMP.A and Privazer event to be found?
    If so, please select the text, use Ctrl+C to copy the selected text, and past it in your next reply. That information can be helpful to Erik to find out what was the issue with HMP.A and Privazer.
     
  17. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    Weird, still receiving the #50 partition error
    Also tried another USB-drive same issue. Maybe a re-install of HMP then.
    Thanks for testing :)
     
  18. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    300
    Location:
    Netherlands
    EDIT:
    Running W7-x64 with hmp.alert build 564/565 and PrivaZer v3.09/v3.10 without issues on 2 laptops.
     
    Last edited: Oct 5, 2016
  19. jaan michiels

    jaan michiels Registered Member

    Joined:
    Sep 28, 2016
    Posts:
    3
    Location:
    Belgium
    I know this feature to exclude app which works mostly but it doesn't helped for forza horizon 3 (game) because it give error message: No permission access to the file. I know that Forza horzion is encrypted folder which is new way to secure the game. It's released in Windows store.
    If I disable the exploit, mitigation protection, it doesn't even help.
    Only way to help is uninstall Hitman Pro Alert.

    I hope it will be quickly solved.


     
  20. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    I'm sorry that adding it as an exclusion in HMP.A is no option for Forza Horizon 3.
    I hope Erik and Mark will notice your post, and will investigate your issue.
    Earlier, they even purchased a certain game, to investigate an issue. :)
     
  21. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    I wonder what the exclusion function actually does, because in many cases it doesn't solve anything, the same with disabling options in HMPA. My thought is that when you exclude or disable something that HMPA shouldn't touch it, but instead it keeps interfering with some stuff. I never really got a straight answer about this, but then again... that seems to be normal...
     
  22. lawdude

    lawdude Registered Member

    Joined:
    Sep 20, 2015
    Posts:
    38
    OK thanks Stupendous Man:

    Log Name: Application
    Source: HitmanPro.Alert
    Date: 10/4/2016 2:18:47 AM
    Event ID: 911
    Task Category: Mitigation
    Level: Information
    Keywords: Classic
    User: N/A
    Computer:
    Description:
    Auto-unblock C:\Program Files (x86)\PrivaZer\PrivaZer.exe
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>4</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-04T06:18:47.903069800Z" />
    <EventRecordID>35248</EventRecordID>
    <Channel>Application</Channel>
    <Computer></Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Program Files (x86)\PrivaZer\PrivaZer.exe</Data>
    <Data>CryptoGuard</Data>
    <Data>Auto-unblock C:\Program Files (x86)\PrivaZer\PrivaZer.exe</Data>
    </EventData>
    </Event>
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,652
    Not even the user has access to the game-executable :eek:. This leads to the problem that it can't be added to HMP.A.
    They may have to add an workout, that executables can be added without actual (read-)access of the file. :cautious:

    This can be reproduced.
    If you "EFS-encrypt" a file for the actual user, it can be added to HMP.A.
    But if it's encrypted for a different user, HMP.A doesn't want to add it: "No permission"
     
  24. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    899
    Location:
    Baden Germany
    A reboot is required, to make both changes take effect.
    Did you follow exactly the steps, I described in post#11769?

    If so, what other security software are you running?

    Anyway, KickStart is obsolete, and not worth further effort...
    It was useful in the days of WIN-XP, and police-style-ransomeware.
     
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Thanks very much, Hiltihome.
    I never would have thought a reboot would be required.
    When SurfRight manages to provide a detailed user guide one day, info like that would be very welcome in such guide.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.