HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    618
    Location:
    Far East
    Hi

    I too have hmpalert.sys 3.6.0.571 for my HMPA 3.6.1.574

    However, its hmpalert.dll in C:\Windows\System32 is 3.6.1.574

    I guess all are in order, right?
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Thanks very much for confirming hmpalert.sys version 3.6.0.571, mood and NiteRanger.
    If hmpalert.sys version 3.6.0.571 is the right version for HMPA 3.6.1.574, then I hope that Erik may have another idea about why on Libraman's system build 574 causes BSOD's when a USB stick is inserted.
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    860
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We have enabled the automatic updater so that everybody is updated to build 574.
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I think this is correct.

    Do you have any files in C:\Windows\Minidump\ folder? If so, can you send them to me (erik[at]surfright.com) via www.wetransfer.com?
     
  6. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    erik i am asking again politely on the uplay issue, I dont know why you avoiding to comment on it.
     
  7. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    That's one of the reasons I stopped posting in this thread. Problems drag on for months without any comments that are of use. That's also the reason I don't have HMPA installed anymore.
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Just to be sure, are you referring to your last week's post?
    You wrote:
    Doesn't that solve the uplay issue?
    However, I understand that you would like Erik's answers to your other last week's questions.
     
  9. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    Stupendous not really, the issue is they silently failed with no alert from HMPA.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    OK, I understand.
    I've seen that with an earlier HMPA build, while using Eraser to wipe a few documents (setting: British HMG IS5, all 0s, 1 pass).
    CryptoGuard blocked that and Eraser hang, without any HMPA alert.
    That is a flaw, and I am sure that Erik and Mark do everything they can to try to fix such flaws, if possible. But Erik and Mark are very busy, they do not reply to each forum post.
    I hope they noticed your posts, and that they try to fix the issue, if possible.
    Regarding uplay, am I correct to understand that you can use it now, now that you added all ubisoft launcher binaries to the exclusion list?
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,355
    Location:
    Outer space
  12. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    yes works fine when manually excluded.

    I expect I wont hear anything then suddenly they will announce its fixed, however I dont think thats the way to make announcements, it is better to say they acknowledge the problem and they working on it.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,023
    Location:
    USA
    Is the Ubisoft launcher added to HMPA protection automatically?
     
  14. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    no it doesnt get added
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,023
    Location:
    USA
    OK; I guess it doesn't like having the HMPA dll injected. If excluding the program works that seems a valid solution. What do you think?
     
  16. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    so the answer is because no protections were applied there was no alert.

    The app just freaks out been injected.

    Seems it needs some kind of automated exclusion, given its a gaming tool it wouldnt surprise me if this was deliberate anti tamper behaviour from ubisoft.
     
  17. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    You may be right regarding anti tamper behavior from ubisoft.

    September 7, Erik wrote:
    Earlier, August 4, Mark wrote:
     
  18. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
    574 works quite well here. 3D Mark's launching is still very slow though. (Probably because of Java.)
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,790
    Location:
    The Netherlands
    What malware would have been installed? Was it really running completely in-memory?
     
  20. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    I have also looked at the exploit code and the techniques that it uses should also be blocked by other exploit mitigation tools like EMET and MBAE.
     
  21. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    The shellcode would only make a single HTTP request to leak the real identity of the Tor user, that's all.
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,443
    Location:
    USA
    Thank you for the good, smooth upgrade on two W7x64 machines.
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Correct.

    We are working on improving compatibility with these applications.
     
  24. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    923
    Location:
    UK
    I updated to build 574 on my laptop and the entire exclude list has been wiped/depopulated. :(
     
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,171
    Location:
    the Netherlands
    Was that an automatic update, or a manual update?
    In case of a manual update, did you install build 574 over the previous installation, or did you uninstall the previous build?
    Have you tried if an extra reboot fixes the issue?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.