HitmanPro.ALERT Support and Discussion Thread

Really?! Did you enable Ransomware Protection as well?

- Dave

 

I have been a member of the Virtualbox forums for a while, and there has been a long running thread since Oracle began enforcing hardening. Various AV's and Malwarebytes have triggered this bug. This has at times caused issues with corrupted Windows host certificates database. In my previous experiences, just uninstalling the offending application and rebooting resolved the issue. What is concerning about the latest problem is that I had to roll back Windows as well

Virtualbox checks to see if the program that wants to inject into Virtualbox is signed with an authenticity certificate. If it's not, Virtualbox won't start.

 

As soon as I enabled Exploit Protection Firefox stopped responding on this machine. I won't run both together again!

 

I am surprised

 

i don't bump into such behaviour (host: 10 x64 AU)

 

Sooner or later there could be some problems (performance loss, not responding PC, ...)
The developers do not "recommended" running both at the same time and HMP.A already covers the functionality of MBAE (the same goes for the Anti-Exploit component of MBAM 3)

 

The recommendation is to not run more than one anti-exploit tool at a time. Currently when MBAM v3.0 is installed all protections are enabled, so the anti-exploit component has to be turned off manually. Also when any of the protection components are off MBAM shows a warning and nags with a pop-up from the tray icon. MalwareBytes has acknowledged the issue and implied that there would be solution in a future build, possibly the ability to detect HMPA and turn off anti-exploit automatically.

 

I see in your signature that you are running HitmanProAlert 3.5. I had no issues with either that version, or with 3.6.0 that I am currently running. It was only the upgrade to the latest release 3.6.1 Build 574 that caused the conflict with VirtualBox. It required a complete HMPA uninstall, plus a Windows system restore to resolve.

On Windows 10 Pro x64 version 1511 (OS Build 10586.679)

 

fixed

ok

By

 

So, are you running 3.6.0 or 3.6.1

My problem is temporarily fixed by rolling back to 3.6.0. But I will be stuck here and cannot update further until I know what is going on.

 

the latest (3.6.1 574), OS_14393.576

 

What version of VirtualBox are you running?

I'm still on Vbox 5.1.6, but I see that they have an update available. This issue typically is not caused by VirtualBox, but due to hardening, it just refuses to run if it thinks any DLLs are unsecure. That is usually caused by a 3rd party security software.

 

for each software installed on my system, always the latest stable release (VBOX: 5.1.10 r112026)

 

I can only guess now that the biggest difference is with our host Windows 10 versions. I see that you are running the 2016 Anniversary Update, while I am still sitting on the fully patched and supported fall update from 2015. I saw recently that the Windows 10 AU version 1607 has now reached CBB (Current Branch for Business) status, so as soon as I have the time I am planning to upgrade to AU. Will test HMPA again after that. Thanks for the info!

 

this is exactly the reason why a user should always specify the exact branch of the OS before to report a bug (or issue) here:
10, infact, is connected to a lot of degree of change each with is own peculiarity (IMO ...and sorry for my poor english)

 

Updated my sig with my Windows 10 version. But this does bring up the possibility that HMPA is only being tested for compatibility on the latest public Windows 10 build.

Microsoft will keep supporting the most current 3 releases of Windows 10, for all editions. Business (Enterprise) users are not likely to upgrade to any rolling release of Windows 10 until it reaches CBB status. So they will remain one release behind the Home and Pro users that are running the latest public release. I prefer to remain one release back, for stability reasons.

Here are the versions of Windows 10 to date:

• 1507 -- the original version of Windows 10, codenamed Threshold 1, OS build 10240
• 1511 -- the "Fall Update" later renamed "November Update," codenamed Threshold 2, OS build 10586
• 1607 -- the "Anniversary Update," codenamed Redstone 1, OS build 14393

And the widely expected (and already named, internally):

• 1703 -- the "Creators Update," codenamed Redstone 2, OS build not yet determined

CBB Promotions:

• Version 1507, released July 29, 2015, was immediately declared Current Branch for Business, as the first of its kind.
• Version 1511 released Nov. 12, 2015, was promoted to CBB on April 8, 2016. It spent 148 days in consumer-level testing.
• Version 1607 released Aug. 2, 2016, promoted to CBB on Nov. 29, 2016. It took 119 days before reaching the higher level.

 

Hello everyone.

I'm using a licensed copy of HitmanPro.Alert (version 3.6.1 build 574).

I noticed that suspicious files are automatically uploaded for analysis when I use the "Scan computer" option from the application's front page. How can I prevent this automatic upload from happening?

Thanks for you time,

JDB

 

Install HitmanPro. Since you have a HMP.A license, then HitmanPro should activate with the same license.
Go to settings, and you can uncheck the "automatically upload unknown files to the scan cloud" option.
https://i.imgur.com/TgkqorD.png

 

I don't have MBA3 installed, but i tried all tests and it was successfull (HMPA test tool v1.9.2.26)
In your case, if it failed in some tests then HMP.A is "not protecting" you 100%
Try to run the test-tool again after you have disabled the Anti-Exploit component of MBA3 completely.
If you see no improvement (failing tests), deinstall MBA3 and do another test.
Edit: A little misunderstanding from my side. HMP.A is working 100%, but MBAE was failing:

 

Thanks, Azure Phoenix. I did that and it worked. Goodnight.

 

Makes sense. Since the Sophos report did indicate that MBAE didn't have the same amount of mitigations as Sophos Intercept X/ HitmanPro.Alert.

 

I have the latest beta version of hmpa installed on my win 10 (patched to date) and the the upload of firefox.exe 50.01 keeps failing. Any idea why. Or anyone else having uploads failing. This has only happened in the last few weeks.