HitmanPro.ALERT Support and Discussion Thread

I guess that you may have missed my subtle point, if you haven't been keeping up with their forum's recent problem reports. I wasn't actually comparing features ... just noting that by comparison at the moment, that HMPA is relatively stable

 

@max2,
Did you notice my last Friday's post, addressed to you?
Was that helpful in any way?

 

No, because coupon bar inserts itself unknowingly and performs ad insertion. If you deliberately install it, you can set it to be ignored always. Personally I use it as well, but set its service to manual, meaning that I start it before use, and stop it immediately afterwards.

 

Just a ProTip: using Win10x64 Insider Build Fast Ring, build 14986 and installed latest non-beta HMPA build 374, always reboot after install even though HMPA doesn't prompt.

All my browsers were "not responding" even with all protections disabled in HMPA before the reboot.

MBAM, an old favorite from 1.0, has been really unstable in its 3.x form sadly.

 

Hi @erikloman ,

I just got a BSOD plugging in a new wireless mouse and keyboard combo. Something about page fault in non-paged area I think. Anyway, I'm sending you the minidump via http://www.wetransfer.com/ in case Alert / BadUSB Protection is related.

Thanks,
Dave

Edit: Well I was going to but I don't have permission to open the file.

 

Obviously that's good to know if you're running Insider builds, but compatibility problems with OS betas is to be expected don't you think? By the way build 15002 has been released

 

Try to copy the .dmp-file to a directory where normal users have access to. Then try it again.

 

Thanks mood.

I did try sending it to a zipped file on my Desktop and couldn't do that either. I tried taking ownership of it but I couldn't get that to work. In the end I ran CCleaner and restarted, which means the .dmp is now deleted. I guess I could restore a backup and try to reproduce but I'm not really too keen for that.

 

I always copy these file with an elevated filemanager, this has always worked.
Especially for C:\Windows\Memory.dmp or .dmp-files located in C:\Windows\Minidump\

 

@erikloman
@markloman

Just wanted to let you know that Application Monitor in Kaspersky Endpoint Security categorizes HitmanPro and HitmanPro.Alert under Entertainment\Games
Maybe you want to contact them regarding this.

UPDATE: I have contacted Kaspersky support. Let's see what they can do.

 

I get this error when trying to use Sandboxie with Chrome from what I was able to google you have to disable mitigation's in HitmanPro.Alert to make it stop.

SBIE2203 Failed to communicate with Sandboxie Service: *GUIPROXY_00000001 - chrome.exe [FF000000]

I don't want to disable mitigations because I don't always run my browsers sandboxed has anyone found any other work around for this?

 

Open SB configuration /software compatibility, and remove Hitman Pro Alert from the list

 

That worked, thanks!

 

Good afternoon!
Samsung Kies uninstaller and Malwarebytes Anti-Malware uninstaller are caught by HMP.A build 574
Please advise.

Mitigation Anti-VM

Platform 10.0.10586/x64 v574 06_2a
PID 8500
Application C:\Users\User\AppData\Local\Temp\{78480EBA-5B66-4FD7-A0D6-9A3B792644BD}\setup.exe
Description Samsung Kies Installer 2.6.4

VMware
Process Trace
1 C:\Users\User\AppData\Local\Temp\{78480EBA-5B66-4FD7-A0D6-9A3B792644BD}\setup.exe [8500]
C:\Users\User\AppData\Local\Temp\{78480EBA-5B66-4FD7-A0D6-9A3B792644BD}\setup.exe /q"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" /tempdisk1folder"C:\Users\User\AppData\Local\Temp\{78480EBA
2 C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe [2200]
"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
3 C:\Program Files\CCleaner\CCleaner64.exe [7836]
"C:\Program Files\CCleaner\CCleaner.exe" /uac
4 C:\Program Files\CCleaner\CCleaner.exe [5176]
"C:\Program Files\CCleaner\CCleaner.exe" /uac
5 C:\Windows\System32\svchost.exe [1484]
C:\WINDOWS\system32\svchost.exe -k netsvcs

Thumbprint
1fce7edbf180ed72f50d12643292a827e1a01163d3a8b953c57faa6b57e7132b

...

Mitigation Lockdown

Platform 10.0.10586/x64 v574 06_2a
PID 8784
Application C:\hdd\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
Description Setup/Uninstall

Filename C:\Users\User\AppData\Local\Temp\_iu14D2N.tmp
Created By C:\hdd\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe

Command line:
"C:\Users\User\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\hdd\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" /FIRSTPHASEWND=$1DF02AA

Process Trace
1 C:\hdd\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe [8784]
2 C:\Program Files\CCleaner\CCleaner64.exe [7836]
"C:\Program Files\CCleaner\CCleaner.exe" /uac
3 C:\Program Files\CCleaner\CCleaner.exe [5176]
"C:\Program Files\CCleaner\CCleaner.exe" /uac
4 C:\Windows\System32\svchost.exe [1484]
C:\WINDOWS\system32\svchost.exe -k netsvcs

Thumbprint
97a29db8fdf9ef0651a9853bc81c2599ae7b4eebd38621891767439ec098333e​

 

Looking at the HMPA process trace reports, I wonder, did you run those uninstallers through CCleaner?
If so, could you try running those uninstallers the common way, not using CCleaner?
Does that make any difference, or do you get the same HMPA alerts, that way?

If not using CCleaner to run the uninstallers doesn't make a difference, then you could try if adding both uninstaller exe as exclusions in HMPA helps.
To exclude an executable from HMPA exploit mitigation:
open the HMPA user interface,
in settings, choose Advanced interface,
click the blue Exploit mitigation tile, and then Applications,
scroll to the right, and under Exclude, choose Add exclusion, navigate to the regarding application exe, and add it as exclusion.

 

The Samsung Kies installer is unsigned and querying whether it is running in a sandbox environment. That is triggering Anti-VM. If you want to get around this, please set Vaccination to Passive.

Have you added that CCleaner to be mitigated?

 

Thanks very much, Erik.
I tried to be of some help, but I forgot about Vaccination and I didn't think of the possibility that szepeviktor might have added CCleaner to mitigated applications.

 

Your help in this thread is very useful/valuable. Thank you!

 

In CCleaner you can uncheck the dump file cleanup. Memory dumps are under "System". I was always wondering where my .dmp files were going to, until I figured that out

It's probably a good idea to leave the Windows log files and Windows error reporting unchecked, too.

 

@erikloman Thank you for answer.
The link in your signature is broken : http://www.hitmanpro.com/beta - I know, Sophos...

I've uninstalled and reinstalled HMP.A
Now Malwarebyte uninstaller starts and stalls, it is unresponsive, no alerts. "Malwarebytes Anti-Malware\unins000.exe" was added to exceptions.

No, I haven't added CCleaner to mitigated applications, nor to exceptions.

*Actually unins000.exe creates a temp executable file and it uses 5% of my CPU.

 

The webbrowser window is not full-width.
See the screenshot.

 

That's normal.
On the left side you'll see your browsers, and on the right side you can see the options if you click on one of your browsers.

 

Thanks

 

Are you running the uninstall from Control Panel/Programs and Features/ or are you using the Ccleaner list of installed applications as a front-end to run it?