HitmanPro.ALERT Support and Discussion Thread

Originally CCleaner, now Win10 control panel.

 

Thinking about cloning my HDD to an SSD. Will hmp.a work or will I need to have license updated?

 

Your license is tied to the hardware and it can happen that HMP.A is showing "your license is not valid anymore" after you have exchanged your HDD with an SSD.
If your license is invalid, write to the support or send a PM to @erikloman

 

Thanks for replying mood. Yes, that was my concern. However, when I removed HDD and installed cloned Samsung SSD drive, hmp.a seems to function as before.

 

@erikloman i tried to encrypt some documents with Kruptos 2 Professional but HitmanPro.Alert blocks it when only 2 or 3 files are done

Spoiler

Mitigation CryptoGuard

Platform 10.0.14393/x64 v574 06_3f
PID 9248
Application C:\Windows\explorer.exe
Description Windows Verkenner 10

Filename C:\Windows\explorer.exe

C:\Users\Stef\Desktop\Nieuwe map\banded nissan.docx
C:\Users\Stef\Desktop\Nieuwe map\AANKOOP PELLETS.xlsx
C:\Users\Stef\Desktop\Nieuwe map\60 jaar getr.docx


Process Trace
1 C:\Windows\explorer.exe [9248]
explorer.exe
2 C:\Windows\System32\winlogon.exe [7704]
C:\Windows\System32\WinLogon.exe -SpecialSession
3 C:\Windows\System32\smss.exe [6272]
\SystemRoot\System32\smss.exe 000000bc 0000007c C:\Windows\System32\WinLogon.exe -SpecialSession
4 C:\Windows\System32\smss.exe [640]
\SystemRoot\System32\smss.exe
5 [4]

Thumbprint
20f00333e19359ac81a0ac9dd49f7dd31533f3379a6e57f78bada98b0b7c64cf

 

That is the CryptoGuard feature doing its' job. You need to disable CryptoGuard before using your encrypting software, and then re-enable it when you're done

 

I have 25MB of "stuff" in the Cryptoguard folder - will this folder be cleaned or emptied automatically at some point in the future ?

I don`t know what the content of this folder is, I don`t encrypt anything and to my knowledge have had no alerts.

 

FYI: I have found that it stops the error but also stops Hitman pro alert from functioning in the sandbox, no green box indicating encrypting while typing for example.

If I enable software Hitman pro alert comparability then just hide the error message hitman pro alert functions normally, for now I wil live with the error message.

 

The Cryptoguard folder is part of the CryptoGuard feature. It can happen that files are placed in this folder even if you had no alerts.
If this is the case and you see leftovers, you can clean the folder from time to time.

 

Thanks Mood, I`ll just add the folder to CCleaner for an occasional clear out.

 

Just installed an old game on Steam but I'm not able to run it, i keep getting the below, any ideas please?

 

It seems that Steam is guarded (Mitigation Lockdown). Try to disable "Application Lockdown" for Steam.
Edit: Steam dropped dxwebsetup.exe to the temporary directory and wanted to execute it. This was prevented from HMP.A (Application Lockdown)

 

Nothing can run from temp without "admin priv" so i guess that doesn't help i cheated anyway and disabled HMPA while i played it .

 

HMP.A "Quickie" by cruelsister...
https://youtu.be/mDQXK9U_8aE

 

According to the Process Trace (#2), the service of Steam executed a script "runasadmin.vdf", so with a high probability it tried to execute the file dxwebsetup.exe with admin rights in the next step.
However, you already found a solution, problem solved . But don't forget to enable HMP.A after playing

 

HitmanPro.Alert 3.6.3 Build 578 BETA

Changelog (compared to 574)

• Improved compatibility with third-party applications trying to modify our DLL in-memory
• Improved compatibility with Turbo.net (or Spoon.net) applications
• Improved Self Protection
• Improved ROP exploit mitigation
• Improved CryptoGuard
• Added tamper protection to CryptoGuard minifilter
• Added Hangul Word Processor to Software Radar
• Fixed rare crash in Firefox caused by misaligned stack
• Fixed compatibility with Trusteer Rapport on 32-bit browsers
• Updated Network Filtering component
• Updated Libpng library to latest version
• Updated sqlite3 library to latest version

Known Issues
Overwatch still cannot start with this build. Please add Overwatch.exe to Exclude category in order to start Overwatch. We are still investigating.

Notes
This build is co-signed by Microsoft and is therefore suitable on Windows 10 with Secure Boot enabled.

Download
http://test.hitmanpro.com/hmpalert3b578.exe

Please let me know how this build runs on your computer

 

@erikloman Does this Beta solve the loss of files as illustrated by the latest 'quickie' test by Cruel Sister?

 

The driver hmpnet.sys is not co-signed by Microsoft.

 

Oh crap. Thanks! Will solve it tomorrow.

 

Perhaps, we did make a few changes in CryptoGuard related to correlation ...
While useful to some extend, the "quickie" test does not show how the samples get dropped on the system. The test merely tests a fraction of Alert's capabilities to prevent a system getting ransomed. CryptoGuard is the last line of defense. Exploit mitigations and Application Lockdown are earlier in an attack chain.

 

I upgraded over 574 and after reboot 578 is running without issues (I have secure boot turned off)

 

Is the beta build you posted co-signed or not? Time of the edit tells me you haven't yet. I'm just making sure.

 

No, it's not.
Expect a new build number, today.
Be patient....

 

Thanks!
He should have at least edited the post. But no harm done, as I read the later posts prior to the complete download of the installer.