HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We have read the posts above related to MBAM v3 and thats why we came up with this solution.
     
  2. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    No problems so far.
     
  3. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    @erikloman,
    I'm sorry to report that build 582 does not resolve the issue that I reported January 24.

    On Windows 7 x64,
    with HMPA 3.6.3.582 RC1,
    when opening 3 .odt files (A,B,C), editing 2 (A,B), and not editing the third (C), and subsequently saving all 3 (A,B,C) .odt files in LibreOffice 5.2.5 x86,
    with saving the third, unedited, .odt file (C),
    CryptoGuard blocks C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
    See:
    Code:
    Mitigation   CryptoGuard
    
    Platform     6.1.7601/x64 v582 06_17*
    PID          4728
    Application  C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
    Description  LibreOffice 5.2.5
    
    Filename     C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
    
    D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\CCCCC.odt
    D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\BBBBB.odt
    D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\AAAAA.odt
    
    
    Process Trace
    1  C:\Program Files (x86)\LibreOffice 5\program\soffice.bin [4728]
    "C:\Program Files (x86)\LibreOffice 5\program\swriter.exe" "-o" "D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\AAAAA.odt" "--writer" "-env:OOO_CWD=2D:\\Users\\XXXXX\\Documents"
    2  C:\Program Files (x86)\LibreOffice 5\program\soffice.exe [4552]
    "C:\Program Files (x86)\LibreOffice 5\program\swriter.exe" -o "D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\AAAAA.odt" --writer
    3  C:\Program Files (x86)\LibreOffice 5\program\swriter.exe [2132]
    "C:\Program Files (x86)\LibreOffice 5\program\swriter.exe" -o "D:\Users\XXXXX\Documents\XXXXX\XXXXX\XXXXX\AAAAA.odt"
    4  C:\Windows\explorer.exe [5064]
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    5  C:\Windows\System32\svchost.exe [612]
    C:\Windows\system32\svchost.exe -k DcomLaunch
    6  C:\Windows\System32\services.exe [944]
    
    Thumbprint
    5f0c22a7037b6761aeca37a3ab1f7c71022dac687ee414bec2bea39c138a7b58
    
    N.B. Note that this is with LibreOffice version 5.2.5 x86 on Windows 7 x64.

    As I mentioned on January 26, this is a relevant issue.
    @erikloman,
    Is there any news to report regarding your investigation of this issue?

    Have you tested with LibreOffice x86 on Windows 7 x64?
    So far, in this thread, we've only seen tests with LibreOffice x64 on Windows x64.
     
    Last edited: Feb 3, 2017
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Nothing new to report yet. We are very much involved in pushing code updates into business products of Sophos. These are also in this build.
    I hope we can now get around finishing the investigation on this issue. I'll put some free time into this because I can't do much during office hours.

    This is the result of our efforts though:
    https://blogs.sophos.com/2017/02/01...-protection-platforms/?cmp=70130000001xIObAAM

    By the way, Mark is talking at RSAC this month:
    https://www.rsaconference.com/event...al-Syndicates-Use-Exploits-to-Bypass-Security
     
    Last edited: Feb 3, 2017
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    I can imagine.
    Great that you'll put some free time into this. Thank you very much. :thumb:
    Let me know if you need me to test something.

    Great stuff.
     
  6. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64 Professional:
    Installed HMP.alert build 582 over build 580 without any issues, running fine!
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,852
    Build is running fine so far.
    Especially MBAM-users will be happy with this release:
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    What Pete said.

    Thank you Erik and your amazing team. I may even revisit MB 3.0 now.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Latest Beta 582 working real fine here. Win 7 x64 Pro
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    Runs great on my non Secure Boot machine along side MB 3.0.6. Very Nice work, guys! :thumb:

    Excited to try the new build with Microsoft co-signed drivers when available on my other machines.
     
  11. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Installed and performing nicely on:
    Windows 10 Pro x64 ;)
    Thanks Mr. Loman
     
  12. ZeroVulnLabs

    ZeroVulnLabs Developer (aka "pbust")

    Joined:
    Mar 5, 2012
    Posts:
    1,189
    Location:
    USA
    This is a nice solution. Thanks Erik, Mark and team!
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    ETA for the co-signed driver version?
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,029
    No problems upgrading build 582 RC1.

    Win10 1607 build 14393.726 x64/Norton Security v22.8.1.14
     
  15. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Upgraded to 582 from 580 three hours and two reboots ago.
    Working well.
    Win 10 64 F-secure Appguard
     
  16. Novastar 3d

    Novastar 3d Registered Member

    Joined:
    May 3, 2009
    Posts:
    65
    Build 582 RC1 working great now. Think I figured out which profile to run some poker clients under that doesn't cause hiccups.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,852
    Will we see this feature in a coming version? Or was the implementation of this feature "cancelled"
     
  18. Alkajak

    Alkajak Registered Member

    Joined:
    Mar 6, 2016
    Posts:
    125
    Upgraded from previous beta. 24 hours no issues.
     
  19. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    It should not be locked.
    go into services and restart the HMP.A service
    and see if those go away ;)
    HMPA_SS.png
     
  20. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    The "locked" setting was only seen in HMPA 3.5.1 Build 548 beta.
    And because Erik replied "you found a new feature that should not be seen yet", mood informed what is the current status of that 'feature'.
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,852
    Correct :)
     
  22. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    Thanks for clarifying Stupendous ;)
    My reply was only an attempt to help him not see them, not an explaination
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The Locked feature is for Sophos product where you cannot modify the settings locally. But you also see Locked when the service is not running.
    Since 582 we now show a message box instead when the service isn't running, listing brief instructions on how to to fix this.
     
  24. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    I understand. I replied to clarify that mood wasn't trying to fix an issue, but to ask for information about the status of the feature.

    Ah, that is great. Before, there was the complaint that some users found the service wasn't running, and there was no warning.
    The message box when the service isn't running, is that a pop-up, from the Windows system tray or otherwise? That would be good. Or is that message box only to be seen when one happens to open the HMPA GUI? That would still be not very good, as the issue will be missed if not opening the HMPA GUI.
     
  25. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    200
    Hi.
    They have to improve zemana antilogger compatibility.
    Greetings.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.