HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    199
    Location:
    Canada
    I'm running an older machine with and older BIOS (pre-secure boot).
     
  2. mrhex1

    mrhex1 Registered Member

    Joined:
    Jul 2, 2016
    Posts:
    19
    Location:
    Timbuktu
    Hi Erik, Mark, & everyone else.

    For a few weeks now I have not been able to get the TOR browser bundle to run on my computer. The TBB will start momentarily with HMPA showing the browser as protected. I have been able to reproduce this on both my desktop & my laptop. Surprisingly, when I run Windows 10 in a virtualbox, TOR browser won't crash.

    My laptop is running Windows 10 Professional (x64) Version 1607 (build 14393.693), with HMPA build 571. I did have 582 loaded before I realized that I couldn't load it because of non-signed HMPA drivers. I have Kaspersky AV 17.0.0.611(c) loaded as well. The desktop is running Windows 10 Professional (x64) Version 1607 (build 14393.693), with Kaspersky AV 17.0.0.611(c), MBAM 2.2.1.1043, & HMPA build 580 beta.

    Upon looking at my Application log in event viewer, this is shown:

    Code:
    Faulting application name: firefox.exe, version: 45.7.0.6241, time stamp: 0x00000000
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00870024
    Faulting process id: 0x14ac
    Faulting application start time: 0x01d281d327cbfac3
    Faulting application path: C:\Users\mrhex1\Desktop\Tor Browser3\Browser\firefox.exe
    Faulting module path: unknown
    Report Id: c75297f8-ad24-4c3b-ae54-89fa2e7aaa0c
    Faulting package full name:
    Faulting package-relative application ID: 
    &

    Code:
    Faulting application name: firefox.exe, version: 45.7.0.6241, time stamp: 0x00000000
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00810024
    Faulting process id: 0x18e4
    Faulting application start time: 0x01d281dc8b1e5b1e
    Faulting application path: C:\Users\mrhex1\Desktop\Tor Browser hardened\Browser\firefox.exe
    Faulting module path: unknown
    Report Id: 956a1753-ebc0-4f94-be92-939dcead4392
    Faulting package full name:
    Faulting package-relative application ID: 
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    I just had the latest version of Avast quarantine Build 582 so I restored it and added it to global exclusions but after a restart Alert refused to start. When I opened Alert from the Start menu it showed as [Locked]. I uninstalled / reinstalled 582 and it seems to be working again now but that is the first time I've ever seen [Locked].

    I've submitted the file as a false positive to Avast so hopefully it won't affect too many once they whitelist HMP.A.
     
  4. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    It will go into "Locked" mode when the service is stopped, all you have to do in the future is go into services.msc and restart the HMPA service and the locked state will go away.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    Oh, that's good to know. I'll try and remember that for next time.

    Thanks, Cyber Ghost. :thumb:
     
  6. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    No worries ;)
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    Did you see a "message box" or something similar?
    If the service is not running this should happen:
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    No. HMP.A just didn't start, no tray icon. When I started Alert from the start menu the GUI looked odd and none of the protected applications showed up. Along the top where it shows the build number it had [Locked].
     
  9. _CyberGhosT_

    _CyberGhosT_ Registered Member

    Joined:
    Mar 2, 2015
    Posts:
    457
    Location:
    MalwareTips "Your Security Advisor"
    I have had this happen a few times, and never noticed a message box, try it.
    open Services and stop the HMPA service, now in the taskbar go open the GUI, it will be locked.
    Now close the gui but leave it in the taskbar, go restart the service and open up
    the GUI and with the service running it is now not locked. I can reproduce this all
    day long with the same result with no message box.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.6.3 Build 586 RC2

    Changelog (compared to 582)
    • Fixed bug in CryptoGuard correlation
    Notes
    This build uses Microsoft co-signed drivers. It is safe to use on Windows 10 Redstone 1 and 2 with SecureBoot enabled.

    Download
    http://test.hitmanpro.com/hmpalert3b586.exe

    Please let me know how this version runs on your computer :thumb:
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    No initial problems.

    Noted that you can no longer delete items from the C:/windows/CryptoGuard folder. I get error message attached (I am running as Administrator). Only concern is if too many of these files accumulate, although that has not seem to be the case with last several HMPA versions.
     

    Attached Files:

  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    @erikloman,
    I'm sorry to report build 586 does not resolve the CryptoGuard and LibreOffice x86 on Win x64 issue that I reported January 24 and February 3.

    Should the fixed bug in CryptoGuard correlation have resolved the CryptoGuard and LibreOffice x86 on Win x64 issue?
    Or was the investigation on that issue not finished, yet?

    I really hope you'll find some time to put into this issue.
    In order to prevent too many support requests, I really hope this issue will be fixed before the final version is released.
    As I mentioned before, many users use LibreOffice x86 on Windows x64, as LibreOffice x86 is the default download. And even more, not long ago, LibreOffice x86 was still more stable than x64, so x86 on Win x64 was the preferred choice because of that.
     
    Last edited: Feb 10, 2017
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    It seems that HMP.A is locking these files now.
    I still have RC1 installed at the moment, but i'll reboot soon to have the new RC2 installed. Then i'll see if i can't delete them too.
    Edit: Yes, they are locked with RC2.
    Edit #2: After disabling CryptoGuard, files can be deleted.
     
    Last edited: Feb 10, 2017
  14. hamo

    hamo Registered Member

    Joined:
    Jul 11, 2016
    Posts:
    67
    Location:
    Egypt
    I bought a key from a month ago and did several scans with it.

    But the program show me that " a scan has never been run" !! Whyo_O

    2017-02-10_21h51_53.png
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,286
    Location:
    Among the gum trees
    No problem with Avast with this build. :thumb:
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    Usually, I have HMPA set to "Advanced interface", where there is no such message.
    A moment ago, I set HMPA (3.6.3.586) to "Standard interface", and I noticed the faulty "A scan has never been run" message.
    However, when I close and open the HMPA "Standard interface" several times in a row, a few times I see "A scan has never been run", but also a few times I see the correct "Last scan was x days ago" message.
    So, this feature in the HMPA user interface seems rather unstable, about half the times it shows the faulty "A scan has never been run" message.
     
  17. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Thanks for checking. Shouldn't be a problem as it does not save as many as it used to.
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Have 586 on one VM and one desktop. No issues so far.
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    41,863
    I have only some files in it, it's not really a problem if files can't be deleted from the CryptoGuard-folder (maybe except for people with several Gigabytes of data in it).
    I guess it can be emptied after the service of HMP.A has been stopped. But i haven't tested it.
    Edit: After disabling CryptoGuard, files in the CryptoGuard-folder can be deleted #12885
    Build is running fine.
     
  20. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    If you disable CryptoGuard for a moment (in the HMPA GUI), the CryptoGuard folder is unlocked and you'll be able to delete items from the C:/Windows/CryptoGuard folder.
    (Don't forget to re-enable CryptoGuard, afterwards.)
     
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    Thanks mood & SM, didn't think of that.
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,029
    And again no problems upgrading build 586 RC2.
     
  23. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    No problems here either after upgrading to 586.
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I am sorry. I am able to reproduce your issue. Past week was crazy due to deadlines. I promise I will come back on the LibreOffice issue this week.
     
  25. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,325
    Location:
    the Netherlands
    Please, don't be sorry, Erik. I understand craziness due to deadlines.
    I am very happy that you were able to reproduce the CryptoGuard and LibreOffice x86 on Win x64 issue. :thumb:
    I hope this week will be less crazy for you. I am confident you'll be able to fix the mentioned issue in a next RC build.
    I hope you can enjoy a nice quiet weekend.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.