Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Yes, agreed. I disabled all the Defender mitigations, did you do the same or leave them enabled?
Since this is the main HMPA thread, and not the beta thread, it would be helpful if the posts here indicate which version of HMPA is conflicting with Windows...
Updated my posts with the HMP.A used.
Thanks, much appreciated! I wasn't sure if the thread had morphed. So I was just trying to keep up.
With the new version of Windows 10 coming, we will need to be aware of any problems that affect the release version of HMPA.
I think I can confirm HMP.A is involved here. I've been running without Alert since this issue appeared and just installed it (HMP.A 3.6.7 Build 604). After a restart I started adding Windows Live Mail to the protected applications in HMP.A, then clicking on the Windows logo on the Task Bar, Start would not open. Also, the Windows key on the keyboard was unresponsive.
Pressing the power button and the machine shutdown with a "Waiting for..." message about a Plug and plug driver needing to be installed. That's the second time I've seen that message.
HMP.A 3.6.7 Build 604.
MB 3.2.2 with Exploit and Ransomware Protection disabled.
Norton Security 22.11.
I have also experienced this, but HMP.A is currently disabled. And yes, on restart, Start works again.
I find it's better to wait at least 6 months for the dust to settle on new versions of Windows 10. I may update to 1703 one of these days ...
When Microsoft is pushing out RS2, RS3 and RS4 (every half year now?) and making Previews available for the world to test I would say in this case Sophos is behind on things.
Granted Preview to Release will always most certainly have minor changes.
I will assume these issue's will be dealt with by the developers within 1 month. Any longer would be intolerable for me as a paying costumer.
Or Sophos could have posted a notification atleast on the website stating the current version of HMP.A is not fully Windows 10 Fall Creators Update compatible.
Both the 718 and 604 release Alert fail to enable Block Untrusted Fonts. Hopefully, this gets fixed in less time than one month, along with issues others have reported.
To better frame my comment in context, I was referring to the need for Microsoft to slow down their rapid release cycle, or if not, at least for us end users to lag behind for a cycle as MS patches bugs in the new releases. The previews and first releases (optional) are essentially requiring the consumers to become unpaid beta testers for a new OS.
This is breaking a lot of systems and third party developers are all struggling to keep up with the changes. I don't see things getting better any time soon, unless Microsoft changes their tune.
People have the option to delay updates including updates like the Fall Creators Update. I was once a Previewer of Microsoft and even so you can opt to slow ring/fast ring or skipping to a complete next version. I do not see why companies like Sophos whom have resources to make the best of it do so too.
To me Sophos is slacking if the issue's are not solved within said month.
When it comes to an even faster cycle I will point to Linux and their almost daily updates. Not a week seems to go by with yet another root/kernel update.
I will say I am update-minded but my systems have had very little issue's with updates both Windows, MacOS or Linux for that matter. Applications are another matter though.
Afaik the Block Untrusted Fonts was a switch for a Windows feature. Maybe MS removed the feature: https://blogs.technet.microsoft.com...dropping-the-untrusted-font-blocking-setting/
I use Linux too, and most of the updates I see are bug fixes, rather than entire new releases. Depending on the distro, you can choose LTR (Long Term Release), or the fast rolling releases, depending on whether you need stability for production, or wish to test the latest features. There is also a huge lack of 3rd party commercial software in the Linux ecosystem. Microsoft is apparently choosing to only offer stability to Enterprise customers who pay for it. But for the rest of us...
The big change that many do not realize is that each new Windows 10 release (i.e., Anniversary, Creators, etc) is not just a patch, but instead an entire OS upgrade. The changes involved in each release, regarding features, UI elements, API's. etc. is something that should happen at the rate of every few years, not every few months. The inmates are apparently running the asylum in Redmond these days... Sheesh!!!
Thank you kindly. I enabled this on machine running Windows 10 Pro via group policy as per the link you provided.
I think you're right. I've just had this happen on a machine without HMP.A installed. Maybe it is MB related... or Norton.
No Norton here, but I do have MB installed (but not running, only on-demand). Could also just be Windows 1709 ?
And yet another application that crashes after I updated to Fall Creators Update.
Before the update Windows 10 Pro was doing fine with HMP.A and this mobile device tool.
Platform 10.0.16299/x64 v604 06_3f
Application C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\WindowsDeviceRecoveryTool.exe
Description Windows Device Recovery Tool 3.12
00AB0080 55 PUSH EBP
00AB0081 8bec MOV EBP, ESP
00AB0083 8b4d08 MOV ECX, [EBP+0x8]
00AB0086 83ec08 SUB ESP, 0x8
00AB0089 85c9 TEST ECX, ECX
00AB008B 7439 JZ 0xab00c6
00AB008D 0fb711 MOVZX EDX, WORD [ECX]
00AB0090 6685d2 TEST DX, DX
00AB0093 7431 JZ 0xab00c6
00AB0095 56 PUSH ESI
00AB0096 8b7104 MOV ESI, [ECX+0x4]
00AB0099 83fe18 CMP ESI, 0x18
00AB009C 7227 JB 0xab00c5
00AB009E 8b4108 MOV EAX, [ECX+0x8]
00AB00A1 0b410c OR EAX, [ECX+0xc]
00AB00A4 741f JZ 0xab00c5
What other security software do you have on your machine?
Probably as in CaptainLeonidasHMPA's signature?
"Win10 Fall Creators Update, Avast Internet Security, MBAM, HMPro/.A"?
I might add Windows Defender too even though is for periodic scans only.
My Thunderbird is not protected. How do I set it up to be protected? Which Template? Which code mitigations and which memory mitigations? My Thunderbird is running in Sundboxie (v.5.20 64bit). My HitmanPro.Alert Version 3.6.7 build 604. Windows 7 pro 64 bit.
Outlook 2016 is also 'not protected'. Does it need protection? If it was needed wouldn't Sophos already added Thunderbird and Outlook to the pre-defined applications?
In the past there were some troubles with people adding all kinds of applications to HMP.A. Just so you know.
Choose Office for Thunderbird: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-179#post-2469869
Separate names with a comma.