HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,541
    Location:
    South Wales, UK
    I think that we have a false positive as when I logged on this evening HMP.A immediately started to issue messages stating that it had stopped malware, specifically GEN.VARIANT.MIKEY 80871 related to the executable WRSA.EXE.

    Well, I think that it is safe to say that Webroot Secure Anywhere is NOT malware...so to whom do I report this and how as I have had to uninstall; HMP.A as it would not let WRSA start. LOL

    Regards, Baldrick
     
  2. anonskii

    anonskii Registered Member

    Joined:
    Dec 16, 2016
    Posts:
    18
    Location:
    UK
    i did mention that none of my programs are manually put in protected applications, all my settings are default. i have no other similar software to hitmanpro
     
  3. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,121
    Location:
    the Netherlands
    Thanks, @anonskii.
    Do you have any kind of application launcher, as RonnyT asked?
    In case HMPA automatically protects that application launcher, Comodo Programs Manager and Revo Uninstaller would inherit the protections and that would cause the behavior that you reported.
    The question is now, do you have any kind of application launcher, and is it automatically protected by HMPA?
    In case you are not sure what an application launcher is and whether you have one on your system, please do a web search for: application launcher.
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,121
    Location:
    the Netherlands
    @Baldrick,
    You can report here.
    If you could add the full alert details, then Erik, Mark, or RonnyT can have a look at it.
    You can get alert details from Event Viewer:
    Open the HMPA user interface.
    If the HMPA user interface shows 1 or more alerts, clicking "Number of alerts" or "Last alert" in the HMPA user interface will open Windows Event Viewer and a "HitmanPro.Alert Events" module will be added to Windows Event Viewer. Be patient, as this takes a moment.
    As soon as the "HitmanPro.Alert Events" module is added to Event Viewer, opening that entry should show HMPA events.
    Take the entry regarding the specific alert.
    Select all text, use Ctrl+C to copy the selected text, and then you can paste the copied details in a reply in the thread.

    Edit:
    I overlooked the fact that you uninstalled HMPA.
    If you uninstalled HMPA, you cannot use the option that I mentioned, obviously.
    Instead, you can open Windows Event Viewer and look for HitmanPro.Alert Events.
    Copying and pasting the HMPA event information is still the same as I mentioned.

    Also, if what you reported was a HMPA Anti-Malware detection, I suppose there should be no need to uninstall HMPA, as disabling only the HMPA Anti-Malware component should probably be sufficient to stop the reported Anti-Malware detection.
     
    Last edited: Apr 21, 2018
  5. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    429
    Just got this, on Win 8.1 x64 with HPA 3.7.6.739

    Mitigation CredGuard

    Platform 6.3.9600/x64 v739 6f_10
    PID 40084
    Application C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe
    Description VeeamAgent 2.1

    SAM access denied.

    Range = LBA 10248080 :512
    Read = LBA 10246144 :2048

    Process Trace
    1 C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe [40084]
    "C:\Program Files\Veeam\Endpoint Backup\x64\VeeamAgent.exe" -g"2500-5000" -i"{f1e8f03a-1853-4ff4-a731-2eb6342ba286}" -l"flush,C:\ProgramData\Veeam\Endpoint\Backup__Job__DESKTOPXYZ/Agent.Backup__Job__DESKTOPXYZ.Source.DESKTOPXYZ.599E3939.log" -
    2 C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe [3328]

    Thumbprint
    3709acf560f32ef95795ee0c02becbbc740aaf6c1e737766a26d41c370c668b1

    Comment: I have Veeam set to run automatically a system backup each day, and this is the first time I get the message
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Turn off the SAM protection in the creditguard protection. It should be defaulted off but apparently has been turned on
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    FWIW ~ RE: #14876
    Code:
    HitmanPro 3.8.0.292
    www.hitmanpro.com
    
       Computer name . . . . : BJM-PCW10
       Windows . . . . . . . : 10.0.0.15063.X64/4
       User name . . . . . . : BJM-PCW10\bjms
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Paid (314 days left)
    
       Scan date . . . . . . : 2018-04-24 10:13:37
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 8m 20s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 9
    
       Objects scanned . . . : 1,738,856
       Files scanned . . . . : 28,173
       Remnants scanned  . . : 318,887 files / 1,391,796 keys
    
    Malware _____________________________________________________________________
    
       C:\Program Files\Webroot\WRSA.exe
          Size . . . . . . . : 3,688,336 bytes
          Age  . . . . . . . : 2.0 days (2018-04-22 11:21:29)
          Entropy  . . . . . : 6.7
          SHA-256  . . . . . : A91E3B684EBE4B846D8E74BF41BBC759C883AA0FB23F746585019798D941519E
          Product  . . . . . : Webroot SecureAnywhere
          Publisher  . . . . : Webroot
          Description  . . . : Webroot SecureAnywhere
          Version  . . . . . : 9.0.20.31
          Copyright  . . . . : (c) Webroot 2006-2018
          RSA Key Size . . . : 2048
          Service  . . . . . : WRSVC
          Parent Name  . . . : C:\Program Files\Webroot\WRSA.exe
          LanguageID . . . . : 1033
          Authenticode . . . : Valid
          Running processes  : 1528, 3436
        > Bitdefender  . . . : Gen:Variant.Mikey.80871
          Fuzzy  . . . . . . : 92.0
          Startup
             HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WRSVC
             HKLM\SYSTEM\CurrentControlSet\Services\WRSVC\
          References
             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk
             C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
          Network Ports
             0.0.0.0:27019 
             192.168.1.3:51456   54.213.219.159:443
          Forensic Cluster
             -0.1s C:\Program Files\Webroot\
              0.0s C:\Program Files\Webroot\WRSA.exe
              4.8s C:\ProgramData\WRData\Ccs.db
              4.8s C:\ProgramData\WRData\Lso.db
              4.8s C:\ProgramData\WRData\Ovr.db
              4.8s C:\Windows\System32\drivers\WRkrn.sys
              4.9s C:\Windows\SysWOW64\WRusr.dll
              4.9s C:\Windows\System32\WRusr.dll
              7.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere\
              8.0s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere\Webroot SecureAnywhere.lnk
              8.0s C:\ProgramData\WRData\dbg.db
              8.0s C:\ProgramData\WRData\dbi.db
             10.4s C:\ProgramData\WRData\Hrs.db
             11.0s C:\ProgramData\WRData\PKG\
             11.1s C:\ProgramData\WRData\PKG\wrPhreshPhish.dll
             11.1s C:\ProgramData\WRData\PKG\wrUrl.dll
             11.1s C:\ProgramData\WRData\PKG\Chrome\
             11.1s C:\ProgramData\WRData\PKG\Chrome\Readme.txt
             11.1s C:\ProgramData\WRData\PKG\FF_WebEx\
             11.1s C:\ProgramData\WRData\PKG\FF_WebEx\manifest.json
             11.1s C:\ProgramData\WRData\PKG\Vistax64\
             11.1s C:\ProgramData\WRData\PKG\Vistax64\wrflt.dll
             11.2s C:\ProgramData\WRData\PKG\Vistax64\wrUrlFlt.sys
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\background_scripts\
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\background_scripts\background.js
             11.2s C:\ProgramData\WRData\PKG\Vistax86\
             11.2s C:\ProgramData\WRData\PKG\Vistax86\wrflt.dll
             11.2s C:\ProgramData\WRData\PKG\Vistax86\wrUrlFlt.sys
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\background_scripts\server.js
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\browser_actions\
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\browser_actions\Default.html
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\browser_actions\default.js
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\browser_actions\Popup.html
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\browser_actions\popup.js
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\content_scripts\
             11.2s C:\ProgramData\WRData\PKG\FF_WebEx\content_scripts\jquery-2.2.0.min.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\content_scripts\main.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\helper_scripts\
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\helper_scripts\base64_coder.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\helper_scripts\browser.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\helper_scripts\helper.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\Go19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\GoLt19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\icon-128.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\helper_scripts\logger.js
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\icon-19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\icon-48.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\iconGy-19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\Stop19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\Yield19.png
             11.3s C:\ProgramData\WRData\PKG\FF_WebEx\images\YieldDk19.png
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\META-INF\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\META-INF\manifest.mf
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\META-INF\mozilla.rsa
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\META-INF\mozilla.sf
             11.4s C:\ProgramData\WRData\PKG\Firefox\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\de\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\de\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\en\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\en\messages.json
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome.manifest
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\install.rdf
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\es\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\es\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\fr\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\fr\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\it\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\it\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ja\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ja\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ko\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ko\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\nl\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\nl\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ru\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\ru\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\tr\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\tr\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\pt_BR\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\pt_BR\messages.json
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\META-INF\
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\META-INF\manifest.mf
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\zh_CN\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\zh_CN\messages.json
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\zh_TW\
             11.4s C:\ProgramData\WRData\PKG\FF_WebEx\_locales\zh_TW\messages.json
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\META-INF\mozilla.rsa
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\META-INF\mozilla.sf
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\skin\
             11.4s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\skin\icon-128.png
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\skin\icon-36.png
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\skin\icon-48.png
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\skin\icon-grey.png
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome\content\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome\content\background.js
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\de-DE\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\de-DE\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\en-US\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome\content\browser.xul
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome\content\jquery-2.2.0.min.js
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\en-US\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\es-ES\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\es-ES\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\fr-FR\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\fr-FR\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\it-IT\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\it-IT\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ja-JP\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ja-JP\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ko-KR\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ko-KR\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\nl-NL\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\nl-NL\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\pt-BR\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\pt-BR\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ru-RU\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\ru-RU\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\tr-TR\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\tr-TR\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\zh-CN\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\zh-CN\webrootVar.properties
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\zh-TW\
             11.5s C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\locale\zh-TW\webrootVar.properties
             11.5s C:\ProgramData\WRData\wrUrl\
             11.6s C:\ProgramData\WRData\wrUrl\Log.log
             11.6s C:\ProgramData\WRData\wrUrl\WhiteList.txt
             11.6s C:\Windows\System32\drivers\wrUrlFlt.sys
             11.6s C:\ProgramData\WRData\wrUrl\Tmp\
             11.7s C:\Program Files (x86)\Common Files\Webroot\
             11.7s C:\Program Files (x86)\Common Files\Webroot\WebFiltering\
             11.7s C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
             11.7s C:\Program Files\Common Files\Webroot\
             11.7s C:\Program Files\Common Files\Webroot\WebFiltering\
             11.7s C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
             13.5s C:\ProgramData\WRData\PKG\wrSync.dll
             13.5s C:\ProgramData\WRData\PKG\wrSyncNameExt.dll
             13.6s C:\ProgramData\WRData\PKG\wrSyncNameExt64.dll
             13.6s C:\ProgramData\WRData\PKG\wrSync1.dat
             13.6s C:\ProgramData\WRData\PKG\wrSync2.dat
             13.6s C:\ProgramData\WRData\PKG\wrSync3.dat
             13.6s C:\ProgramData\WRData\PKG\wrSync4.dat
             14.0s C:\ProgramData\WRData\Sync\
             21.3s C:\ProgramData\WRData\PKG\WRBar.dll
             21.3s C:\ProgramData\WRData\PKG\WRBar.exe
             21.4s C:\ProgramData\WRData\PKG\WRBar64.dll
    
    
    
    
    reported Safe thru HitmanPro
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,121
    Location:
    the Netherlands
    Interesting!
    There is still no option to whitelist in HMPA Anti-Malware, but we can mark something as safe in HMP.
    What is the consequence of marking a HMPA Anti-Malware detection as safe in HMP?
    Does that stop the HMPA Anti-Malware detection for that item?
    Has anyone ever tested that, before?
     
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,642
    off topic
    It's that time of the year again. Kings Day coming soon (Friday) and Holiday time in The Netherlands.
    PS: I'm not an official spokesperson for SurfRight.
    /off topic
     
  10. jacemace

    jacemace Registered Member

    Joined:
    Sep 10, 2009
    Posts:
    76
    there is a problem with hmpa alert - which i just added - it does not like mozilla browser add ons - so far hmpa has made pale moon extensions not
    work, and now firefox - i do not even want to start up cyberfox or waterfox - most add ons do work, some do not - i would say nintey five percent work - but one i really like that hmpa stops from operation is one tab - i do not like having a lot of tabs open - and when using one tab it brings memory usage down quite a bit - i will only use mozilla browsers with one tab - i will try a mozilla browser install in safe mode, and test all the add on functions - and then restart computer and see what happens - already uninstalled pale moon - now have to uninstall firefox
    also hmpa gives an intruder alert every time i start a mozilla browser - screen shot posted
    if hmpa blocks add ons - will have to uninstall it

    update - have just looked through previous wilders hitman pro alert pages about intruder alerts and add ons - and it seems some add ons are just not liked by hmpa

    update 2 - does not matter if i disable exploit mitigation and safe browsing for specific mozilla browser - hmpa still will not let certain add ons install/work

    update 3 - have installed pale moon with just the one tab add on - hmpa has let the browser be insofar to this extent

    update 4 - pale moon and the extensions are still working with hmpa - I haven't added every add on - going to add each one at a time and restart the browser to check if pale moon goes from the green line browser surrounding box of safe browsing - to the red line browser surrounding box of intruder alert - in interest is that it was not the add on one tab that hmpa did not like - but a different one - that still made hmpa remove one tab even though another browser extension was considered an intruder
     

    Attached Files:

    Last edited: Apr 27, 2018
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,649
    High likely a conflict with other currently running security applications:
    Excerpt:
     
  12. LodeHere

    LodeHere Registered Member

    Joined:
    Nov 25, 2017
    Posts:
    9
    Location:
    Amsterdam
    After not having used HitmanPro.Alert since the incompatibility with Sandboxie issue began after a previous Alert update quite some time ago, I just thought I might at least utilize its keyboard encryption option. So I installed it again, and now I see the orange popup with "Encrypting KPO9VO41A" (and that code changing while I type) appearing in the right bottom corner of my screen.

    Then I wanted to see what other options I could utilize without issues with Sandboxie. Turns out I can have every option enabled, except that for the 3 browsers I have -Chrome, Epic and IE11- which appear below the large blue "Exploit mitigation" block in "Advanced interface" mode have all individual Code and Memory Mitigation boxes unchecked. While general "Exploit mitigation" is checked, reason that big block is blue instead of gray.
    :)
     
    Last edited: Apr 27, 2018
  13. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    194
    Unfortunately Version HPA 3.7.6.739 is much more slowing at Widows 10 64bit pro (version: 1709, build: 16299.402) than at Windows 7 64 bit pro. Despite the fact that my Windows 10 computer much more modern and faster. In Windows 10, HPA is therefore virtually useless, because very slow down the system, computer performance.

    Hardware of my Windows 10 64bit pro: Intel® Core ™ i5-8400, Samsung 960 EVO 512GB M2 PCIe MZ-V6E500BW system SSD, 16GB DDR4 RAM Corsair 16GB (2x8GB) DDR4 2400MHz CMK16GX4M2A2400C14, Motherboard: ASRock Z370 Extreme4, Hard Drive: 2 × 6TB (WD Red 6TB 5400rpm 64MB SATA3 WD60EFRX.

    My Windows 7 64 bit pro machine: QuadCore Intel Core i5-2500, 4133 MHz, Asus P8Z68-V Pro / Gen3 4x4 GB DDR3-1333 DDR3 SDRAM, SAMSUNG SSD 830 with system.
     
    Last edited: Apr 28, 2018
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,823
    Location:
    Under a bushel ...
    I use Sandboxie and HMPA without issues (everything ticked except CTP SAM), and have Chrome installed (though I don't really use it), and all Code and Memory boxes are checked ...
    Don't have W7 to compare but no apparent performance issues here with same W10 build.
     
  15. LodeHere

    LodeHere Registered Member

    Joined:
    Nov 25, 2017
    Posts:
    9
    Location:
    Amsterdam
    Thank you.

    What is CTP SAM?

    I'm using Windows 8.1 with StartIsBack. I like it much better than Windows 10.
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,121
    Location:
    the Netherlands
    That is Risk reduction\ Credential Theft Protection\ Security Account Manager (SAM).
    (In Dutch: Risicoverkleining\ Bescherming van aanmeldgegevens\ Beveiligingsaccountbeheer (SAM).)
    By default, SAM is disabled.
     
  17. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    Why is my starting TDSSKiller.exe killed by HMPA ?
     
    Last edited: Apr 28, 2018
  18. LodeHere

    LodeHere Registered Member

    Joined:
    Nov 25, 2017
    Posts:
    9
    Location:
    Amsterdam
    Bedankt. :)
    But to continue in the forum language, I can have CTP and SAM enabled, but not Code Mitigations and Memory Mitigations. This is so for my Chrome, Epic and IE11. Everything else I can have enabled.
    I'm glad to be able to utilize my Alert again, be it without those mitigations. And by default surfing in Sandboxie and also having Emsisoft Anti-Malware and MBAM, I already didn't really feeling unprotected. Besides now and then with those two, sporadically I also do a scan with the free herdProtect, but no malware has been found over the last years.
     
    Last edited: Apr 28, 2018
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,121
    Location:
    the Netherlands
    @LodeHere,
    Could it be that other running security applications interfere with HMPA? Some users use a whole bunch of security applications, of which some combinations may interfere.
    What other security applications do you use?
    Other forum members may be able to tell you whether or not your combination of security applications may interfere with HMPA.
    (N.B. This is why some forum members mention security applications and/or settings in the signature.)
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,823
    Location:
    Under a bushel ...
    Besides Sandboxie, I also use EAM. I also have MBAM installed, but not set to start with Windows (so on demand only). Btw I have portable herdProtect also (this has not been updated for ages as it I believe it was rolled into Reason Core Security), but do not use it.

    But I do not have @LodeHere's issues with HMPA. Could be another security application, or maybe some Windows Defender setting?
     
  21. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    194
    [QUOTE="
    Don't have W7 to compare but no apparent performance issues here with same W10 build.

    Win 10 x64 v1709 16299.402* Firefox 59.0.2 w/uBO, UM, etc.
    1: Dell XPS i5 8250U 8GB 256GB SSD *Home
    2: ThinkPad Yoga S1 i7 4510U 8GB 256GB SSD *Pro
    3: Dell XPS i7 2630QM 6GB 1TB *Pro
    + selection of: GW | EAM | WD | OSA | ERP | AG | VS | HP | BFP | MB | HMPA | AC | RO | AdG | Sbie | FIDES | MZWS | RH | SD
    Backup: MR | Bvckup 2
    [/QUOTE]

    You may be, but this is hardware and configuration dependent.
     
  22. LodeHere

    LodeHere Registered Member

    Joined:
    Nov 25, 2017
    Posts:
    9
    Location:
    Amsterdam
    The only other security application I use is AdGuard. It sometimes blocks opening sites that I did not ask to go to. Like suddenly a live chat or dating site wants to open after clicking to see a clip on a porn site, but then AdGuard blocks it, which I like. Also MBAM blocks sites sometimes.
    Besides that I use AdMuncher. Nothing else in the "protection" department.
    About not letting MBAM start with Windows:
    • Start Malwarebytes at Windows startup: If this setting is off, Malwarebytes will not start with Windows. No real-time protection layers will start when Windows starts, though they may still be started manually by launching Malwarebytes.
    PS:
    I just set MBAM to not start up with Windows, and enabled the Mitigations in Alert for Chrome. But then opening Chrome gave the same Sandboxie error message again. (SBIE 2203) So I let MBAM start up with Windows again, and disabled Mitigations for Chrome once more.

    It's no biggie for me. I feel well protected. Just was curious if a solution had been found, or an Alert update had solved the issue. But thank you much for your kind responses. :)
     
    Last edited: Apr 29, 2018
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,823
    Location:
    Under a bushel ...
    Maybe you can ask on Sandboxie thread, or do a search for that message there. Perhaps you can enable the Alert mitigations for Chrome and ignore / hide that SBIE message ...
     
  24. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    70
    False positive, sure.
    VirusTotal.- Sophos AV | Mal/Generic-S ~ Removed VirusTotal Results as per Policy ~
     
    Last edited by a moderator: May 4, 2018
  25. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    278
    Recently I've uninstalled Zemana AntiLogger (And manually removed the KeyCrypt .dll files and disabled left over services and autostart entries) and enabled the Keystroke Encryption in HMPA. It has been working fine except sometimes when typing something in the windows menu search bar it'll just get garbled. For example "Chrome" can turn into "nxysyj" as it did just now. I've only been able to replicate this with Keystroke Encryption in HMPA running, but it doesn't replicate 100% of the time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.