HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,398
    Location:
    North Carolina, USA
    Hello @HempOil,

    See post #15072 (HitmanPro.Alert 3.7.8 build 751 Released)...
     
  2. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    68
    Hi @Pete8
    I use Kaspersky IS along time ago with HitmanPro.A and no problems.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,991
    Location:
    USA
    There was a Microsoft program called EMET, which I believe was the first attempt to apply mitigations to apps to protect against sophisticated attacks. EMET worked, but it required a lot of tinkering by the user because many applications were not compatible with all mitigations. The advantage of HMP.Alert is a lot of guesswork is taken out of the process; many applications are recognized and configured automatically. HMP.A also includes protection against ransomware, keyloggers, and other malware. As others have mentioned it's not perfect, but I've been using it for years with very few problems. With security software I feel it's always a good idea to take advantage of the trial period. Just run it for a while and see if it's compatible.
     
  4. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    123
    Location:
    Australia
  5. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    176
    Location:
    Canada
    Thanks @puff-m-d. I missed that post.
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,398
    Location:
    North Carolina, USA
    Hello @HempOil,

    No problem as you are most welcome ;) ...
     
  7. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    18
    Location:
    Finland
    Microsoft Edge startup problem still not fixed?
     
  8. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    211
    Location:
    Planet Earth
    Can you try to disable F-Secure - DeepGuard and see if that solves the issue?
     
  9. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    18
    Location:
    Finland
    Yes, that worked.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
  11. M_G_H

    M_G_H Registered Member

    Joined:
    Sep 3, 2007
    Posts:
    25
    I would like to know this as well. Since the update to 751 the other day, my browser (Firefox and Vivaldi) freeze during browsing and end task does not help, just rebooting. I tried to disable exploit protection in MBAM and that seemed to work as it did not freeze for a couple of days. I don't mind leaving it disabled, was just wondering if it was an oversight in the 751 build as the 750 ran fine.
     
  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,118
    Location:
    the Netherlands
    Is there any chance you use Avast?
    If so, see CaptainLeonidasHMPA's and Krusty's recent posts, regarding a recent Avast - Malwarebytes conflict:
     
  13. M_G_H

    M_G_H Registered Member

    Joined:
    Sep 3, 2007
    Posts:
    25
    No not using Avast, I have for a while now, only because it was working well with no conflicts, Kis 2019, HMPA and MBAM. I know that this is overkill and that conflicts may arise, but before removing MBAM or HMPA, was just wondering which one is the culprit. As mentioned also, when I deactivate the Exploit Protection in MBAM, all is fine.
     
  14. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,991
    Location:
    USA
    I also turn off Exploit Protection in MBAM; it needs to be off and it seems better to do it manually instead of expecting HMP.A to force it off. By the way Windows 10 now has exploit protection as well (Windows Defender Security Center App & Browser control). I had also turned those options off, but just discovered that they were On again, probably as a result of the last major update.
     
  15. M_G_H

    M_G_H Registered Member

    Joined:
    Sep 3, 2007
    Posts:
    25
    Well, it's been a couple of days and turning off exploit protection in mbam seems to do the trick. Although, I'll probably just turn everything off in mbam and just use KIS 2019 and HMPA as I believe the protection should be good enough without MBAM and just run it once in a while as on demand.
     
  16. khalo

    khalo Registered Member

    Joined:
    Aug 30, 2018
    Posts:
    1
    Location:
    London
    Keyboard Encryption is causing the Chrome keyboard shortcut for New Tab to fail around 40% of the time. I've had to disable it for now as it's not tolerable.

    Has this been posted by anyone yet? Is someone working on a fix?
     
  17. Sand

    Sand Registered Member

    Joined:
    Apr 28, 2016
    Posts:
    26
    Mitigation CredGuard

    Platform 10.0.17134/x64 v751 06_5e
    PID 11548
    Application C:\Program Files (x86)\Heimdal\md.hs
    Description md.hs

    Reading LSASS (912) process memory: 7FFE0000 L4096

    Stack Trace
    # Address Module Location
    -- -------- ------------------------ ----------------------------------------
    1 75C1453C KernelBase.dll ReadProcessMemory +0x1c

    2 00419279 md.hs
    83ec14 SUB ESP, 0x14
    85c0 TEST EAX, EAX
    8b5c2470 MOV EBX, [ESP+0x70]
    741c JZ 0x4192a0
    31c0 XOR EAX, EAX
    011d40704200 ADD [0x427040], EBX
    3b5c245c CMP EBX, [ESP+0x5c]
    8dbc24a8010000 LEA EDI, [ESP+0x1a8]
    b941000000 MOV ECX, 0x41
    f3ab REP STOSD
    744b JZ 0x4192eb
    8b44243c MOV EAX, [ESP+0x3c]
    890424 MOV [ESP], EAX
    e854740000 CALL 0x420700
    e985feffff JMP 0x419136

    3 00000018 (unknown)

    Loaded Modules
    -----------------------------------------------------------------------------
    00400000-0042D000 md.hs (),
    version:
    779C0000-77B50000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17134.228 (WinBuild.160101.0800)
    74190000-74270000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.8.751
    75000000-750E0000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    75B40000-75D24000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17134.165 (WinBuild.160101.0800)
    77250000-772C8000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74EB0000-74F6F000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17134.1 (WinBuild.160101.0800)
    750F0000-75134000 sechost.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    77800000-778C0000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17134.112 (WinBuild.160101.0800)
    74280000-742A0000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74270000-7427A000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74A60000-74AB8000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17134.137 (WinBuild.160101.0800)
    6FFE0000-7007D000 apphelp.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    75390000-75396000 PSAPI.DLL (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    75950000-75ADD000 USER32.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74E90000-74EA7000 win32u.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    753A0000-753C2000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    77640000-777A4000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17134.112 (WinBuild.160101.0800)
    75160000-751DD000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74940000-74A5E000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17134.191 (WinBuild.160101.0800)
    74160000-74181000 USERENV.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    75140000-75158000 profapi.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    774B0000-774F5000 SHLWAPI.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    74C30000-74E8C000 combase.dll (Microsoft Corporation),
    version: 10.0.17134.112 (WinBuild.160101.0800)
    75F00000-7724A000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17134.228 (WinBuild.160101.0800)
    75EC0000-75EF9000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    775A0000-77628000 shcore.dll (Microsoft Corporation),
    version: 10.0.17134.112 (WinBuild.160101.0800)
    742F0000-748AA000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17134.228 (WinBuild.160101.0800)
    754B0000-754BF000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17134.112 (WinBuild.160101.0800)
    777B0000-777F5000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)
    77470000-77478000 FLTLIB.DLL (Microsoft Corporation),
    version: 10.0.17134.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Program Files (x86)\Heimdal\md.hs [11548]
    "C:\Program Files (x86)\Heimdal\\md.hs"
    2 C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [9664]

    Thumbprint
    d8eb6ed1d4256adf2f1640f6c3a9824fa895cb6089ec81f36d49c175ed01a2b8

    Pretty sure Hitman see the activation process of Heimdal as strange, happen only with stable version of Heimdal, and not with RC.

    SAM was unticked @paulderdash
     

    Attached Files:

    Last edited: Aug 31, 2018
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,818
    Location:
    Under a bushel ...
    Do you have Risk Reduction>Credential Theft Protection>Security Account Manager (SAM) ticked?

    If so, untick it.
     
  19. jd97

    jd97 Registered Member

    Joined:
    Apr 27, 2015
    Posts:
    28
    It's causing my browsers to freeze at launch as well. Explorer.exe is acting up too. Rebooting temporarily solves the issue. Weird that it affects all 3 Edge, Firefox and Chrome. SAM is disabled. I disabled all mitigations for FF and I can use it now (fingers crossed). It started about the 2nd reboot after the update.

    I just have Windows Defender as my protection. I did disable "Control Flow Guard/CFG" in the Exploit protection settings of WD as suggested by another user when we discussed where Edge froze and crashed upon launch. Post #14978
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    211
    Location:
    Planet Earth
    Can you try to enable/default CFG again and see if that makes any difference?
     
  21. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    325
    I keep getting this when I start the Brave Browser, I am pretty sure it is a false positive and Brave works fine after I close the alert.

     
  22. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,192
    Regarding running of browsers within Sandboxie:
     
  23. Socio

    Socio Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    325
    Ok Thanks!
     
  24. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,222
    I'm using 3.7.8 build 751 under Win10 Pro x64. I had no issues with build 750; I'm not sure if that is relevant or coincidental.

    I have a USB switch that I use to switch a keyboard and mouse between my work and home PCs. What started happening after the 751 update was that I'd try switching to my home PC, and it wouldn't work. The keyboard would light up as if it was going to work, then it would go dark before it did. The mouse just stayed dark. No errors, no dialogs, nothing logged.

    But the issue doesn't seem to happen if I leave HMP.A's keystroke encryption function disabled. My first guess was that the "Bad USB" function was causing it, but apparently not.

    Just me?
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,991
    Location:
    USA
    Well, it might be just you, but only because that's a pretty unique setup ;) FWIW I've had problems with keystroke encryption interfering with typing; it was making it hard to enter passwords so I turned it off = end of problem :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.