HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    847
    Location:
    USA
    It's actually a handy solution because when installed, it can be added to the right-click context menu in file explorer, where it can be run manually to check files:
    "Scan with HitmanPro".

    Or run a full HitmanPro scan from an icon on the desktop or quick launch bar.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,594
    Location:
    The Netherlands
    BTW, which features are free? I understood that certain functions will keep working even if you don't trial HMPA and if you decide not to buy a yearly license, is this correct? I installed HMPA after quite a long time and it still looks quite good with a couple of interesting features you won't find in other behavior blockers. And you can even disable features that might cause problems.
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,456
    Location:
    Outer space
    I agree, but it would be better if HMP was integrated into HMP.A instead of HMP.A just downloading the HMP executable everytime a scan is started.
     
  4. Erik T

    Erik T Registered Member

    Joined:
    Jan 28, 2019
    Posts:
    24
    Location:
    Germany
    HitmanPro.Alert (3.8.8 build 889) has blocked update process of Windows10 [January 12, 2021—KB4598242 (OS Builds 19041.746 and 19042.746)]. All without any warning.
    I was intuitively forced to uninstall HMPA. Only then the Windows update was possible. :mad:
     
  5. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,277
    Location:
    Under a bushel ...
    FWIW no such issue here.
     
  6. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    937
    Same here, no problems.
     
  7. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    220
    The Windows 10 upgrade was fine for me.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,594
    Location:
    The Netherlands
    Actually, I've installed HMPA after quite a long time and it now has a ''tamper protection'' feature, you won't be able to terminate the HMPA GUI and service when this feature is enabled.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,277
    Location:
    Under a bushel ...
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    847
    Location:
    USA
    The trend among AV programs seems to no longer be ask first, but just quarantine first. Then you can restore the file from quarantine and exclude from future detection if you wish. Maybe there are exceptions, but I haven't seen any.

    Avira broke their "ask" feature years ago, so even though their UI still allowed you to select "ask", it sent detected files straight to quarantine. This included their paid Pro version.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,277
    Location:
    Under a bushel ...
    The reason why I mentioned my request is that I continue to this issue below, even though I have 'suppressed alert'?

    HeapHeapProtect

    The application, one of its loaded modules, or another process, has attempted to allocate memory with executable permissions to introduce additional code not part of the base program.

    MITRE ATT&CK

    Supply Chain Compromise - ID: T1195, Tactic: Initial Access


    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-651#post-2973301
     
  12. Merlucius

    Merlucius Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    8
    Location:
    uk
    I had problems with HMPA older builds on win 7 /64 . I added a game to Mitigations /Other leave all boxes checked but never added games as Browser. My keyboard was acting weird so I had to do Alt+ Tab than Ctrl AL Del and that usually saved the problem and if sometimes that didn't solved the problem I will unplug USB cable of keyboard and plug back, back in game all ok. However my keyboard is a Merc and is seen as 2 keyboards from hardware point of view.
    HMP A give me this problems because the game I'm talking about was known by me before having HMP A. The game was installing hidden USB devices- so in HMPA I had always the Bad USB module on and I think because of that I was having problems with weird buttons mapping. Basically the game was installing a bad USB and mess with the driver so half of my keyboard was unusable. HMPa never thrown an warning but was stopping the game doing that so - the keyboard malfunction. And again Alt Tab than Ctrl Alt Del usually solved the problem.
    So in my case wasn't keystroke encryption. Initially when this problems appeared I disabled Bad USB module cause I didn't know what to do but, at some point I accidentally found ALT TAB and CTRL ALT DEL working.

    Games will do install hidden devices to pose as USB devices or even keyboard. Even those games aren't Browser games and have all the files legit.
     
  13. Merlucius

    Merlucius Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    8
    Location:
    uk
    I mitigate Steam as Other not Browser or Media and leaved all boxed checked no problems on the HMPa build before .889 . Played 3 titles no problems. Win 10 20H2.

    However Uplay is a dirty one and I had problems with it . But I'm not surprised Uplay does some fishy things.
    First Uplay was added by HMPa automatically to mitigation but don't know if Browser or something else. Even that HMPa support says why I added Uplay to mitigation. I didn't initially and I took it off. I added Uplay to mitigations myself later on to test.
    However HMPA will stop some child processes of Uplay if was mitigated but was doing it silently-- and that's a problem in HMPa, it should block whatever but warn the user what and why so we can have the ability to decide what to add to exclusions.
    Lately Uplay had a very big patch and is worst than before. You can see in logs Uplay logs stuff like " disable shipping -tracing on machine is enable" this look like - don't do too much on this machine as we are traced by MS.
     
  14. Merlucius

    Merlucius Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    8
    Location:
    uk
    I do add games as protected/ mitigated as Others. Why ? Cause a lot of games are doing a lot of dirty stuff. And those games modifies their own .exe addresses in RAM than further OS more likely Services(Print, BITS, Cryptographic) of OS followed by corruptions of WINSX and Wbem. I've seen this a lot done by one game on win 7 and 10. At least in win 10 SFC works better than in win 7. Adding them as protected apps will stop the games of modifying their own RAM usage and corruptions of instructions and that will stop further chain of corruption to your OS.
    My point of having HMPa is TO mitigate games not exclude them.

    Infections form other apps installers or uninstalls on my machine is next to 0.00001%
    Infection to trough bad Browsing maybe a 2 %
    Infections from games is the rest of the percentage.
    So why should I not mitigate the games?

    Example : 1 month ago(I think 18 Dec) Win 10 /64 20H2, HmP A and KTS(Kaspersky I.S.) present. War Thunder game update itself but somehow all the servers is connecting to for the update are shut down by his own executable, seen in the log. Done that in the past 2years ago when I had Comodo.
    Closed the game but didn't noticed remained in processes as 32 bit process. Open another one. Same thing, update doesn't work.
    KTS interface freeze . KTS services seems alive. Very strange. HMPa doesn't respond. Windows Defender strangely calls Hydra( I think Panda AV engine) or KTS who did that. Whole system unresponsive >>> cold reset.
    And all over again after restart except no more Hydra process in Taskbar.
    2 days later noticed that I forgot to mitigate both executables of War Thunder in HMPA and also SFC found corruptions WINSX folders and a lot of double permissions.

    I'm not blaming HMPa or KTS, but I blame windows for not telling me that another instance is running.
    Just an example of a game with clean .exe files on Virus Total and valid certificates can do. An this is on win 10 imagine on win 7.

    HMPa in build .889 win 10 20H2 is flashing EAC require to play War Thunder. something to do with bootstrap. Yeah EAC is child process of the game which is mitigated by me. I ignored EAC. Before .889 this flashing by HMPA of EAC was not present.
    However I like EAC because sometimes acts as an AV.
    EAC stopped the game cause wshom.ocx are suspicious. Checked location and hash of the files flashed by EAC. I said : hmmm strange.
    Few days later I found traces of shells regarding wshom.ocx.

    Since than I mitigate all .exe of shell present on my OS.

    Some games will use any little gate and undefended little .exe files that will have some good privileges.
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,529
    Location:
    Among the gum trees
    From the right-click menu on the tray icon I accidentally clicked, "Hide Icon". I couldn't find any way to unhide the tray icon so had to reinstall. There must be an easier way I'm missing.
     
  16. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,128
    Location:
    Hollow Earth - Telos
    Maybe right click tray and taskbar settings.
     
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,128
    Location:
    Hollow Earth - Telos
    I have ASLR and DEP enabled in W10. Should i disable them in HMPA.
     
  18. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    847
    Location:
    USA
    What is the current opinion on running HMPA fully enabled with either Bitdefender Free or Bitdefender Plus? Any potential for conflicts?
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,594
    Location:
    The Netherlands
    Good point, this must be fixed. In fact, this should be handled by Windows itself.
     
  20. Merlucius

    Merlucius Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    8
    Location:
    uk
    I used Bitdefender Internet Security with the previous version of HMPa with no issues. But only for about 12-15 days cause the 30 days trial from Bitdefender expired abruptly telling me to type my new license key.
    However, I prefer ESET simply cause I can rule HIPS
     
    Last edited: Feb 18, 2021
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.