HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Why am I constantly being alerted by this when I have already suppressed the alert??
    Code:
    Mitigation   PrivGuard
    Timestamp    2021-11-05T08:01:43
    
    Platform     10.0.19043/x64 v915 06_25
    PID          11088
    Application  C:\Program Files\Mozilla Firefox\firefox.exe
    Created      2021-11-04T19:20:58
    Description  Firefox 94.0.1
    
    Sweep
    
    Code Injection
    0000000000FE0000-0000000000FE6000   24KB C:\Program Files\Sandboxie-Plus\SbieSvc.exe [1204]
    0000000000FF0000-0000000000FF2000    8KB
    00007FF953A44000-00007FF953A45000    4KB
    0000025A5D052000-0000025A5D053000    4KB C:\Program Files\Mozilla Firefox\firefox.exe [13920]
    00007FF953A6D000-00007FF953A6E000    4KB
    00007FF953A6F000-00007FF953A70000    4KB
    00007FF953A6C000-00007FF953A6D000    4KB
    0000000001000000-0000000001001000    4KB
    1  C:\Program Files\Sandboxie-Plus\SbieSvc.exe [1204]
    2  C:\Windows\System32\services.exe [880]
    3  C:\Windows\System32\wininit.exe [736]
       wininit.exe
    
    Services
    1204  SbieSvc
    
    Dropped Files
    1  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\storage\default\moz-extension+++a082c1eb-966f-4531-a99a-bb1526af890f^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shm
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    2  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\storage\default\moz-extension+++a082c1eb-966f-4531-a99a-bb1526af890f^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-wal
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    3  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\B352C1F582288D187F968A2E63254F1C0FC9467E
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    4  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\A30420CAD79182FA0B338A96915748CA55CF1BFD
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    5  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\B661A634EEA27B32921E565999FA2DDA7E6C080F
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    6  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\FF0B6EE7603DE683695BFB1211082740260F5614
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    7  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\EF2F2F701CD9EC4A04018DCD0D5A591FF1FF1A02
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    8  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\37562599D4C0C3F7D88CEC43B01553922E8BD5A4
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    9  C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\73993B518CE730B136D6ACF139CA558F639DC9E4
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    10 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\811ADBF3E98ECECBDB2972B4E0B1E9B25F67FED8
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    11 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\CB51F33CEAA5DDED22E05C74AA8F5312A6EDDDA2
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    12 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\FD45F12059CC43A3A0ADCF66EF73B3E9F5235F41
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    13 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\467A33ED0FDCF29A1BC34E0E985E1B6F608AC8E2
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    14 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\33173721E0F9E3341EECE097BB12A2F014E817FE
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    15 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\1C55B25E1A6CD88C6EF731480770C5D11DE66FDB
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    16 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\5AA9117A287B29CAC7DD39953AF9BB07887B4605
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    17 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\D4C9512AB0BA950CCFDB3199CE026F3E06D63B29
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    18 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\4300C94A90917901C70D2839B73C0A309CBB7536
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    19 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\A71DBC0131021BA17CD052487E3A1FFC568923EC
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    20 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\D9345C26DA9B3977AD7BF0D91041E9FD9F3B2498
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    21 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\37107362C8F7674DCF438485C5641A30A13DEA5F
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    22 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\EC5460A69201D8A304DF5FC7D10528B5C399B32E
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    23 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\62E28984D35A9475C4B03B3935D945E46728FFA8
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    24 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\D4798E1403708BE9D3FB367B13E56307263C0AE8
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    25 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\18714F483B019F20786F27D575B2F644106421C8
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    26 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\AE6269334DFED2DBE8BF89E39E2EF1F4300C3D1C
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    27 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\C13F07B10882B3A20AD030B4291E5A9B9832CB83
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    28 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\8E3CA94873E234383883259421C719C8AC22DBEE
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    29 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\87E63401C3EF5577622CD5BD94DF8E334058C1F1
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    30 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\webappsstore.sqlite-shm
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    31 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\storage\default\https+++a15303380848.cdn-pci.optimizely.com\ls\data.sqlite-journal
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    32 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\storage\default\https+++a15303380848.cdn-pci.optimizely.com\ls\usage-journal
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    33 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\storage\default\https+++a15303380848.cdn-pci.optimizely.com\ls\usage
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    34 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Roaming\Mozilla\Firefox\Profiles\335r9c8v.default\webappsstore.sqlite-wal
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    35 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\94C8E91786B24B7CC546BC1B0DEE52788DD2180F
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    36 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\EE621B73B65E6FDBB3F03974DCFE51E47FE873CD
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    37 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\0956BD2DE01C18A43D1F1EE5185CC836AC106B7D
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    38 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\F1F4BAF84B642B0342A3C5F60563C9B9FB1A3929
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    39 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\56C007CBB64B85C2EDC3FB2A6DA2ACDCD82FF3BF
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    40 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\38F4646621B8687DE566D3003484AB30B143E5D3
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    41 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\F30A761378AABC7C19BE08E27B79D029F4540963
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    42 C:\Sandbox\Dave\DefaultBox\user\current\AppData\Local\Mozilla\Firefox\Profiles\335r9c8v.default\cache2\entries\1B8F29C2B2D7E63CB1174629F29A607E847E40C2
         Dropped by \Device\HarddiskVolume2\Program Files\Mozilla Firefox\firefox.exe [13920]
    
    Thumbprints
    f8968e6cc924f3266352a4b2d7e87546d129569f20fa075edc3532803b68d0ed
    
    PrivGuard.PNG
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    A while ago @markloman suggested this:

    https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-32#post-2719206
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Thanks for pointing that out @deugniet ,but I still question why I was alerted after already suppressing that alert? Isn't that the idea of suppressing alerts?
     
  4. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    It should yes. Despite suppressing Sandboxie-alerts the same here.
     
  5. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    322
    I am using Chrome with Sandboxie Classic . The other day Chrome met an attack detected by HitmanPro Alert. It said Chrome would close. But Chrome didn't close. And I had to go to Sandboxie Tray Icon > Sandbox > Terminate Processes to close it.

    Question; did the attack made it's goal because Chrome wasn't closable by HitmanPro Alert?

    Code:
    Exploitation for Privilege Escalation - ID: T1068, Tactic: Privilege Escalation
    Access Token Manipulation - ID: T1134, Tactic: Defense Evasion, Privilege Escalation
    
    Mitigation   PrivGuard
    Timestamp    2021-11-05T03:46:24
    
    Platform     10.0.22000/x64 v907 06_8e
    PID          10016
    Application  C:\Program Files\Google\Chrome\Application\chrome.exe
    Created      2021-10-13T21:11:08
    Description  Google Chrome 95
    
    Sweep
    
    Code Injection
    0000025019D09000-0000025019D0A000    4KB C:\Program Files\Google\Chrome\Application\chrome.exe [3036]
    00007FF92DCA3000-00007FF92DCA4000    4KB
    00007FF92DCA5000-00007FF92DCA6000    4KB
    0000000000C80000-0000000000C86000   24KB C:\Program Files\Sandboxie\SbieSvc.exe [3040]
    0000000000C90000-0000000000C92000    8KB
    00007FF92DC7A000-00007FF92DC7B000    4KB
    1  C:\Program Files\Google\Chrome\Application\chrome.exe [3036] 2021-11-05T03:46:21
    2  C:\Windows\explorer.exe [5624] 2021-11-05T03:33:24
    3  C:\Windows\System32\userinit.exe [5468] 2021-11-05T03:33:23 35.8s
    4  C:\Windows\System32\winlogon.exe [988] 2021-11-05T03:33:04
       winlogon.exe
    5  C:\Windows\System32\smss.exe [880] 2021-11-05T03:33:04 74ms
       \SystemRoot\System32\smss.exe 000000ac 00000090
    6  C:\Windows\System32\smss.exe [528] 2021-11-05T03:33:01
       \SystemRoot\System32\smss.exe
    1  C:\Program Files\Sandboxie\SbieSvc.exe [3040] 2021-11-05T03:33:09
    2  C:\Windows\System32\services.exe [996] 2021-11-05T03:33:04
    3  C:\Windows\System32\wininit.exe [888] 2021-11-05T03:33:04
       wininit.exe
    4  C:\Windows\System32\smss.exe [728] 2021-11-05T03:33:02 1.7s
       \SystemRoot\System32\smss.exe 000000d4 00000090
    5  C:\Windows\System32\smss.exe [528] 2021-11-05T03:33:01
       \SystemRoot\System32\smss.exe
    
    Process Trace
    1  C:\Program Files\Google\Chrome\Application\chrome.exe [10016] 2021-11-05T03:46:24
       "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1920,17732116775363531096,15077580487005132373,131072 --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgA
    2  C:\Program Files\Google\Chrome\Application\chrome.exe [3036] 2021-11-05T03:46:21
    3  C:\Windows\explorer.exe [5624] 2021-11-05T03:33:24
    4  C:\Windows\System32\userinit.exe [5468] 2021-11-05T03:33:23 35.8s
    5  C:\Windows\System32\winlogon.exe [988] 2021-11-05T03:33:04
       winlogon.exe
    6  C:\Windows\System32\smss.exe [880] 2021-11-05T03:33:04 74ms
       \SystemRoot\System32\smss.exe 000000ac 00000090
    7  C:\Windows\System32\smss.exe [528] 2021-11-05T03:33:01
       \SystemRoot\System32\smss.exe
    
    Services
    3040  SbieSvc
    
    Thumbprints
    ea3206e9b7f3ccf8a1e7f898b5ba3ce933b190c111f3a49128e943e339d7756a[/plain]
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,224
    Location:
    The Netherlands
    This wasn't a real attack, it is caused by Sandboxie and for some reason it can't be whitelisted by HMPA. But I have also noticed that so called attacked processes aren't killed by HMPA, I wonder what's up with this.

    Another thing I noticed is that even when anti-exploit is disabled, you will still get to see the flyout with a tool like Enpass. And Cookie Guard is still not mentioned in the Credential Theft section, a bit disappointing. And I still can't launch the GUI via trayicon. For now I have uninstalled HMPA.
     
  7. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    322
    How do you know it wasn't a real attack? Were you able to verify via other logging and detection machanism that an attack never occured?
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    See my posts above.
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    I just started using Windows Mail and found that Keystroke Encryption makes it impossible to write an email unless it gets disabled. It does not happen 100 % of the time though. I suspect it is related to the similar bug when typing in Search. Sometimes it doesn't cause problems, sometimes it does.

    Thanks.
     
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    @markloman @RonnyT

    I noticed that during Windows Update Hmp.Alert Pro sometimes uses up to 9% CPU. Caused by the Antimalware-component? If so is it wise to disable this component during Windows Update?
     
  11. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    49
    I have noticed this problem as well. I posted on it a while ago and never followed up.
     
  12. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    433
    Location:
    Planet Earth
    HitmanPro.Alert 3.8.18 Build 921

    Changelog (compared tot build 915):
    Added cmdl32.exe as LOLBin on Lockdown
    Fixed Small bug in Syscall mitigation
    Fixed BSOD
    Improved Cookieguard
    Improved Game detection
    Improved LockdownLoadImage whitlisting

    Download
    https://dl.surfright.nl/hmpalert3b921.exe

    We'll be auto-updating 915 users, and a subset of stable users also today.
    Please let us know how this version runs on your machine :thumb:
     
  13. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    433
    Location:
    Planet Earth
    I'll see if we can get some improvement in that area, there are a few things more where keystroke misses switches from on to off.
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,071
    Auto-updated to build 921. No problems so far.
     
  15. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,347
    Location:
    Hollow Earth - Telos
    i just auto updated to 921. That sure was quick. Better than waiting 2 weeks for Kaspersky to auto update.
     
    Last edited: Nov 12, 2021
  16. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    268
    Auto-updated to build 921. No problems so far.
     
  17. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
    Did not work, as usual.

    Manual uninstall of 915 and install of 921 went fine.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    Updated two machines without any problem.
    Great! Thanks, RonnyT.
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,055
    Location:
    Baden Germany
    Did work, as usual.
    No interaction needed.
    Maybe You should be more patient...
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,569
    Location:
    Among the gum trees
    HMP.A won't update if you delete temporary files before restarting your machine. Could this be why it didn't work?
     
  21. Craven

    Craven Registered Member

    Joined:
    Sep 7, 2020
    Posts:
    3
    Location:
    Germany
    Build 921 prevents the game Elder Scrolls Online from starting.
    Suppressing the alert is not possible.

    Mitigation Kernel32Trap
    Timestamp 2021-11-13T07:32:42

    Platform 10.0.19043/x64 v921 06_3a
    PID 776
    Feature 007D0A30000001A2
    Application C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe
    Created 2021-11-03T09:23:15
    Description ESO 1.0

    Caller info: eso64.exe+0x201BDA2
    Root owner module name : eso64.exe
    00007FF74C74BDA2 488d4c2450 LEA RCX, [RSP+0x50]
    00007FF74C74BDA7 488945d0 MOV [RBP-0x30], RAX
    00007FF74C74BDAB e80066ffff CALL 0x7ff74c7423b0
    00007FF74C74BDB0 488d05f92e2400 LEA RAX, [RIP+0x242ef9]
    00007FF74C74BDB7 41b842000000 MOV R8D, 0x42
    00007FF74C74BDBD 4c8d0d3c2f2400 LEA R9, [RIP+0x242f3c]
    00007FF74C74BDC4 4889442420 MOV [RSP+0x20], RAX
    00007FF74C74BDC9 488d1510ac2d00 LEA RDX, [RIP+0x2dac10]
    00007FF74C74BDD0 488d4c2460 LEA RCX, [RSP+0x60]
    00007FF74C74BDD5 e88664ffff CALL 0x7ff74c742260
    00007FF74C74BDDA 488bc8 MOV RCX, RAX
    00007FF74C74BDDD e80e66ffff CALL 0x7ff74c7423f0

    Code thumbprint:7760a2a367f34e7c42c241a0f3b78ed72959c2b8049b0c124480afc23563a6ae
    Number of used instructions: 0x0000000c
    OwnerModuleThumbprint: 891e955c64c8ad2fded57a8526dd7018ce72a2277787cc832b154325cbf6d21a

    Stack Trace
    # Address Module Location
    -- ---------------- ------------------------ ----------------------------------------
    1 00007FFC80C90D13 hmpalert.dll +0x40d13

    2 00007FF74C74BDA2 eso64.exe
    488d4c2450 LEA RCX, [RSP+0x50]
    488945d0 MOV [RBP-0x30], RAX
    e80066ffff CALL 0x7ff74c7423b0
    488d05f92e2400 LEA RAX, [RIP+0x242ef9]
    41b842000000 MOV R8D, 0x42
    4c8d0d3c2f2400 LEA R9, [RIP+0x242f3c]
    4889442420 MOV [RSP+0x20], RAX
    488d1510ac2d00 LEA RDX, [RIP+0x2dac10]
    488d4c2460 LEA RCX, [RSP+0x60]
    e88664ffff CALL 0x7ff74c742260
    488bc8 MOV RCX, RAX
    e80e66ffff CALL 0x7ff74c7423f0

    3 00007FF74C3CBC93 eso64.exe
    4 00007FF74C3C98B9 eso64.exe
    5 00007FF74A7EE390 eso64.exe
    6 00007FFC811DE473 ucrtbase.dll _initterm +0x43
    7 00007FF74C2D2D98 eso64.exe
    8 00007FFC837C7034 kernel32.dll BaseThreadInitThunk +0x14
    9 00007FFC83902651 ntdll.dll RtlUserThreadStart +0x21

    Loaded Modules (56)
    -----------------------------------------------------------------------------
    00007FF74A730000-00007FF74D247000 eso64.exe (),
    version: 1, 0, 0, 1
    00007FFC838B0000-00007FFC83AA5000 ntdll.dll (Microsoft Corporation),
    version: 10.0.19041.1288 (WinBuild.160101.0800)
    00007FFC80C50000-00007FFC80D66000 hmpalert.dll (SurfRight B.V.),
    version: 3.8.18.921
    00007FFC837B0000-00007FFC8386E000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.19041.1348 (WinBuild.160101.0800)
    00007FFC813F0000-00007FFC816B8000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.19041.1348 (WinBuild.160101.0800)
    00007FFC83530000-00007FFC83538000 PSAPI.DLL (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC83780000-00007FFC837B0000 IMM32.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC820A0000-00007FFC82241000 USER32.dll (Microsoft Corporation),
    version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FFC816C0000-00007FFC816E2000 win32u.dll (Microsoft Corporation),
    version: 10.0.19041.1320 (WinBuild.160101.0800)
    00007FFC81DE0000-00007FFC81E0B000 GDI32.dll (Microsoft Corporation),
    version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FFC81790000-00007FFC8189B000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.19041.1110 (WinBuild.160101.0800)
    00007FFC816F0000-00007FFC8178D000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FFC811C0000-00007FFC812C0000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FFC83350000-00007FFC833FC000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.19041.1052 (WinBuild.160101.0800)
    00007FFC83620000-00007FFC836BE000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.19041.546 (WinBuild.160101.0800)
    00007FFC81980000-00007FFC81A1B000 sechost.dll (Microsoft Corporation),
    version: 10.0.19041.906 (WinBuild.160101.0800)
    00007FFC83400000-00007FFC8352A000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.19041.1288 (WinBuild.160101.0800)
    00007FFC82560000-00007FFC82C9F000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.19041.1320 (WinBuild.160101.0800)
    00007FFC823D0000-00007FFC824FA000 ole32.dll (Microsoft Corporation),
    version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FFC81A20000-00007FFC81D75000 combase.dll (Microsoft Corporation),
    version: 10.0.19041.1348 (WinBuild.160101.0800)
    00007FFC83550000-00007FFC8361D000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.19041.985 (WinBuild.160101.0800)
    00007FFC82CA0000-00007FFC82D0B000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC813C0000-00007FFC813E7000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.19041.1023 (WinBuild.160101.0800)
    00007FFC82D70000-00007FFC831E2000 SETUPAPI.dll (Microsoft Corporation),
    version: 10.0.19041.1237 (WinBuild.160101.0800)
    00007FFC81370000-00007FFC813BE000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.19041.1151 (WinBuild.160101.0800)
    00007FFC80FD0000-00007FFC81126000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.19041.1320 (WinBuild.160101.0800)
    00007FFC80280000-00007FFC802BB000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC7AC40000-00007FFC7AC4A000 VERSION.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC776A0000-00007FFC776C7000 WINMM.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC57460000-00007FFC57510000 granny2_x64.dll (),
    version:
    00000000654F0000-000000006552E000 steam_api64.dll (Valve Corporation),
    version: 03.42.61.66
    00007FFC573E0000-00007FFC5745D000 bink2w64.dll (RAD Game Tools, Inc.),
    version: 2020.09
    00007FFC58990000-00007FFC58A1D000 MSVCP140.dll (Microsoft Corporation),
    version: 14.29.30133.0 built by: vcwrkspc
    00007FFC58960000-00007FFC5896C000 VCRUNTIME140_1.dll (Microsoft Corporation),
    version: 14.29.30133.0 built by: vcwrkspc
    00007FFC58970000-00007FFC5898B000 VCRUNTIME140.dll (Microsoft Corporation),
    version: 14.29.30133.0 built by: vcwrkspc
    00007FFC5BA20000-00007FFC5BA29000 WSOCK32.dll (Microsoft Corporation),
    version: 10.0.19041.1 (WinBuild.160101.0800)
    00007FFC7E670000-00007FFC7E677000 XINPUT9_1_0.dll (Microsoft Corporation),
    version: 10.0.19041.1 (WinBuild.160101.0800)
    0000000065380000-00000000654E5000 icuuc55_x64.dll (The ICU Project),
    version: 55, 1, 0, 0
    0000000061A40000-0000000061C3D000 icuin55_x64.dll (The ICU Project),
    version: 55, 1, 0, 0
    00007FFC41AE0000-00007FFC41EE4000 D3DCOMPILER_47.dll (Microsoft Corporation),
    version: 6.3.9600.16384 (winblue_rtm.130821-1623)
    00007FFC74B40000-00007FFC74C4C000 WINHTTP.dll (Microsoft Corporation),
    version: 10.0.19041.1320 (WinBuild.160101.0800)
    0000019FCCB20000-0000019FCE3D8000 icudt55_x64.dll (The ICU Project),
    version: 55, 1, 0, 0
    00007FFC80820000-00007FFC8082C000 CRYPTBASE.DLL (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC81130000-00007FFC811B3000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.19041.1348 (WinBuild.160101.0800)
    00007FFC82500000-00007FFC82555000 Shlwapi.dll (Microsoft Corporation),
    version: 10.0.19041.1023 (WinBuild.160101.0800)
    00007FFC4E320000-00007FFC4E366000 bthprops.cpl (Microsoft Corporation),
    version: 10.0.19041.388 (WinBuild.160101.0800)
    00007FFC836C0000-00007FFC8376D000 SHCORE.dll (Microsoft Corporation),
    version: 10.0.19041.1320 (WinBuild.160101.0800)
    00007FFC80D70000-00007FFC80DA4000 DEVOBJ.dll (Microsoft Corporation),
    version: 10.0.19041.1151 (WinBuild.160101.0800)
    00007FFC62B00000-00007FFC62D9A000 comctl32.dll (Microsoft Corporation),
    version: 6.10 (WinBuild.160101.0800)
    00007FFC783C0000-00007FFC783F7000 BluetoothApis.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC83770000-00007FFC83778000 NSI.dll (Microsoft Corporation),
    version: 10.0.19041.610 (WinBuild.160101.0800)
    00007FFC7AC90000-00007FFC7ACAD000 dhcpcsvc.DLL (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC80E90000-00007FFC80EC1000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.19041.1266 (WinBuild.160101.0800)
    00007FFC818A0000-00007FFC81900000 Wintrust.dll (Microsoft Corporation),
    version: 10.0.19041.1266 (WinBuild.160101.0800)
    00007FFC80A90000-00007FFC80AA2000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFC74780000-00007FFC74964000 DbgHelp.dll (Microsoft Corporation),
    version: 10.0.19041.867 (WinBuild.160101.0800)

    Process Trace
    1 C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe [776]
    "C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe" Language.2=de viewer_id= onetime_token= product_id=215828 is_steam=
    2 C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    3 C:\Windows\explorer.exe [6116]

    Dropped Files
    1 C:\PROGRAM FILES (X86)\ZENIMAX ONLINE\LAUNCHER\HOST.DEVELOPER.LOG
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    2 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\061b8d0af8fa3d892fdc9723a00d5d6ccff18f5a.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    3 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\aebfd59d00cc111cfe164faba2a8e3663b221809.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    4 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\a9dd6ff070f316b1e0ae1d082da204d7bf300c19.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    5 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\ba64b60aadecb38544f285f42442ba51ec7099bd.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    6 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\d82983e3fa3c13c6d21a9ff9fe43d18c7daba657.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    7 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\ceac5cd22c9d6bb3644585fbf70a2dacf6d485a0.patchmanifest.partial
    Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [13952]
    1 C:\Users\marti\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000006b0.db
    Dropped by \Device\HarddiskVolume7\Windows\explorer.exe [6116]

    Thumbprints
    c0f37bd64b959dcf354d33f7a278f866b094891158d226cd32e19ccb5447f1e2
    7760a2a367f34e7c42c241a0f3b78ed72959c2b8049b0c124480afc23563a6ae (code)
    891e955c64c8ad2fded57a8526dd7018ce72a2277787cc832b154325cbf6d21a (ownermodule)
     
  22. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    No problem auto-updating yesterday, two machines.
    Running fine so far, Win10 as per sig.
     
  23. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,164
    You might have misunderstood; patience does not play a role here (for this update).

    The update was already offered on my PC, but did not get installed at reboot. Instead it got offered again (to install after reboot), which failed, etc. Endless loop of offering, but not installing.

    (I have reported this behavior before, but I guess my case is too much an edge case)
     
  24. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    38
    Location:
    Nederlands
    No problems encountered after notification HitmanPro.Alert will be updated after restart.

    HitmanPro.Alert Versie 3.8.18 build 921

    Windows 11 Pro Versie 21H2 Build 22000.318
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,714
    Location:
    Outer space
    Updated succesfully. One thing that might be improved: I have security software running which blocks the executable from running from userspace. Logs show HMPA tries again every hour, but when I lower security and right-click Check for update to on the tray icon it says no update available, but it clearly is since it is already downloaded to my temp folder.

    @Krusty could be correct, the update exe is in \appdata\local\temp\ so deleting temporary files (automatically) on shutdown would interfere.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.