HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    I'm assuming that doesn't trigger if you do a regular install.
    My guess would be the code-sign validation failed (can you reproduce? and if so please DM me the steps and ramdisk setup used).
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,055
    No CookieGuard triggered if I do a regular install. Yet another mitigation with Vivaldi installed on a ramdisk.
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,055
  4. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,511
    I have another dump waiting to upload. Let me know if you want it. Win7x64
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    Thanks Ronny.

    I guess it is safe to supress this alert?
     
  6. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Yes, But can't guarantee something won't popup in the future, this might need some more alerts before we get a good visual on what the best solution is here.
     
  7. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Hi all,

    I have started a new info and support section on our Zendesk platform, please have a look and let me know what your missing any feedback is appreciated!
    https://hitmanpro.zendesk.com/
     
  8. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    58
    This (WildersSecurity) forum has provided excellent support in the past and I do hope that you remain here also in the future, regardless of your new Sophos-Zendesk support section. Thanks! :)
     
  9. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Yes this is pure an addition, but more like a documentation and FAQ kind of concentrated location for less technical users.
     
  10. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    205
    Location:
    Canada
    I experienced this, as well. I was surprised at how frequently the reminders kept popping-up after dismissing them. This has never an issue with past updates.

    Otherwise, build 923 has been running flawlessly since auto-updating a week ago.
     
  11. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    205
    Location:
    Canada
    Hi Ronny,

    In light of those goals, I would say it is off to a good start. I looked at some of the articles explaining the feature sets. They go into enough detail for novice users, and those who are interested in the specifics can google them.
     
  12. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Until we introduced the 'reminder' and click on fly-out to reboot there was no reminder you just clicked ignored and never got a reminder at all (until you opened Alert GUI), currently set to remind every 1 hour.
    Is that to much? or are you seeing other timing?
     
  13. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,511
    For those that never reboot and leave there systems up all the time, I can see repeating the reminder, but every hour gets annoying for those that shutdown their systems anyway when they are done. For me, I only need the reminder once like it used to be.
     
  14. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    205
    Location:
    Canada
    I didn't time it, but every hour sounds about right. It's more aggressive than I would prefer (and that I remember from previous builds), especially if I am busy working away on my PC and don't have time to reboot. Unless there is a major security concern or reboots can be eliminated, I would prefer a daily reminder over an hourly one.
     
  15. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    488
    It is WAY too much. And making it worse is that the notice stays on top of all other windows, taking up screen space and distracting the eye, :mad: until you take positive action to dismiss it -- and THEN a new dialog box opens up in the middle of the screen talking about a reboot, so you STILL can't get back to work. :mad::mad: And then the whole process repeats again one hour later. :mad::mad::mad:

    Here is a suggested improvement: present the update availability notice once, with a drop-down menu allowing the user to select the amount of time 'til the next reminder -- say, 1 day later, or 2 days later, or 4 days later, or a week later. The basic idea is to avoid annoying the user with these repeated reminders.
     
  16. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,511
    Code:
    Faulting application name: hmpalert.exe, version: 3.8.19.923, time stamp: 0x61a0c584
    Faulting module name: RPCRT4.dll, version: 6.1.7601.25767, time stamp: 0x617cb692
    Exception code: 0xc0000005
    Fault offset: 0x000104a0
    Faulting process id: 0x3e0
    Faulting application start time: 0x01d7f1cb97408ca0
    Faulting application path: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    Faulting module path: C:\Windows\syswow64\RPCRT4.dll
    
    I have a dump, if interested, let me know. This is on a 64-bit system. Is hmpalert.exe only 32-bit?
     
  17. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,055
    Changed from a local account to Adminstrator and back. HmP.Alert build 923 shows 22-27% CPU. Made a dmp-file, sent to support@hitmanpro.com.

    Win10 21H2 build 19044.1415

    1.JPG
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,366
    Location:
    Among the gum trees
    From memory, that used to happen every time Norton updated its SONAR definitions. I always exclude HMP.A in Norton these days. That prevents it.
     
  19. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,055
    Already done that a long time ago (on your advice) :)
     
  20. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    896
    Location:
    USA
    Any thoughts here on the MS process "msedgewebview2.exe"?

    I believe it's legit, signed and part of Windows. but I have some concerns... apparently it is a Microsoft method for an application to be web enabled internally, but by leveraging MS Edge tech in a somewhat obfuscated manner.

    So far I have observed that I have two applications that cause this process to launch and connect to remote IP addresses. One connects to Amazon AWS, and the other connects to Microsoft in Redmond Washington. This activity triggers my outbound firewall alert, and I have to permit it to access the net. One of these apps (with an internal web store of products and my purchased licensees) loses functionality if I block this process.

    Since it is apparently legit I am tempted to leave it alone and allow access the network as needed. I contacted the tech support for the application, and they confirmed that's how it is supposed to work.

    So, here is my concern >>> "msedgewebview2.exe" does not show up as a running app in HitmanPro.Alert, so I cannot set it for any Exploit Mitigations. It also does not trigger an instance of Edge to run, which is protected. This whole scheme seems to run "under-the-radar" so to speak.

    So having this process available to any software in my PC to use appears to leave a gap in security. Or am I missing something here?
     
  21. ParallelTwin

    ParallelTwin Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    7
    Location:
    Sydney
    I noticed an issue. My keyboard seemed to be going nuts, pressing e would give a space first, then an e on the next press, and similar random things. Figured my keyboard was shot?

    Anyway, I turned off Keystroke Encryption, problem goes away.

    Recently hmpa updated, and it didn't exist before :shrug:

    I'm just leaving it off now.
     
  22. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    896
    Location:
    USA
    I've seen that happen a few times when Firefox was open in the background on my desktop, and I was trying to type into a foreground application. Closing the browser seemed to fix that temporarily, but it did appear to be a bug with keystroke encryption gone wild!
     
  23. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Is that structural? can you try alt-tab to a different window(s) and back to see if the keyboard does what it's supposed to do than?
     
  24. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    386
    Location:
    Planet Earth
    Same on the alt-tab test, seems like the keyboard guard lost focus on the wrong window.
     
  25. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    896
    Location:
    USA
    Exactly!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.