HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022)

    My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a boot loop after the install of Microsoft update KB5013943 released on May 10th 2022.

    What to do

    Option 1
    Let the system BSOD and auto restart
    After 3 times, you are presented with Advanced repair options button
    Select Advanced repair options to enter winRE
    Select Troubleshoot > Advanced options > Command Prompt
    Type C:
    Hit Enter
    Type cd \windows\system32\drivers
    Hit Enter
    Type ren hmpalert.sys hmpalert.old
    Hit Enter
    Type Exit
    The system should boot normally after renaming the hmpalert.sys driver

    Option 2
    Let the system BSOD and auto restart
    After 3 times, you are presented with Advanced repair options button
    Select Advanced repair options
    Select Troubleshoot > Advanced options > Uninstall Updates
    Choose Uninstall latest feature update (KB5013943)

    FAQ
     
    Last edited: May 16, 2022
  2. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    Looks like this Windows Update is causing multivendor BSOD's so we expect a "fix" from their end somewhere soon-is, in the mean time we're working on a workaround for Win11 users with this patch.
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    FYI, if you look up that KB, it's actually a "security" update.
     
  4. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.8.12 Build 943 Released

    Changes (compared to build 923):
    • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
    • Added protection against cloning of LSASS process to Credential Theft Protection
    • Added support for ReFS file system to CryptoGuard
    • Added NOTEPAD.EXE to Office template
    • Added GPT partition support to WipeGuard
    • Added NVMe support to WipeGuard
    • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
    • Added alerting to our protection of sticky key abuse (and other accessibility features)
    • Added EA Digital Illusions CE AB to game detection
    • Improved protection against direct system calls, or SysCall, on 32-bit applications
    • Improved handling of certificates on code-signed applications
    • Improved CookieGuard alert with information about the application certificate, if any, in the alert
    • Improved CookieGuard so it now adds certificate validation information into the alert details
    • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
    • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
    • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
    • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
    • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
    • Change reboot fly-out reminder interval from 1h to 8h
    • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
    • Changed text for Benefits button to Help center
    • Changed Sophos Privacy Notice and Terms of Service
    • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
    • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
    • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
    • Fixed displaying icons of UWP applications
    • Fixed several user interface inconsistencies
    • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
    • Fixed false alarm by CookieGuard if application starts from a RAM-drive
    • Fixed false alarm by HollowProcess on Visual Studio
    • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
    • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
    • Fixed tray icon burning CPU cycles after install
    • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
    • Updated third-party libraries
    • Several other changes under the hood
    Download
    https://dl.surfright.nl/hmpalert3b943.exe

    In the coming days we are automatically updating our users, starting with machines running build 941 tonight.
    A big thank you to all participants who helped us test our beta builds! Awesome! :thumb:
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,368
    Location:
    Among the gum trees
    Build 943 seems to be running great here so far.

    Thanks for all your hard work guys! :thumb:
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,368
    Location:
    Among the gum trees
    Except Windows start up tone has stopped working again.
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,265
    No problems upgrading build 943.

    Link does not work properly, I needed to copy-paste. https://dl.surfright.nl/hmpalert3b943.exe
     
  8. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    327
    A small note:
    The correct version number is 3.8.21 Build 943, not 3.8.12 Build 943.

    Otherwise everything is fine, no problems with the software.
     

    Attached Files:

  9. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    327
    Last edited: May 18, 2022
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,660
    Location:
    Under a bushel ...
    Auto-updated without incident.
     
  11. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    225
    Location:
    Canada
    All is running fine here too!
     
  12. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    41
    Location:
    internet
    update runs fine

    a question:

    due to this fix
    • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
    can i install now the update KB5013943 ? because i had this BSOD from the win 11 update which i had to uninstall
    or can this BSOD also have other reasons ?
     
  13. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    Hi, if you had Alert installed with this update AND it dropped the APC_INDEX_MISMATCH then it's safe to assume it was caused by Alert.
    You can install the update if you are on Alert 943 (at least I have tested over 200 reboots on different setups without issues, and was able to reproduce when rolling back to alert 941/923 within a few).
     
  14. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    582
    Thank you, this is a most welcome improvement! :thumb: :thumb:
     
  15. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    582
    Just rebooted Windows 7 to install HMP.A build 943. In the first few minutes I've already gotten three HMP.A notices like this one:

    HMPA intercept.png

    Should I simply exclude this AMD program?
     
  16. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    41
    Location:
    internet
    @RonnyT
    thx now i installed the update KB5013943 again and my system is working without BSOD :)
     
  17. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    We're looking in to this, please use the suppress alert option on this one.
     
  18. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Updated to HMPA 3.8.21.943 three days ago. So far, so good! :thumb:
     
  19. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    582
    Thank you. I've suppressed the alert as you requested and removed Radeonsoftware.exe from the exclusion list.
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    HitmanPro.Alert 3.8.21 Build 945

    Changelog (compared to 943)
    • Improved Syscall
    • Improved WipeGuard
    • Improved CryptoGuard5
    • Improved HollowProcess
    • Improved ROP detection on crashing processes
    • Improved HeapHeapHooray also covers powershell_ise now
    • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
    • Several other changes under the hood
    Download
    https://dl.surfright.nl/hmpalert3b945.exe
    Auto-updater is enabled as of now.
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,660
    Location:
    Under a bushel ...
    Auto-updated, Win 10, no problem.
     
  22. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Auto updated to Build 945 yesterday. All good here!
     
  23. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    234
    Perfect here, thanks :thumb:
     
  24. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    513
    Location:
    VPN city
    Does Sophos home premium still include HMP.A ?
     
  25. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    663
    Location:
    Planet Earth
    Yes it does, though be it a slightly older code.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.