HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
  2. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    HitmanPro.Alert 3.20.2 Build 2019

    Changelog (compared to 983)
    • Fixed Autoruns BSOD
    • Fixed Driver BSOD
    • Fixed CryptoGuard5 Memory leaks
    • Fixed CobaltStrike Double messages in report when in audit mode
    • Fixed SyscallX64 Added caching to prevent hickups during play when using Chromium browser streams (e.g. Netflix / Prime).
    • Improved APCProtection Windows 11 support
    • Improved CobaltStrike Add support for WinHttp based beacons
    • Improved SyscallX86 Detection and alerting/reporting/suppression options
    • Improved SyscallX64 Added protection against Ekko/Foliage/KrakenMask
    • Improved C2Interceptor Added generic stager detection
    • Improved PipeWorker Security restrictions
    • Improved AmsiGuard Added protection for remote processes
    • Improved LBR Added newer CPU's: Tiger Lake, Rocket Lake
    • Improved CookieGuard Support for Chrome's new "Device Bound Session Credentials"
    • Improved Excalibur Code handling of rapid alerts/reports
    • Improved AlertProducer Added a rate limiter for repeating alerts - WARNING: Last Alert due to flood! added to eventlog
    • Improved Selfprotection and alerting logic
    • Improved KernelTrap32 added multiple API's
    • Improved HollowProcess logic for PEB protection
    • Improved CallerCheck thumbprinting for local allow-listing
    https://dl.surfright.nl/hmpalert3b2019.exe

    Auto-update is on for existing 2017 users, if all goes well we'll be updating 983 users soon after that in staged roll-out (first batch has been released).
    Please let us know how this version runs on your machine :thumb:
     
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,934
    Location:
    Outer space
    Installed on top of build 983, everything working fine.
     
  4. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    46
    Location:
    internet
    Hello,

    im getting many errors "nvlddmkm" since the new version.
    system freezes for minutes and i cant do anything.


    \Device\Video3
    Restarting TDR occurred on GPUID:100
    00000000020030000000000099000000000000000000000000000000000000000000000000000000

    and when i open a cmd or powershell i get a pop up with the message

    C:\Windows\system32\hmpalert.dll is either not intended to run on Windows or contains an error. Reinstall the program using the original installation media or contact the system administrator or software supplier for assistance. Error status 0xc0000428.

    im on win 11
     
  5. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    295
    Have you tried to uninstall HPA, reboot and reinstall fresh 3.20.2.2019 like the error basically recommends?
     
  6. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    46
    Location:
    internet
    i did right now a clean uninstall with revo and now installed again will see and hope for it^^

    edit: same problem but without "nvlddmkm" error till now..

    @RonnyT
    still get this pop up message when i open cmd as admin and after typing sfc/scannow :

    C:\Windows\system32\hmpalert.dll is either not designed to run on Windows or contains an error. Reinstall the program using the original installation media or contact the system administrator or software supplier for assistance. Error status 0xc0000428.

    - Provider
    [ Name] Application Popup
    [ Guid] {47bfa2b7-bd54-4fac-b70b-29021084ca8f}
    EventID 26
    Version 0
    Level 4
    Task 0
    Opcode 0
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2025-03-02T13:44:58.8310443Z
    EventRecordID 41039
    Correlation
    -
    Execution
    [ ProcessID] 1392
    [ ThreadID] 1888
    Channel System
    Computer
    -
    Security
    [ UserID]
     
    Last edited: Mar 4, 2025
  7. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,304
    Location:
    USA
    Auto update today. No problems so far.
     
  8. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    Can you please open a support ticket support@hitmanpro.com
    Please provide OS version and build + other security software installed.
     
  9. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    595
    Updated this morning to build 2019. Shortly after rebooting, the following overlay appeared on my screen:

    HMPA vs N360.png

    The same thing happened on my wife's PC; we both have HMP.A and Norton 360 on Windows 10 machines. The N360 icon in the notification area disappeared soon after this interception.

    A new reboot seems to have taken care of the problem, but I wanted to report it anyway because of the potential for this event to panic users.

    P.S. The issue where text typed into the Norton Private Browser shows up scrambled, was not solved with build 2019.
     
    Last edited: Mar 4, 2025
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,151
    Location:
    The Netherlands
    OK cool, I was worried because you're not that active anymore.

    But this test wasn't specifically about ransomware. I would like to see a CryptoGuard test, it would be great marketing for HMPA/Intercept X.

    OK cool!

    OK nice, like I said, you could simply make a list of apps that are often targeted by infostealers, and protect the data on disk and memory. Is it perhaps an idea to make a version for macOS too? Apparently, the $1.5 billion hack on Bybit was caused by some infostealer on macOS.
     
    Last edited: Mar 9, 2025
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,151
    Location:
    The Netherlands
    To be honest, I still don't understand why HMPA hasn't implemented a whitelist of trusted software.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,151
    Location:
    The Netherlands
    OK I see, but I thought that Ronny was a support guy, not a developer.

    OK cool, didn't know about this. This company also seems to be focused on blocking ransomware, but they haven't done a lot of marketing, strangely enough.
     
  13. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    We do, but some stuff we leave up to the user to decide if they trust it or not, it's a simple as going to the event log -> action -> suppress and Norton can access your authentication cookies and passwords stored in that browser.
     
  14. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    595
    Is there a reason why you guys would not simply include Norton 360 among the programs that HMP.A trusts automatically without requiring user action? Users who are less technically sophisticated, like my wife, freak out when seeing this sort of thing filling their screen.
     
  15. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    595
    That's a good question. From a user's perspective, it would be helpful to make such a list both visible and explicitly customizable.
     
  16. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    Thanks for the feedback, we've whitelisted this one, so should no longer show up.
     
  17. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    595
    Fantastic, thank you! :thumb:
     
  18. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    46
    Location:
    internet
    @RonnyT
    the new windows update KB5053598 WIN 11 24H2 resolved my problem :)
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,151
    Location:
    The Netherlands
    OK cool, so you guys fixed it? I remember in the past this wasn't possible, I always had problems with Sandboxie, will soon test it.

    BTW, I was reading this article about a ransomware attack that was initially stopped by EDR, but then hackers somehow managed to infect the network via some unprotected webcam. Do you think Intercept X would be able to stop this stuff? I mean, is it comparable to remote ransomware, what we discussed earlier?

    https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    The Sandboxie thing is a different alert not CookieGuard triggered by NortonUI.exe there is some code condition that sometimes something breaks. So there is not change there.
    Yes pretty sure our CryptoGuard would have caught this as we monitor encryption on incoming/outgoing shares.
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    Yeah, Microsoft removed that code that broke and/or caused almost all security vendors chasing what they silently changed...
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,151
    Location:
    The Netherlands
    OK weird, so Sandboxie can not be whitelisted?

    Wow, that would be cool. I wonder why this EDR totally missed this, most likely because they didn't monitor for remote ransomware attacks.
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    861
    Could I get a trial key? I have tested it a long time ago and a lot has changed since then (but not my Windows install lol) and would like to check this out again. Thanks in advance
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,415
    Location:
    Among the gum trees
    +1. I wouldn't mind another trial, if they're available.
     
  25. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    713
    Location:
    Planet Earth
    It already is for certain cases, but there is a nasty bug there somewhere.

    We come from Prevention that's a totally different angle then "Detection and/or Response" from more detection based EDR's, on top of that there are not to much vendors supporting prevention of remote encryption.
    https://infosec.exchange/@SophosXOps/114154689772002479
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.