HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    No "Windows could not connect to the System Event Notification Service" notification with Windows login.
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,345
    Location:
    the Netherlands
    Thank you for the clarification.
    As I said, the issue you experienced may probably have been completely different to the issue that I mentioned before.
    Thanks again.

    I'm not sure about caiusilus, though, as to my question"Did you get a "Windows could not connect to the System Event Notification Service" error notification", caiusilus replied "I see the notification before login."
    I cannot rule out that there could have been some miscommunication or misunderstanding.
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    See: Exploit mitigations > Applications...

    Office-info can't be read completely at far right of screen.
     

    Attached Files:

  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It is a metro interface, use the mouse wheel to scroll.
     
  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    Ok. Thanks.
     
  6. caiusilus

    caiusilus Registered Member

    Joined:
    Feb 14, 2013
    Posts:
    35
    Location:
    France
    You're right, Stupendous Man, the notification (on LUA) appears after I enter my password. And after my PC freeze. I have only a black screen... and i am forced to reboot.
    But I can login on my admin account with HMP alert 3.

    Apologize for my bad english writing...

    best regards,
    Laurent
     
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,345
    Location:
    the Netherlands
    Ah, thanks, that is the same as with my issue earlier on.

    That is different to my experience earlier on,
    however, a black screen is not uncommon with the "Windows could not connect to the System Event Notification Service" issue.

    To rule out any miscommunication -
    The notification that you got after entering your password trying to login to your LUA, was that:
    "Windows could not connect to the System Event Notification Service"?
    Or the equivalent in French on a computer with a French Windows edition, of course. I think that is:
    "Windows n'a pas pu se connecter au Service de Notification d'événement système"

    If you got that notification, the issue you experienced seems to be different to what deugniet described.
    I don't know if the cause could be the same, or that the cause of the issue may be different too.
    If the cause of the issue may be different than that of the issue deugniet reported, then it might be a good idea if SurfRight has a more specific look at the issue you reported.
     
  8. caiusilus

    caiusilus Registered Member

    Joined:
    Feb 14, 2013
    Posts:
    35
    Location:
    France
    Hi,

    yes, that is exactly that notification ;-)
    So I go back to emet. Waiting surfright fix this issue ;-)

    Kind regards,
    Laurent
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,345
    Location:
    the Netherlands
    Thank you very much, Laurent.

    As I said,
    if you got that notification, the issue you experienced seems to be different to what deugniet described.
    I don't know if the cause could be the same, or that the cause of the issue may be different too.
    If the cause of the issue may be different than that of the issue deugniet reported, then it might be a good idea if SurfRight has a more specific look at the issue you reported.
    But that is up to SurfRight, of course.
     
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    Another event:

    Logboeknaam: Security
    Bron: Microsoft-Windows-Security-Auditing
    Datum: 13-7-2014 16:42:03
    Gebeurtenis-id:6281
    Taakcategorie: Systeemintegriteit
    Niveau: Informatie
    Trefwoorden: Controle mislukt
    Gebruiker: n.v.t.
    Computer: ****
    Beschrijving:
    De paginahashes van een installatiekopiebestand zijn niet geldig. Mogelijk is het bestand onjuist ondertekend zonder paginahashes of is het bestand beschadigd vanwege een onbevoegde wijziging. De ongeldige hashes kunnen duiden op een schijffout.

    Bestandsnaam: \Device\HarddiskVolume3\Windows\System32\hmpalert.dll
    Gebeurtenis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>6281</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-13T14:42:03.271847700Z" />
    <EventRecordID>198060</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="60" />
    <Channel>Security</Channel>
    <Computer>****</Computer>
    <Security />
    </System>
    <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\Windows\System32\hmpalert.dll</Data>
    </EventData>
     
  11. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I entered the "hmpalert64-test.exe" into EMET's protected aps this morning as there was no "HPA3-test.exe" in the folder I downloaded from a few pages back and then re-tried the test and there still was no blocks by EMET with the .exe running with all mitigation's :(
     
  12. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    EMET doesn't apply ROP mitigations to 64bit apps.
     
  13. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    (Win 7 64 bits, F-Secure, Hmpalert, HitmanPro licensed, Appguard, Sandboxie 4.09).

    Believing that most people write up problems in forums and don't very often log successes, I bit the bullet and upgraded Hmpalert to 3.0.12.63. Everything has run as smooth as silk for 24 hours apart from Sandboxie (even though I have a named pipe in Global settings). Everything loads and Sandboxie is usable, but there is no mouse over green hitmanPro.Alert//Safebrowsing at the top of the screen and the keyboard encryption test fails. I'm sure someone will fix it soon. I reckon Hmpalert is a superb piece of engineering. Many Thanks.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Thank you for writing this success story. Much appreciated.
     
  15. Turing Doenitz

    Turing Doenitz Registered Member

    Joined:
    Oct 23, 2013
    Posts:
    31
    Location:
    Australia
    Hi there. I installed your BETA version a couple days ago with no major issues. It's a nice program, seems to target the correct applications for protection and I've had no issues with safe browsing. But I would like to mention what seems to be a possible false positive. This is also occurring in your current release version of HitmanPro.Alert.

    My PC is running Win7 64bit, with Emsisoft Anti Malware V9 & EMET 4.1 Update 1.

    So I'll first say what the normal behaviour is and then I'll tell you the behaviour caused when HMP.A is installed on the system.

    There is a game called Planetside 2 made by Sony Online Entertainment. When I launch the game, it brings up the updater. When the updater has verified the game is up to date, it allows the user to click the PLAY button which launches the game and closes the launcher.

    With HMP.A, it behaves almost the same but when you click PLAY nothing happens and the launcher just closes. No user-facing prompts show up. However, Event Viewer does log it and I've included what it's offered up below, with just a couple things redacted:

    Code:
    Log Name:      Application
    Source:        Application Error
    Date:          16/07/2014 8:32:49 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      REMOVED
    Description:
    Faulting application name: PlanetSide2_x64.exe, version: 0.0.0.0, time stamp: 0x53bc4d73
    Faulting module name: hmpalert.dll, version: 3.0.12.63, time stamp: 0x53be9039
    Exception code: 0xc0000005
    Fault offset: 0x000000000007db50
    Faulting process id: 0x65c
    Faulting application start time: 0x01cfa0e1450d0375
    Faulting application path: D:\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2_x64.exe
    Faulting module path: C:\Windows\system32\hmpalert.dll
    Report Id: 886a26e2-0cd4-11e4-b8b1-001b21b55c31
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Application Error" />
        <EventID Qualifiers="0">1000</EventID>
        <Level>2</Level>
        <Task>100</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2014-07-16T10:32:49.000000000Z" />
        <EventRecordID>92309</EventRecordID>
        <Channel>Application</Channel>
        <Computer>REMOVED</Computer>
        <Security />
      </System>
      <EventData>
        <Data>PlanetSide2_x64.exe</Data>
        <Data>0.0.0.0</Data>
        <Data>53bc4d73</Data>
        <Data>hmpalert.dll</Data>
        <Data>3.0.12.63</Data>
        <Data>53be9039</Data>
        <Data>c0000005</Data>
        <Data>000000000007db50</Data>
        <Data>65c</Data>
        <Data>01cfa0e1450d0375</Data>
        <Data>D:\Sony Online Entertainment\Installed Games\PlanetSide 2\PlanetSide2_x64.exe</Data>
        <Data>C:\Windows\system32\hmpalert.dll</Data>
        <Data>886a26e2-0cd4-11e4-b8b1-001b21b55c31</Data>
      </EventData>
    </Event>


    Regards, Turing.
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Emsisoft on x64 is in the known issues list.

    Regarding Planetside 2, try setting Active Vaccination to Passive.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,360
    Location:
    Among the gum trees
    @erikloman ,

    If you don't mind, I have two questions for you.

    1) Is there much benefit for HMP.A 2 and HMP free (unlicensed) users upgrading to HMP.A 3?

    &

    2) Will HMP.A 2 users be automatically upgraded to HMP.A 3 once 3 is released?

    Thank you.

    PS : I have installed HMP.A 3 as a trial on a W7 x64 SP1 machine running Norton Security with Backup v22.0.0.67 (beta) and it installed over HMP.A 2 and after a reboot seems to be running fine. :thumb:
     
    Last edited: Jul 17, 2014
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    1) With v3 you get these free additions (compared to v2):
    • Active Vaccination
    • Webcam Notifier
    • Keystroke Encryption
    • Hollow Process blocker
    • HitmanPro integration
    • Colored border around application (e.g. red border when browser is unsafe to use)
    • Overall improvements
    If you have a HitmanPro license you get hardware-assisted Exploit Mitigations as well.

    2) Yes as all features of V2 are in V3 + the stuff mentioned in 1) above.
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,360
    Location:
    Among the gum trees
    Thanks Erik. I might of missed it but how do I enable Active Vaccination, or is that not yet activated?
     
  20. reyes

    reyes Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    48
    Location:
    INDIA
    will there be hardware-assisted Exploit Mitigation support for AMD based system in future??
     
  21. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,052
    Its acitvated (default).

    See: Security > System Vaccination.
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    No because AMD processors lack the feature where it records the last instructions (branches) it took.
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,360
    Location:
    Among the gum trees
    Thanks but...
    Mine shows as Passive Vaccination and the writing for Active Vaccination is not white, so it looks like I can't enable it.
     
    Last edited: Jul 17, 2014
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Active Vaccination requires a license. I will send you one via PM.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,360
    Location:
    Among the gum trees
    :thumb: PM Received! Thanks. :cool:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.