HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We are working on this issue. A fix will be in CTP3.

    CTP2 will be out today.
     
  2. caiusilus

    caiusilus Registered Member

    Joined:
    Feb 14, 2013
    Posts:
    35
    Location:
    France
    Thanks a lot Erik :thumb:
    I am eager to try this new build :)
     
    Last edited: Jul 25, 2014
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,552
    Location:
    Among the gum trees
    Awesome! I can hardly wait. :thumb:

    Will CTP1 auto-update or will we need to download fresh?

    Thanks
     
    Last edited: Jul 25, 2014
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    917
    Location:
    UK
    Ok thanks for the response
     
  5. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    449
    Location:
    Hengelo
    Today we release the second Community Technology Preview of HitmanPro.Alert 3. This release bears the version number 3.0.12.73 CTP2.

    Release notes

    • Added ability to protect custom applications against vulnerability attacks. Users can now use the ‘Running applications’ dialog under ‘Exploit mitigations’, which offers a user-friendly overview of the running applications and the ability to choose and protect applications against vulnerability attacks.
    • Added automatic exploit protection for 'Skype for Windows desktop'.
    • Added automatic detection of media applications to the built-in software radar. This means that applications that can open music or video files are automatically protected against exploit attacks (e.g. Windows Media Player, VLC media player, etc.)
    • Added a notification and ability to restart an application when the user updated its exploit mitigation settings.
    • Added ability to remove exploit mitigations from configured applications.
    • Added tray icon to summon the main user interface, scan the computer or check for updates.
    • Improved detection of uninstalled applications so that they are no longer listed under ‘Your web browsers’ or ‘Your applications’.
    • Improved the software radar to also detect 64-bit applications with 32-bit registrations; e.g. WordPad on 64-bit Windows is now correctly recognized.
    • Improved detection and blocking of malware downloads initiated from attacker-controlled memory.
    • Improved support for the Opera web browser, including Opera Next and Opera Developer.
    • Improved compatibility of ‘Active vaccination’ with installed applications.
    • Enabled the checkbox to ‘Perform malware scan after installation’ on the Install dialog.
    • Solved input lag that occurred in games like Battlefield 4.
    • Solved compatibility issue with some 64-bit security software, like Emsisoft Anti-Malware.
    • Many small fixes and improvements.
    Remarks and known issues
    • Values of ‘Number of alerts’ and ‘Last alert shown’ in the main user interface are currently not available, but any exploit detection will be logged in the Windows Event Log.
    • Webcam Notifier works with webcams that use the Windows usbvideo.sys driver. Webcams using vendor specific drivers are currently not supported.
    • AutoIt applications like AdwCleaner show a warning when started. Temporarily disabling ‘Active vaccination’ in HitmanPro.Alert allows the AutoIt application to run.
    • The checkbox ‘Show border around applications’ under ‘Safety notification’ is currently checked and locked on purpose.
    • Sandboxie and Norton Security with Backup version 22 (BETA) can interfere with the drawing of the notification border around protected applications.
    • Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
    • Malwarebytes Anti-Exploit is currently incompatible with HitmanPro.Alert, but our Exploit Test Tool is compatible.
    Download
    http://test.hitmanpro.com/hmpalert3ctp2.zip

    Installation notes
    If you're already running CTP1, you must first uninstall CTP1, reboot the computer and then install CTP2.

    NOTE: HitmanPro.Alert 3 CTP2 is pre-release software and should NOT be used in production environments.
     
  6. caiusilus

    caiusilus Registered Member

    Joined:
    Feb 14, 2013
    Posts:
    35
    Location:
    France
    Just installed and after reboot no more error notification (System Event Notification Service) when login to Standard User Account :):):)
    Seems to work very well :thumb:
    I think HMP Alert should replace Malwarebytes anti exploit in my current setup ;-)

    Thanks a lot :)
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    644
    Both Vista 32 and W7 64 no problems during installation version 3.0.12.73 CTP2.
    Vista 32 bits: performed a scan after installation.
    W7 64 bits: no scan after installation.
    Sometimes keyboard encryption works and sometimes it doesn't.
     
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    644
    With Vista 32 bits and 3.0.12.73 CTP2 there's still a problem with Sandboxie both version 4.12 and beta 4.13.1. After uninstalling 3.0.12.73 CTP2 Sandboxie works fine.
    No problem with Sandboxie, 3.0.12.73 CTP2 and W7 64 bits.
     
  9. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    61
    Vista 32 no problems during installation version 3.0.12.73 CTP2.
    Vista 32 performed no automatic scan after installation.
    After requested reboot also no automatic scan.
    First manual scan aborted, CTP2 restarts scan automaticly.
    Second scan normal end. Using HitmanPro 3.7.9 Build 221
    Nirsoft appcrashview.exe report of aborted first scan hereafter:

    Version=1
    EventType=APPCRASH
    EventTime=130507841040862849
    ReportType=2
    Consent=1
    UploadTime=130507841072686849
    Response.BucketId=377450659
    Response.BucketTable=17
    Response.type=4
    Sig[0].Name=Naam van de toepassing
    Sig[0].Value=HitmanPro.exe
    Sig[1].Name=Versie van toepassing
    Sig[1].Value=3.7.9.221
    Sig[2].Name=Tijdstempel van toepassing
    Sig[2].Value=53c38cd9
    Sig[3].Name=Naam van foutmodule
    Sig[3].Value=HitmanPro.exe
    Sig[4].Name=Versie van foutmodule
    Sig[4].Value=3.7.9.221
    Sig[5].Name=Tijdstempel van foutmodule
    Sig[5].Value=53c38cd9
    Sig[6].Name=Uitzonderingscode
    Sig[6].Value=c0000005
    Sig[7].Name=Uitzonderingsmarge
    Sig[7].Value=002392aa
    DynamicSig[1].Name=Versie van besturingssysteem
    DynamicSig[1].Value=6.0.6002.2.2.0.768.3
    DynamicSig[2].Name=Landinstelling-id
    DynamicSig[2].Value=1043
    UI[2]=C:\Program Files\HitmanPro\HitmanPro.exe
    UI[3]=HitmanPro 3.7 werkt niet meer
    UI[4]=U kunt online naar een oplossing voor het probleem zoeken.
    UI[5]=Online naar een oplossing zoeken en dit programma sluiten
    UI[6]=Later online naar een oplossing zoeken en dit programma sluiten
    UI[7]=Het programma sluiten
    State[0].Key=Transport.DoneStage1
    State[0].Value=1
    State[1].Key=DataRequest
    State[1].Value=Bucket=377450659/nBucketTable=17/nResponse=1/n
    FriendlyEventName=Werkt niet meer
    ConsentKey=APPCRASH
    AppName=HitmanPro 3.7
    AppPath=C:\Program Files\HitmanPro\HitmanPro.exe
     
  10. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    553
    Nice!

    Installed CTP2. Works fine so far (in combination with Emsisoft).
     
  11. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    476
    Location:
    The Netherlands
    Opera gets now the flyout and green border. :thumb:
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,538
    Location:
    USA
    Yes, I'm seeing the flyout with Opera too. There are other improvements:
    Icon in the Taskbar Notification Area :thumb:
    The Nexus toolbar loads when Active Vaccination is enabled
    There are no longer ghost entries for uninstalled browsers

    Still seeing blank/white icons for apps on Windows 7x64 (see screenshot in message #1904).

    Something I'd like to see eventually is multi-monitor support, eg green border around browsers in screen 2

    Over all excellent update!
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,552
    Location:
    Among the gum trees
    Up and running great here.

    Nice one!

    :thumb: :cool:
     
  14. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    553
    Bummer: the 64 bits version of iTunes crashes at start up (when accessing the iTunes Store) with HPA3 CTP2 installed, even if I disable all protection HPA offers.

    (No problem with 2.6.3.77)
     
  15. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    449
    Location:
    Hengelo
    Thanks for reporting. I was wondering, what version of Windows are you using? Have you tried disabling 'System vaccination'?
     
  16. TS4H

    TS4H Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    522
    Location:
    Australia
    This is coming along very nicely. No issues and its great to see a tray icon. Brilliant work :thumb:
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    449
    Location:
    Hengelo
    I've been investigating this but I am unable to replicate the mentioned crash with iTunes and Alert 3 CTP on 64-bit Windows. I do know about a potential issue between EMET and iTunes (http://social.technet.microsoft.com...93e1/emet-41-update-1-itunes-store?forum=emet) so besides the version of Windows you are using, could you let me know if you have any other security software on the machine that I can check? Thanks!
     
  18. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    61
    Try EMET 5 Tech Preview
     
  19. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    449
    Location:
    Hengelo
    Can't find any issue with EMET 5 Technical Preview 3, HitmanPro.Alert 3 CTP2 and iTunes, all on the same 64-bit Windows 8.1 -- works great. I hope XIII has some more details for us.
     
  20. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    553
    • Windows 7 Home Premium x64 (English)
    • Emsisoft Internet Security 9 (beta build)
    • EMET 4.1 Update 1
    • Malwarebytes Anti-Malware Premium 2.0.2.2012
    • Sandboxie 4.12
    • Zemana AntiLogger 1.9.3.525
    • CryptoPrevent Premium 6.1

    Found an event 1000 in the Windows log files that might be useful:

    Code:
    Faulting application name: iTunes.exe, version: 11.3.0.54, time stamp: 0x53bc1265
    Faulting module name: hmpalert.dll, version: 3.0.12.73, time stamp: 0x53d26b6d
    Exception code: 0xc0000005
    Fault offset: 0x000123ec
    Faulting process id: 0x654
    Faulting application start time: 0x01cfa84b23bf21ae
    Faulting application path: C:\Program Files (x86)\iTunes\iTunes.exe
    Faulting module path: C:\Windows\SysWOW64\hmpalert.dll
     
    Last edited: Jul 26, 2014
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you download procdump from Sysinternals and run it from command prompt:

    procdump -ma -i c:\dumps

    Then start iTunes, watch it crash and send the dump (via wetransfer.com) to erik@surfright.com.

    Link: http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx

    Thanks :thumb:
     
  22. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    553
    That generates a 300 MB file... (which compresses to about 78 MB with 7-Zip)

    I'm a bit uncomfortable with what might be included in that file (entire memory dump, so possibly also personal data from online backup service running in the background?).

    Are there other ways to help sort this out? (I will first check on another PC this weekend; identical hardware but less protection software running)

    If not, I might try to reproduce it tomorrow on my PC with less programs active, so I'm more comfortable with the dump.
     
  23. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    61
    Erik, in CTP2 (CTP1 never used) I see two hmpalert.exe in my task manager coming from the same place. Is that OK
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes that is normal. One is the service, the other is the tray icon. If you start the management GUI you'd see another one.
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The dump only contains memory from the iTunes process. So it does not contain other process memory like the stuff you mentioned.

    If you can, compress it with a password, send it via wetransfer.com and send the password via direct email.
     
Loading...