HitmanPro.ALERT Support and Discussion Thread

I had this once in the lab. I was unable to narrow it down and deemed it as a single incident.

If you reboot the problem should go away. If not I would like know how this problem can be triggered.

 

Logoff will also fix the slow-down. I can trigger the problem everytime using my fileman. I sent you the dump.

Back to my other question - will there be a feature or is it possible to temporarily disable CTP4?

 

You can disable features in the Advanced interface. Switch to it using the Gear icon next to the minimize button.

 

I understand that specific items can be disabled. I meant completely disable HMPA. When I kill the tasks, Alert starts itself again. I just had my 3rd BSOD. Let me know if you want the dumps. I will be uninstalling soon, unless you need me to do some tests for you.

 

Yes. Send me the dumps. The uninstall because it is not working for you atm. I will try to analyze the dumps and come up with a fix.

 

If you don't find anything in the dumps, I can send you the exe file that causes the OS slow-down when alert is active.

 

Congrats with the new release.

About "Application Lockdown", is this comparable to "anti-exe" (white-listing), or is it more intelligent?

About "Network Lockdown", can you tell a bit more about this? Is this protection against malware that is already running?

 

Erik,
FYI, CTP4 leaves about 90% of the reg entries and files on the system after running uninstall. A lot more stuff than with CTP2

 

The product key that I got for testing (and which was accepted by CTP1, 2, and 3) is no longer accepted by CTP4, while it is valid until July 2015 according to HitmanPro.

If I try to activate this key in CTP4 a dialog "A generic error occurred." pops up.

On the bright side: no more iTunes crashes.

 

Files are removed after reboot. I agree uninstall needs to improve.

 

Its totally not whitelisting. See release notes in the PDF in the zip.

 

Sorry, my mistake; apparently I did not reboot after uninstalling HPA2 and somehow I seem to have started HPA2 again by running the HPA3 executable?

After a reboot the product key was accepted.

 

View attachment 244644

As an info, after reboot these files are still present

Code:

HitmanPro.key
HitmanPro.lic
excalibur.db
excalibur.db-wal
hmpnet.sys 

Plus these Reg entries

 

Uninstalled MBAE to give newest version a try, no problems so far.

 

Well..Exploit Mitigations worked for a few hours, now it says no license.

 

@erikloman and @markloman Please check PM for the logs

 

Hi erikloman

v90 CTP4, Administrative Events could get filled with these errors [cleaned up with bat] :-

Take Care
TheQuest

 

Do you have a dump of those crashes?

 

Got them thanks!

 

HMP.Alert CTP4

Win8.1x64

(1)
This issue is still present

(2)
After a longer time or after wakeup from StandBye Firefox and Thunderbird (both running in Sandboxie Sandboxes) don't have an internet connection any longer. Killing of those processes via TaskManager or ProcessHacker isn't possible.

Going to try if Sandboxie is the probelem or which mitigations are the problem.

Edit: Event viewer shows the same entries like @TheQuest for those times where it happened.

(3)
One BSOD this mornig (after browser disconnection issue). I can upload minidump and kernel memory dmp (800 MB) somewhere if needed.

 

Would like the dump. Please send zip via www.wetransfer.com to erik@surfright.com

 

on the way

 

HitmanPro.Alert 2.6.5 can totally disabled by stopping (temporarely) the service. Try this in ctp4
Erik, is this allowed manner in ctp4 and also for the future ?
Adric, follow this please.

 

Just tested this on W10 TP 64-bit,it looks like the issue hasn't been fixed.