HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Of course Victek, and thanks for your advice. :)
    Not forgetting Active Connections also...
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Thanks!

    As soon as final stable version 3 is out Webroot will whitelist HMP automatically.
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Thanks @shadek or I could always get some whitelisting done in the meantime, hopefully. I haven't taken a look at any WSA scanlogs for this yet.

    edit: on checking yeah, both the hmpalert.sys and the hmpnet.sys drivers need whitelisting ideally.
     
    Last edited: Nov 30, 2014
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,913
    Location:
    Outer space
    Yes, once Alert 3 is released, you'll be able to use the paid features with you HitmanPro license.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    Does this belong to HMPA c:\windows\system32\conhost.exe "-229208061919898010-18463975781924818821-1620140479-1831381111-3801501221002492504" I received a prompt from VS to alllow, or deny it. I have never gotten this prompt before. I just installed the latest beta of HMPA so I figure maybe it belongs to it. I was away from my computer for several hours before I was able to choose allow from the prompt. I went ahead, and whitelisted it. I hope it temporarily being blocked does not cause any adverse affects for HMPA.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I googled it, and it is a windows program. Off hand doesn't appear to be HMPA related. Erik may shed more light on it.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    conhost.exe is definitely a windows program, but I think HMPA is using it. Sorry, I misstated my question Pete. I should have said is HMPA using this for something c:\windows\system32\conhost.exe "-229208061919898010-18463975781924818821-1620140479-1831381111-3801501221002492504 I'm not sure about the last part after conhost.exe. Maybe it does belong to HMPA. It's above my understanding without further researching it. I will just wait on Erik to enlighten us.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Its 100% not part of Alert. I have no idea what this is.
     
  9. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
    I'm just gonna quote this:
    Source: https://superuser.com/questions/368096/multiple-instances-of-conhost-exe

    If you want to read more about the technical background of "ConHost.exe", read this:
    http://blogs.technet.com/b/askperf/...ws-7-windows-server-2008-r2-console-host.aspx
     
  10. niki

    niki Registered Member

    Joined:
    Jun 9, 2010
    Posts:
    365
    Thank you very much BoerenkoolMetWorst for your info. :thumb:
     
  11. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    Thanks! I have not ideal why VoodooShield is just now prompting me about then. Strange.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,132
    Location:
    Baden Germany
    I'm sure it has been answered before, but can't find the answer anymore...

    How to reset the number of alerts in HitmanPro.Alert CTP4 , without deleting my license ?
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    Where are the log files for HMPA? I can't find them, and I don't see any logging inside HMPA GUI. I only see number of alerts, and it list nothing there. I think I had a false positive last night with Media Player Classic.
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    All logging is done in the Windows Event Log.
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,269
  17. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    I would suggest HMPA having it's own log. Its tedious having to wade through all the other recorded events from all the other applications.
     
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    I filtered by application, and looked through all the blocked events from HMPA. HMPA did not record the blocked exploit it detected with Media Player Classic. The log is just full of entries from HMPA saying HMPA failed to update, and that it will try again in 120 minutes. HMPA needs better logging so valuable information can be recovered for the developers. It really helps to improve a product.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    For the developers the logs seem useful. If I got FP alerts, I immediately go there and capture the logs so I can send them to the developers. That seems to be what they need
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    Yeah, they need to have their own logging. If they had their own logging I would have been able to collect needed information.
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,132
    Location:
    Baden Germany
    I filtered the logged events and deleted all HitmanPro entries.
    Now the alert counter is reset to 0.

    THX for the advice.

    I would prefer to have it manged within the HMP.Alert UI.

    The reason for lots of alerts was a self compiled AutoIt Script, and a script for some DISM actions.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    My experience was the logs did not capture the blocked exploit which I believe to have been a false positive. I just wanted to get the information about the blocked event to them, but I can't since it was not recorded in the Window's Event Logs. I just wanted to be able to contribute something towards HMPA's development.
     
  23. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,696
    Location:
    USA
    Should HMPA give a different alert to inform the user that IE is being protected vs Firefox. HMPA says it protects this application from exploits when I open IE. When I open Firefox it informs me that it protects this Browser from exploits. The alert is different. It makes no difference to me, but I thought I would report it in case they want to keep things uniform. Is this the same behavior other users are seeing?
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you post the screenshots with the difference? Are you running CTP4 or the private build I sent you last week?
     
  25. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    49
    Found a new bug/conflict with Adobe Reader and BullZip PDF Printer. When I went to print a PDF from adobe using BullZip it gave me a ROP mitigation. @erikloman I can send the log if needed
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.