HitmanPro.Alert BETA

Yes, same issue, issue has been addressed, I expect a new RC early next week.
For now disable CookieGuard (during browser startup).

 

Naam van toepassing met fout: hmpalert.exe, versie: 3.8.24.957, tijdstempel: 0x64412bb3
Naam van module met fout: ntdll.dll, versie: 10.0.19041.3570, tijdstempel: 0xf0fc3229
Uitzonderingscode: 0xc000000d
Foutmarge: 0x00104ac4
Id van proces met fout: 0x784
Starttijd van toepassing met fout: 0x01da065250971f3c
Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll

 

Did it record a minidump by any chance?
C:\Windows\minidump or in C:\Users\<UserID>\AppData\Local\CrashDumps

 

Negative.

 

Another one (no minidump either):

Naam van toepassing met fout: hmpalert.exe, versie: 3.8.24.957, tijdstempel: 0x64412bb3
Naam van module met fout: webio.dll, versie: 10.0.19041.3031, tijdstempel: 0xc9c79e26
Uitzonderingscode: 0xc0000409
Foutmarge: 0x000522fd
Id van proces met fout: 0x778
Starttijd van toepassing met fout: 0x01d9be091607fdc3
Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pad naar module met fout: C:\WINDOWS\SYSTEM32\webio.dll

 

Log about Sandboxie Plus and Hitman.Pro Alert.

https://www.wilderssecurity.com/threads/sandboxie-plus-v1-11-3-v1-11-4.452487/page-4#post-3172487

 

I'll see if I can trigger this on Win10 with Sandboxie Plus.

 

Can you download this sysinternals tool http://live.sysinternals.com/procdump.exe
Create a folder c:\dumps, place the procdump.exe in there, open an administrative command-box and execute the command below:

c:\dumps\procdump -ma -i c:\dumps\

then reproduce the issue, this should record a memory dump of the crashing process.

If you want you can reset your Just in time debugger
procdump -u

 

Do you want me to revert to build 957 beta or the latest beta 967?

 

just stay on 967 and see if it records crashes, it just sits in the background and only kicks in when the windows crash handler has something to do.

 

Will report back if a crash occurs. I should check the logs daily…

 

No luck yet. I’ll let procmon run a couple of days.

 

I hope you installed procdump

 

No worries.

 

HitmanPro.Alert 3.8.25 build 967, Windows 11 23H2, Luminar Neo software (Skylum) will not launch unless C2 interceptor is disabled
Is there a way to disable specific mitigations per specific software?

Thanks

 

HitmanPro.Alert 3.8.25 Build 971 (RC3)

Changelog (compared to 967)

• Fixed CookieGuard False positive on "chrome.dll"
  
• Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
  
• Improved KeyboardGuard compatibility with ESET protected browsers
  
• Improved HeapHeapProtect tweaked a few things to reduce FP's

Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b971.exe

Please let us know how this version runs on your machine
We're planning to promote this build to Stable if results are good in the coming week(s).

 

Can you try this:
https://support.hitmanpro.com/hc/en...nPro-Alert-is-installed-how-can-I-solve-this-

And can you provide a download link for that software so we can see if we can reproduce and/or improve something in this scenario.

 

No problems upgrading build 971. I'll report back if a crash should occur.

 

HitmanPro.Alert 3.8.25 build 965

Download Link:
https://skylum.com/luminar-download

As for exclusions, I meant is it possible to exclude a specific mitigation (c2 in this case) per app,
Also, if I try to exclude a UWP app, HMPA (just updated to 971) populates it with a very short partial list - not all my UWP apps (shows Windows settings and a few other Windows components)

Thanks

 

Is it so properly protected?

 

If you open the logger then switch to the browser and start typing there, the keystrokes should show up scrambled bottom right in the orange bar around the browser.
And in the logger they should not be clear text. Unless you have ESET installed then it's up to ESET to protect you on that.

 

Thanks we'll have a look as to why this happens.
There are two scenario's, we trigger an alert on an application that one you can solve by using the suppressed alert (which is way tighter then just disabling the full protection against the offending application).
BUT if there are application crashes/won't load issues there is no way to "disable" a protection for that application because that won't solve the problem, 99 out of 100 cases the application conflicts in such a way that even implementing that option won't work, so we'll have to put it on exclusions for now (or disable C2 globally) depending on your risk level. We'll see if we need to make a code change or that it gets put on the incompatible list.

 

Autoupdated from 967 yesterday, everything fine so far

 

Can you confirm this has improved and/or fixed?

 

I don't send many emails now days, but in my very limited testing I haven't seen the garbled text with the latest build.

Thanks.