HitmanPro.Alert BETA

No problems upgrading build 979. Removed the suppress alert for the XTUService. Will report back if a mitigation would occur.

 

Thanks Ronny, got it.

I've unsuppressed the alert and will let you know the result.

 

Today I tried to update some installed software (Edge and some VC++ components) using WingetUI (which uses gsudo under the hood), but HitmanPro.Alert prevented the installation.

Is this common behaviour and should I exclude WingetUI/gsudo (how?), or this that specific to this RC1?

 

Yes common, GSudo does privilege escalation (elevate to admin), you'll have to whitelist the Gsudo alerts

 

Several system restarts and, so far, no alerts from HMP.A. I shall continue to monitor the situation.

 

Hello, do you think 50%, 60% discount for Valentine's Day?

 

HitmanPro.Alert 3.8.26 Build 983 RC1

Changelog (compared to 979)

• Added UI - EventLog - Clear event data dialog, use right mouse click on "Last events"
• Added UI - EventLog - Show only Suppressed events
• Added UI - EventLog - Copy details to clipboard button
• Added Several code preparations for upcoming changes/additions
  
• Fixed Exclusions - UWP exclusions browser for Windows 11
  
• Fixed BSOD - CryptoGuard5
  
• Improved HeapHeapProtect
• Improved SoftwareRadar - No longer removes UWP Exclusions at startup
• Improved PrivGuard - Now also prints the current and expected userSID's
• Improved Kernel32Trap
• Improved SyscallX64

https://dl.surfright.nl/hmpalert3b983.exe

Please let us know how this version runs on your machine

 

Thanks Ronny!

 

No problems upgrading build 983. Handy new EventLog-features.

 

+1. ESET has fixed an incompatibility with HitmanPro.Alert.

 

No problems here with Build 983.

 

Hi Ronny,

It took me a while to make the connection, but I had to uninstall HitmanPro.Alert 3.8.26 Build 983 RC1. I was getting BSOD's every time I downloaded a file to my computer through a browser. I tried both Chrome and Firefox. Since uninstalling, I have not had any more BSOD's. Let me know if you would like any of the mini crash dumps Windows created.

 

Yes please that would be very helpful, haven't had any other BSOD reports.

 

Code:

Mitigation   SysCall
Timestamp    2024-04-13T11:04:58

Platform     10.0.22631/x64 v983 af_61
PID          36736
Feature      00FD2E70000000A2
Application  C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\P5R.exe
Created      2024-04-05T18:25:12
Description  P5R.exe

SecLvl: 1
Direct Syscall originating from: 000000014C12FA42 (C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\P5R.exe)

*** ImageBasedCaller ***
ProcessName: C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\P5R.exe
No hashes available
OwnerModuleName: C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\P5R.exe
LoadedModuleHash: 0xc4dcdeb1
No hashes available
OwnerModule is not signed
Current process is not signed

0x000000014C12FA42  488d6424f8               LEA          RSP, [RSP-0x8]
                    4151                     PUSH         R9
                    4c8d4c2408               LEA          R9, [RSP+0x8]
                    4d8931                   MOV          [R9], R14
                    4159                     POP          R9
                    9c                       PUSHF       
                    4883c4f8                 ADD          RSP, -0x8
                    48891424                 MOV          [RSP], RDX
                    49c7c6b51d0fa2           MOV          R14, 0xa20f1db5
                    4d8d36                   LEA          R14, [R14]
                    4981ee4c700fa2           SUB          R14, 0xa20f704c
                    4981ee5870feff           SUB          R14, 0xfffe7058
                    4883ec08                 SUB          RSP, 0x8
                    488d1424                 LEA          RDX, [RSP]
                    4155                     PUSH         R13

----- SNIP HERE -----
AABlAQDwEkwBAAAAQvoSTAEAAAAA8BJMAQAAAABgNgCB8w+i//9JweYgSQHeTInzSCHeTIs0JEjB3jBIiRQkSDHaSDHTSIsUJEiJNCRQSInYSL4AAAAAAAAA/0gJ8EgB80gpw1heiFFyRIiJTgEAAEFXTI25+QAAAE2Nv/w2clRFiJcEyY2rQV9TSI2ZPvL7P0SImyoQBMBbQVZIwcs4+FFJic5JgdbWiG30SYH+1oht9EyJ8UiNierRh6qIgeOmCmFZQV5AiHksQIixkAIAAIiZ3AEAAIiR7wMAAEiNkW4CAABIjZJOD6LDRIiKsvBdPEjHwgBxIE5IjRQRRIiRGAMAAESImnGS37GIgRwCAABIjYESrKraSI2QGVRVJUCIuQYBAABAiLHVAAAASIHq7DsPooia7DsPoinATInCSIHqlA+iwyuCnA+iw0iNZCT4SMfCHo7X2vfYSDMUJEiBNCQSjtfaSDMUJEyJDCRJx8FNew+iSQHQSI2RMAQAAE6NDApJjZH6nhp+QVlMiYK55dXfSI0Vx1d7A1GcU0iNHMJIgcMLeUmHSIuL9Ya2eFudSIcMJMPHZi4PH4QAAAAAAEjHwKpyD6JIjQQBRIqAbJDwXUHBwBi4AAAAAIqBFQQAAIqROwIAAA+20kSKiSIDAABFiMlFMdJBwcEYQYDiAEQqkRUDAABB9tpEipmwAQAAQcHLCEHB6BhBwekYQcHrGECKsTICAABAirkfAQAAVsHHGL6+1A+igfa+1I9dIfdenECI9sHGGMHuGJ1Twd8YUUiLHQEFRAFIi4t94iz6SMHBNkiB6fUpQOhIictZSCHfSIscJEyJNCRVSMfFAAAAAEjB1zhIweUgSIH1//8AAEmJ7l1MIfZMizQkSMHGC0iJPCRIwc43SPcUJEjBxiVIwcY3SDH+SIP3/0gx/kgjNCRI99ZIiQwkSMfBAAAAAEjB4SC/////AEgxz0yJ2UkJ+0gx+b//////SSnLSIsMJEyJPCRJx8cBAAAAScHnIEiNZCT4ScHLGEwx/0G/h5+YkEiJHCS7aa2bU0EPpN8KwfsQD4vdqVD7QYHvwEpFvUGB92xGUJMPiVNbpvdbSQnTSDOUJBz6//9IKRQkTCnaSAEUJFoxwoHiAID//0G5AAAA/8HaEEGJwEH32IiBqAMAACn/RCnHRCHPSI2xbwMAAMHHCEiB7jl6tmaIoRsCAACIljl6tmZNMdJIic5IgcaA5A+iQIi+uR7wXUwDkTAEAABXSI20JDARy0dI99dIIb7Q7jS4X0ELOk2Nmo4N0upJjZOXD6LDScfDAAAAAEj32EiNst/ii1FIibEwBAAASAH4TTHASSnDTInYSAHHQVBIvv///////wAASSHASDEEJEwDBCRJwcgVScHABUg5x0kh8EiLFCRIicJIiRQkTDOMJKD6//9MMchIx8f/AAAAuv////9JMcGcSMHnIEgx151YnEG75URGSinSRCnaQcHrEvfaUUSJ2cHiDiHRQQHTQSnLQcHrDVkPia7PKfq6rDSUi1JEM5wkGPr//zOUJBj6//9BMdNaRA+k2gMPgn3XJvydVMicRwEAAABIjWQkCJxWSPfeTI0kJEFUSPcUJEj/zkiBJCQEvmYlSYH0BL5mJUi//v////////9I0RQkSCE8JEjHx0/j/rZMKyQkSI1kJAhJjTw8SCG3tdpnbr88kPVtvoQ5ZriB7v1plpsDPQgYjPjB7hdBif5EKfZWSL4RjtNRAQAAAEiHNCRwAsM7SI1kJAicQVNJ99NMIRwkQVtBgcvZBqPtnWdFjZsAtYTARRneQVVEiyVyf8MAZ0WNpCTByBkETI0tFtbx90FSRRnmTI0VLhifAkQR9k0PS+pBWkyHLCTDxkwp9UkPpOocScHiJEwPpNUcSIluCEFTSI08JEiNv/MPosNJ99NBvKYPgsJMIZ8N8F08TIscJEQLJexiV/ldRInngecIE8RAQYn9TDOeGAEAAEQLLUVg/AhIjWQk+EUpyUyJHCRECSwkRDO0JIT6//9FCdlFMelIjWQk+EQDHCREATQkRCscJEH33kUp7kH33kyJNCT3HCRFOe5EKxwkSI1kJAhBvf///39EKxwkRSHrQdHTSI1kJAhFKcNFAchFAcNMiZ4YAQAASIPE+EiJBCRIjQWDyG73SIcEJMMxU8iHDAAAgP9IjWQk+EFUScfEvU4Pok6NZCQITYm8JEOx8F1MiyQkScfHVl0PokiJFCScUkj30kghFCRaSIHCQA31/kmNFBdMjbqOMQNfVr48mgxSgfZeXn07ul3RmXVnjZLYFnftGdYPjYb5ofm6vpqxCxnWgeq6yvYOD4lXzbz/Xp3B1hkPgmmD3QRBv4QwLadED6T+EoHWUnnVlA+K32Bp/EFfSIs0JEiD7PidDjI7zP////9OnZIhAAAAALB38F08AAAAAEiNLCRIja2WJ4l9TIu1ath2gkiNZCQISIssJEyJHCRMjR0brg4ATIccJMP/v3bz2vP//w8fAEiNZCT4TIk0JEjHxSUCD6JIjWQk+EiB7UH8DqJJietMIfVIiTwkTTHzSNHlTAHdSSnuSInnSffeTCn3nE0x9kgPvxXKBKgFSIHqmQpmS0j32kkp1kmD9v9Jg8YBSYn6SYHCW1V9fE2JsqWqgoOdSIs8JEiNZCQITIs0JEiNZCQInEgx9kgzt5AAAABNMdtMMx6dnEiDxPhIiQQkScfCyTsPokiDxPhIiQwkTCsVwZSq/E2J1kgxwEwzNfeo+QlJAc5MKfFI99lIMwQMSIsMJEiD7PhI99BIx8bblnbfSCM1Hzn3CVBIiQQkSCE0JEgJ8EiLLCRI991MiRwkSPfQSCnoSQnDSCEEJEwrHCRIjWQkCEiLBCRIg8QInUyJX2BIKe1IA68gAQAAix0tdFMKZ42bk9djfffVVYksJAnd99UhHCQDLCRIjWQkCEiJryABAABVSI0tR6KqCUiHLCTDO0iJ+kgzlrgAAABI0dpIE764AAAASNHfSAHXSNHnSIn9SDHvSCnvTAHXSPffTI0PSYHBxZQjXUmBwTtr3KJNjSlJgcXNRvYOSY2tM7kJ8UiB7b8W+2FMi42/FvthnZxIg8T4ScfG5A+iw/lIiQwkSIPcB0iNHCRIgcPYD6LDTImLKPBdPEyLrCSE+v//SI1kJPhMMywkSIM0JP9MMywkTTHpSYHGeOpdPEn31kiNZCQISYPx/0FRTDM0JEiNZCT4SMcEJP////9IjRQkSI2S2FHSeEwpsiiuLYdMhzQkSI1kJAhNMfFIjWQkCEG66CZB4Lv///8/QcHKCkG/bxYaeUEh30HB1wNBgd/B2anrQcHvEFEPhOj+//9Bwc8eQcHPCkGB7wHGwndBwecMTIsl4ZhYAUiNLbBwNAVJD0fsVcOpSI2bEP/OBEiNh62UzA/5SImY+2sz8EiD3AdMjTQkSYHutw+iw0mJlrcPosNIjRXzbUr/SIHCGz9OBkiHFCTDPVQPBUiNZCT4QVFMjUwkCE2JMUFZnEiDxPhIiRQkScfGtR0Pok2NNkmB7kxwD6JJge5YcP7/SIPsCEiNFCRBVUiB6tFzFilMjar3hIMnuiPGBcTBwgZJiZ3a7pIBQV1VgeIfrYTlvYc2bAXBxQyB7egrC4pBU8HtFEyLHXyom/hIjS3P7pb3TA9C3UH/42dBu5L75CtBgcvK5ohCQVdED789jFby/UGB9zTdNNBEif1BX0EPpOsVQYHjTW23lw+Ji3v7B0FbXUiNZCT4SIkcJEiLHbp8hftID0IdunyF+0iHHCTDqYHyAW3uboHyAA+iw4HyXbBdmkFVQb0xLZGpZ0WNrSTY/lBEEepMiywkwdsVSIkUJEi62iaWVQEAAABIhxQkeALDO0iNZCQIW0iLFCRIg+z4nUiD8P8PldCIwEjByAhJx8FqpsoMSMHoOE2JxUiNZCQIT41MDQBNjal/RUWVSYmF9xTwXUiDxPhIixwkSInLSIkcJEiNDWOFUPZIhwwkwzFNKexMA65oAQAATQHsZkGLFCRBuQCA//8PpNIQRCHKwdoQnZxJx8cRKA+iSYHHmozQJ0iNZCT4SI0sJEwp/UyNvXyQ/jBNiacvJOGYaIvRrHBIjSwkSIHtT3xTVUiBBCQW8t7AQb/2fvSlSImNT3xTVUiD4QBBvgI1tHZIMeG7ci3+9UQjPbcgtAZBUkEh3kUB/sHTDkm6iWA2RwEAAABMhxQkcwLDO0yNLbos1Q7B0wdIjRXP150ERA+s8xxIgeqsD6LDQb9AGGBCSI0FPyvVDkiNZCQIRAu6rA+iw0UJ/kkPS8VMK7Qk3Pr//0j32Ewp8Ej32EmBxnOdOQVMKfD/4DuB2vRGAQAAAEiNZCQISDO8JCD6//9XQVRJifxMKedMKedI99hBXEgp+Ej32EiLPCRMiSQkTDOkJPT6//9MKedJAdT4TBHnQVxIKchRSAH5SAHISIsMJPlIiQQkSP/ITBHASSnASIsEJEwpyEFQTCsEJEkBwUwrBCRIjWQkCFhWSI1kJPhI995I/85MiTwkTI18JAhJITdBX15QSAOUJLz6//9ICcZIKdBIAcJIiwQkSCHHSDH4SAHHWEFWnE0p9kkxzk2Ntsz6M8CdQYiGcAXMP0yLNCRIjWQkCIihIAMAAEjB2BBBUkm6////////AABI99BBUkj3FCRICwQkSI1kJAhMixQkSIk8JEj30Ei/AACA//////9JIfhIizwkScHYGEjHxwAAAABIwecgQVNNictJweMgScHpIFdNMdlBu/////9MIRwkSNEkJEwB30grPCRIjWQkCEFbSSH5SIs8JEiJLCRIvQAAAACA////SCHuXUFSSboAAAAAAID//0jB3ihMIdJBWkFUSbwAAAAAAACA/0jB2jBMIedMiyQkSIkcJEiNWQZIjZuOlz+qSMHfOIiDcmjAVUiNAVtEiIElBAAASAX2NDGZRIiILs3OZkiNgSMDAABIjYCcUw+iQIiwZKzwXUiNgTAEAACIkUMDAABAiHltSIsASI1kJPhIiRQkSPfSSCEUJFoDEEiNZCT4TIkEJEnHwA5+D6JJgeD1AaBBTAHAnEFQSffQTCEEJEFYTDNEJAidSI1kJAhIiYEwBAAASI0FsJPDAP800MPHZmYuDx+EAAAAAABIjWQk+EiJHCRIjWQk+EgzHCRJg+EASIM0JP9IMxwkSI1kJAhIx8f4uLDBSI08PEiNjwhHTz64+dBgykiNicMPosNIIZk98F08iw2c/j0DwcALgfH8hxTdQYnMRYniW0H30kQjFTAmnvpB0eJEMyUmJp76SYuIAAEAAEgBy0Up1EWJ47nWKctcwekCuvrIxv7B6gyB8p+swD9BvS+Du1lEGeoPgbP+oAFEGerByhVBUEEJ1UyNBRUAAABBUUyNDb1oEghND0jBQVlMhwQkw41I9xQk/zQkTSnESffUSffUSIHyn6zAP0G9L4O7WUQZ6g+Bs/6gAUQZ6sHKFUFQQQnV
----- END SNIP -----

Loaded Modules (42)
-----------------------------------------------------------------------------
0000000140000000-00000001579B3000 P5R.exe (),
                                  version:
00007FF9CED70000-00007FF9CEF86000 ntdll.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CBBE0000-00007FF9CBD29000 hmpalert.dll (Sophos B.V.),
                                  version: 3.8.26.983
00007FF9CE110000-00007FF9CE1D4000 KERNEL32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CC500000-00007FF9CC8A7000 KERNELBASE.dll (Microsoft Corporation),
                                  version: 10.0.22621.3447 (WinBuild.160101.0800)
00007FF9CE1E0000-00007FF9CE292000 advapi32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3296 (WinBuild.160101.0800)
00007FF9CE2A0000-00007FF9CE347000 msvcrt.dll (Microsoft Corporation),
                                  version: 7.0.22621.2506 (WinBuild.160101.0800)
00007FF9CEA90000-00007FF9CEB38000 sechost.dll (Microsoft Corporation),
                                  version: 10.0.22621.3296 (WinBuild.160101.0800)
00007FF9CC0C0000-00007FF9CC0E8000 bcrypt.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9CDAD0000-00007FF9CDBE5000 RPCRT4.dll (Microsoft Corporation),
                                  version: 10.0.22621.3447 (WinBuild.160101.0800)
00007FF9CC3E0000-00007FF9CC4F1000 ucrtbase.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CE450000-00007FF9CE543000 shcore.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CC2D0000-00007FF9CC36A000 msvcp_win.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CC930000-00007FF9CCA97000 crypt32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3447 (WinBuild.160101.0800)
00007FF9CEB50000-00007FF9CEB79000 gdi32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3085 (WinBuild.160101.0800)
00007FF9CC090000-00007FF9CC0B6000 win32u.dll (Microsoft Corporation),
                                  version: 10.0.22621.3447 (WinBuild.160101.0800)
00007FF9CC0F0000-00007FF9CC209000 gdi32full.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CE550000-00007FF9CE6FE000 USER32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CE700000-00007FF9CE731000 imm32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CE770000-00007FF9CE915000 ole32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CCBC0000-00007FF9CCF48000 combase.dll (Microsoft Corporation),
                                  version: 10.0.22621.3235 (WinBuild.160101.0800)
00007FF9CE920000-00007FF9CE9F7000 oleaut32.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9CCF50000-00007FF9CD7AC000 shell32.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9CEB80000-00007FF9CEBDE000 shlwapi.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9C5220000-00007FF9C54AE000 twinapi.appcore.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9C6EA0000-00007FF9C70F7000 d3d11.dll (Microsoft Corporation),
                                  version: 10.0.22621.3235 (WinBuild.160101.0800)
00007FF974DE0000-00007FF974E26000 dinput8.dll (Microsoft Corporation),
                                  version: 10.0.22621.1 (WinBuild.160101.0800)
00007FF9C95B0000-00007FF9C96A8000 dxgi.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9845A0000-00007FF98462D000 msvcp140.dll (Microsoft Corporation),
                                  version: 14.39.33519.0
00007FF9925B0000-00007FF9925CD000 vcruntime140.dll (Microsoft Corporation),
                                  version: 14.39.33519.0
00007FF9C5F00000-00007FF9C6036000 winhttp.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)
00007FF9C4310000-00007FF9C4804000 wininet.dll (Microsoft Corporation),
                                  version: 11.00.22621.2506 (WinBuild.160101.0800)
00007FF9C1270000-00007FF9C12A4000 winmm.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9B2570000-00007FF9B2595000 xcurl.dll (Microsoft Corporation),
                                  version: 2203.0.0.0 (WinBuild.160101.0800)
00007FF99B2A0000-00007FF99B2B1000 xinput1_4.dll (Microsoft Corporation),
                                  version: 10.0.22621.1 (WinBuild.160101.0800)
00007FF9BF4F0000-00007FF9BF4FC000 VCRUNTIME140_1.dll (Microsoft Corporation),
                                  version: 14.39.33519.0
00007FF9CBD80000-00007FF9CBDCE000 cfgmgr32.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9CBD50000-00007FF9CBD7C000 DEVOBJ.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9CB760000-00007FF9CB76C000 CRYPTBASE.DLL (Microsoft Corporation),
                                  version: 10.0.22621.1 (WinBuild.160101.0800)
00007FF9BBA20000-00007FF9BBC2A000 inputhost.dll (Microsoft Corporation),
                                  version: 10.0.22621.2506 (WinBuild.160101.0800)
00007FF9C8580000-00007FF9C86B4000 CoreMessaging.dll (Microsoft Corporation),
                                  version: 10.0.22621.3085 (WinBuild.160101.0800)
00007FF9CC8B0000-00007FF9CC929000 bcryptPrimitives.dll (Microsoft Corporation),
                                  version: 10.0.22621.3374 (WinBuild.160101.0800)

Process Trace
1  C:\XboxGames\Persona 5 Royal\Content\P5R.exe [36736]
   "C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\P5R.exe"
2  C:\XboxGames\Persona 5 Royal\Content\gamelaunchhelper.exe [35020]
   "C:\Program Files\WindowsApps\SEGAofAmericaInc.F0cb6b3aer_1.10.27.0_x64_USEU_s751p9cej88mt\GameLaunchHelper.exe"
3  C:\Windows\System32\dllhost.exe [16708]
   C:\WINDOWS\system32\DllHost.exe /Processid:{45BA127D-10A8-46EA-8AB7-56EA9078943C}
4  C:\Windows\System32\svchost.exe [1496]
   C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
5  C:\Windows\System32\services.exe [1304]
6  C:\Windows\System32\wininit.exe [1232]
   wininit.exe

Services
1496  BrokerInfrastructure
1496  DcomLaunch
1496  PlugPlay
1496  Power
1496  SystemEventsBroker

Dropped Files
1  C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.MicrosoftPCManager_3.3.19.0_x64__8wekyb3d8bbwe\Cache\dbf2fbc4191a8388.dat
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
2  C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.MicrosoftPCManager_3.3.19.0_x64__8wekyb3d8bbwe\Cache\dbf2fbc4191a8388_COM15.dat.LOG1
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
3  C:\ProgramData\Microsoft\Windows\WindowsApps\Microsoft.MicrosoftPCManager_3.3.19.0_x64__8wekyb3d8bbwe\Cache\dbf2fbc4191a8388_COM15.dat
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
4  C:\WINDOWS\INF\oem65.PNF
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
5  C:\WINDOWS\INF\oem66.PNF
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
6  C:\WINDOWS\INF\oem78.PNF
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]
7  C:\WINDOWS\INF\oem79.PNF
     Dropped by \Device\HarddiskVolume2\Windows\System32\services.exe [1304]

Thumbprints
7b9654157b36d7e72d23465986892914f3062328c0dc825bbcd0e158e659bf68 (pfn)
ad9c47993c7805903f7237686aa2e2bf66e3cc5681073849b5ef26fdab949742 (mod-pfn)

hitman pro alert block Persona 5 royal (microsoft store)

 

Hi,

This looks like an alert that should not have been raised, we'll have a look, in the meantime please use "Suppress Alert" from the Latest events log.

 

Thanks

 

any new beta?

 

HmP.Alert v983 causes a sandboxed Edge and Firefox to crash. Uninstalling HmP.Alert solves the problem. Using Sandboxie Plus 1.15.0 x64.

 

Mitigation CryptoGuard.

 

HitmanPro.Alert 3.20.2 Build 2017 RC1

Changelog (compared to 983)

• Fixed Autoruns BSOD
• Fixed CryptoGuard5 Memory leaks
• Fixed CryptoGuard5 Memory leaks
• Fixed CobaltStrike Double messages in report when in audit mode
• Fixed SyscallX64 Added caching to prevent hickups during play when using Chromium browser streams (e.g. Netflix / Prime).
• Improved APCProtection Windows 11 support
• Improved CobaltStrike Add support for WinHttp based beacons
• Improved SyscallX86 Detection and alerting/reporting/suppression options
• Improved SyscallX64 Added protection against Ekko/Foliage/KrakenMask
• Improved C2Interceptor Added generic stager detection
• Improved PipeWorker Security restrictions
• Improved AmsiGuard Added protection for remote processes
• Improved LBR Added newer CPU's: Tiger Lake, Rocket Lake, Alder Lake & Raptor Lake
• Improved CookieGuard Support for Chrome's new "Device Bound Session Credentials"
• Improved Excalibur Code handling of rapid alerts/reports
• Improved AlertProducer Added a rate limiter for repeating alerts - WARNING: Last Alert due to flood! added to eventlog

https://dl.surfright.nl/hmpalert3b2017.exe

Wishing you all a very Merry Christmas and a Happy New Year!
Please let us know how this version runs on your machine

 

Sandboxie #complicated

 

I downloaded the file, but can't install because Windows Defender detects is as a virus.

 

What is the detection signature? looks like a trigger happy rule for "newly signed binary" if I'd had to guess.
https://www.virustotal.com/gui/file/f9aa50bbfec75bb040e1956d51ff1cf905f290d361e8f0ed01cbe837eda94cd8

 

I installed it successfully yesterday, with no interference from windows defender.

 

Uninstalled Sandboxie Plus.