1PW 7.0.532 blocked by HitmanPro.Alert as threat [Hitman fixed the false positive, update it]
Hi there,
currently 1PW 7 is false positively recognized by HitmanPro.Alert 3.7.6 build 738 as attack.
This hasn't happen after install, but after restarting my PC today, which hints towards an issue on the auto-start routine. I post this here, because you as company can reach out to SurfRight probably more directly.
Mitigation CallerCheck
Platform 10.0.16299/x64 v738 06_3a
PID 4684
Application C:\Users\XXX\AppData\Local\1password\app\7\1Password.exe
Description 1Password for Windows desktop 7
Callee Type CreateProcess
C:\Users\XXX\AppData\Local\1password\app\7\1Password.exe
Stack Trace
Address Module Location
1 76F593EC KernelBase.dll CreateProcessA +0x2c
2 06048F5E (anonymous; clr.dll)
8b8decfeffff MOV ECX, [EBP-0x114]
c6410801 MOV BYTE [ECX+0x8], 0x1
833d4000e70f00 CMP DWORD [0xfe70040], 0x0
7407 JZ 0x6048f78
50 PUSH EAX
e8298c8c09 CALL 0xf911ba0
58 POP EAX
c785d0feffff00000000 MOV DWORD [EBP-0x130], 0x0
898508ffffff MOV [EBP-0xf8], EAX
83bd08ffffff00 CMP DWORD [EBP-0xf8], 0x0
0f95c0 SETNZ AL
0fb6c0 MOVZX EAX, AL
89850cffffff MOV [EBP-0xf4], EAX
90 NOP
3 06048A94 (anonymous; clr.dll)
4 0604822B (anonymous; clr.dll)
5 060473F1 (anonymous; clr.dll)
6 122BC499 mscorlib.ni.dll
7 1232BDA5 mscorlib.ni.dll
8 1232BCB6 mscorlib.ni.dll
9 122BC3FB mscorlib.ni.dll
10 122BC4EB mscorlib.ni.dll
Process Trace
1 C:\Users\XXX\AppData\Local\1Password\app\7\1Password.exe [4684]
C:\Users\XXX\AppData\Local\1password\app\7\1Password.exe C:\Users\XXX\AppData\Local\1password\app\7\FirefoxManifest.json onepassword4@agilebits.com
2 C:\Program Files\Mozilla Firefox\firefox.exe [10688]
3 C:\Windows\explorer.exe [11152]
4 C:\Windows\System32\userinit.exe [7080]
5 C:\Windows\System32\winlogon.exe [2432]
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
6 C:\Windows\System32\smss.exe [9856]
\SystemRoot\System32\smss.exe 00000144 00000080 C:\WINDOWS\System32\WinLogon.exe -SpecialSession
Thumbprint
163bf443cf26e6638c969b9496d4a6146cf201e3213cc2ec635ea43f97c70658
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @Damnatus,
Thanks for reporting this. Please do report this as a false report to them. They actually prefer to hear from customers that are running the product. We'll report it as well but the more reports they get, the faster they'll look into it.
This isn't the first time Hitman has blocked us, sadly.
0 -
🙏Thanks!
0 -
Good news @MikeT,
the on Thursday released build 739 corrects the issue. I can ow fully enjoy the beta of 1PW 7 :)
0 -
Awesome, thanks for an update on this. I’ll bookmark that thread to reply if it happens again next time.
0 -
Hi @MikeT,
Today I've discovered that when 1PW 7 is started over the Browser Extension (because currently the automatic start with Windows is disabled by default from you), HMPA sees it as attack. I've already said that to the folks from SurfRight :)
Have a wonderful easter!
0 -
Hi @Damnatus,
because currently the automatic start with Windows is disabled by default from you
That is not the default, it does automatically register to start for all installs by default for this very reason, to let folks use 1Password extensions without having to start the main 1Password window.
That'll be nice for SurfRight to address, thanks for reporting it for us.
0 -
No issue here either with build 738 or 739.
0 -
Great, thanks for letting us know.
0
