Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
  1. #1
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    Latest Armory (5.2.12.0 ) causing malware alert (Hitman Pro)

    I don't usually upgrade Armoury as I've had issues doing that before. But unfortunately Armoury decided to upgrade itself. The install of course failed, so I had to use uninstall tool and reinstall. The reinstall worked, however upon launching Armoury I get a pop-up from Hitman Pro (anti-malware) with the following info:

    Mitigation CookieGuard
    Timestamp 2022-08-02T22:38:57

    Platform 10.0.19044/x64 v945 06_a5
    PID 4324
    Feature 037D1A30000011B6
    Application C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    Created 2021-04-01T19:18:23
    Description Microsoft Edge 103

    Remote debugging port enabled for this browser

    Loaded Modules (12)
    -----------------------------------------------------------------------------
    00007FF7228A0000-00007FF722C20000 msedge.exe (Microsoft Corporation),
    version: 103.0.1264.77
    00007FF8AA4F0000-00007FF8AA6E8000 ntdll.dll (Microsoft Corporation),
    version: 10.0.19041.1806 (WinBuild.160101.0800)
    00007FF8AA240000-00007FF8AA2FD000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.19041.1806 (WinBuild.160101.0800)
    00007FF8A78A0000-00007FF8A79BB000 hmpalert.dll (SurfRight B.V.),
    version: 3.8.21.945
    00007FF8A7D40000-00007FF8A800E000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.19041.1826 (WinBuild.160101.0800)
    00007FF85EAC0000-00007FF85EC15000 msedge_elf.dll (Microsoft Corporation),
    version: 103.0.1264.77
    00007FF8A9F40000-00007FF8A9FEE000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.19041.1682 (WinBuild.160101.0800)
    00007FF8A9240000-00007FF8A92DE000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.19041.546 (WinBuild.160101.0800)
    00007FF8A9E90000-00007FF8A9F2C000 sechost.dll (Microsoft Corporation),
    version: 10.0.19041.1586 (WinBuild.160101.0800)
    00007FF8A9D50000-00007FF8A9E75000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.19041.1806 (WinBuild.160101.0800)
    00007FF8A74C0000-00007FF8A74CC000 CRYPTBASE.DLL (Microsoft Corporation),
    version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FF8A8310000-00007FF8A8392000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.19041.1415 (WinBuild.160101.0800)

    Process Trace
    1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [4324]
    C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe http://127.0.0.1:1042/6318?cmd=alert --headless --disable-gpu --remote-debugging-port=0
    2 C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [15204]
    3 C:\Windows\System32\svchost.exe [1788]
    C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
    4 C:\Windows\System32\services.exe [1172]
    5 C:\Windows\System32\wininit.exe [1100]
    wininit.exe

    Services
    1788 Schedule

    Dropped Files

    Thumbprints
    538d38646d7dab691c8a58fdca5ee27ee1610c76f73f451396 cb953790cf1354 (pfn-rd -> asus_framework.exe)
    815d5b79944a3162126afe6e135ce1b37b93a7324c89050923 4cf448ac593f32 (pfn-rd -> svchost.exe)

    ____________________________

    Armoury still loads, but when I try going to the Ryujin device, I get the same issue and hence can't access the device.

    Here are my software levels:

    Item Version
    ---- -------
    Armoury Crate UWP App 5.2.12.0
    ROG Live Service 1.5.10.0
    Aura Service (Lighting Service) 3.05.66
    Armoury Crate lite service 5.2.10
    Aura Wallpaper Service Not installed
    ASUS AIOFan HAL 1.1.47.0
    ASUS AURA Extension Card HAL 1.1.0.18
    ASUS AURA Motherboard HAL 1.3.4.0
    AacVGA 0.0.5.2
    KingstonDram 1.1.12
    AURA DRAM Component 1.1.18
    ENE RGB HAL 1.1.39.18
    ENE_EHD_M2_HAL 1.0.9.12
    PHISON HAL 1.0.9.0
    Patriot Viper DRAM RGB 1.0.9.4
    Patriot Viper M2 SSD RGB 1.1.0.2
    Universal Holtek RGB DRAM 1.0.0.3
    WD_BLACK AN1500 1.0.14.0

    Please let me know if you need any further info. System is Windows 10. I have also contacted Hitman Pro support about this.

    Thanks.

  2. #2
    ROG Member Array
    Join Date
    Mar 2020
    Reputation
    10
    Posts
    7

    +1, me too have this while using hitman pro alert that pops up when using this version of Armory 5.2.12.0.
    It is like a backdoor edge activates when launching armory that the alert stops it from running, not sure why Asus implement edge in the installation.

  3. #3
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    Quote Originally Posted by iicycube View Post
    +1, me too have this while using hitman pro alert that pops up when using this version of Armory 5.2.12.0.
    It is like a backdoor edge activates when launching armory that the alert stops it from running, not sure why Asus implement edge in the installation.
    Thanks for confirming. Yeah I won't be uninstalling Hitman as it's a great tool. I have no idea how to alert Asus support, I thought they monitored these forums, but not a word from anyone on this thread :/

  4. #4
    Administrator Array MasterC@ROG's Avatar
    Join Date
    Aug 2014
    Reputation
    197
    Posts
    2,216

    We'll look into it, thanks for letting us know.

  5. #5
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    Quote Originally Posted by MasterC@ROG View Post
    We'll look into it, thanks for letting us know.
    Great, appreciate it. No response from Hitman as yet.

  6. #6
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    This is Hitman's response:

    "It seems ARMOURY CRATE Lite Service is starting the browser with a so called Remote debugging option, this makes it possible for this application to read your authentication cookies and passwords for the edge browser."

    That's not ideal. I believe Armoury should remove this functionality. I certainly won't be adding it to the Allow list as I use Edge for work.

  7. #7
    Administrator Array MasterC@ROG's Avatar
    Join Date
    Aug 2014
    Reputation
    197
    Posts
    2,216

    Update: The latest version of Armoury Crate has a different architecture for viewing HTML pages, we can assure you that your working environment is safe. We are reaching out to Hitman Pro as well to work this out.

  8. #8
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    Quote Originally Posted by MasterC@ROG View Post
    Update: The latest version of Armoury Crate has a different architecture for viewing HTML pages, we can assure you that your working environment is safe. We are reaching out to Hitman Pro as well to work this out.
    Thanks for the update, looking forward to a resolution whether that be Hitman adding Armoury to it's white list or some other solution.

  9. #9
    ROG Enthusiast Array
    Join Date
    May 2021
    Reputation
    10
    Posts
    37

    Hi MasterC@ROG.

    Rick from Hitman hasn't been contacted by anyone at Asus, can you be sure they are using support@hitmanpro.com. Thanks.

  10. #10
    Administrator Array MasterC@ROG's Avatar
    Join Date
    Aug 2014
    Reputation
    197
    Posts
    2,216

    Update: We will be updating the Armoury Crate architecture in the next major update to address some of the recent install and security concerns. The team will focus on releasing the new update as soon as possible rather than releasing patches for the current architecture.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •