Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Latest Armory (5.2.12.0 ) causing malware alert (Hitman Pro)

cindernat
Level 9

‎08-02-2022 03:44 PM - last edited on ‎03-06-2024 10:14 PM by Community Admin

I don't usually upgrade Armoury as I've had issues doing that before. But unfortunately Armoury decided to upgrade itself. The install of course failed, so I had to use uninstall tool and reinstall. The reinstall worked, however upon launching Armoury I get a pop-up from Hitman Pro (anti-malware) with the following info:

Mitigation CookieGuard
Timestamp 2022-08-02T22:38:57

Platform 10.0.19044/x64 v945 06_a5
PID 4324
Feature 037D1A30000011B6
Application C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Created 2021-04-01T19:18:23
Description Microsoft Edge 103

Remote debugging port enabled for this browser

Loaded Modules (12)
-----------------------------------------------------------------------------
00007FF7228A0000-00007FF722C20000 msedge.exe (Microsoft Corporation),
version: 103.0.1264.77
00007FF8AA4F0000-00007FF8AA6E8000 ntdll.dll (Microsoft Corporation),
version: 10.0.19041.1806 (WinBuild.160101.0800)
00007FF8AA240000-00007FF8AA2FD000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.19041.1806 (WinBuild.160101.0800)
00007FF8A78A0000-00007FF8A79BB000 hmpalert.dll (SurfRight B.V.),
version: 3.8.21.945
00007FF8A7D40000-00007FF8A800E000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.19041.1826 (WinBuild.160101.0800)
00007FF85EAC0000-00007FF85EC15000 msedge_elf.dll (Microsoft Corporation),
version: 103.0.1264.77
00007FF8A9F40000-00007FF8A9FEE000 ADVAPI32.dll (Microsoft Corporation),
version: 10.0.19041.1682 (WinBuild.160101.0800)
00007FF8A9240000-00007FF8A92DE000 msvcrt.dll (Microsoft Corporation),
version: 7.0.19041.546 (WinBuild.160101.0800)
00007FF8A9E90000-00007FF8A9F2C000 sechost.dll (Microsoft Corporation),
version: 10.0.19041.1586 (WinBuild.160101.0800)
00007FF8A9D50000-00007FF8A9E75000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.19041.1806 (WinBuild.160101.0800)
00007FF8A74C0000-00007FF8A74CC000 CRYPTBASE.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FF8A8310000-00007FF8A8392000 bcryptPrimitives.dll (Microsoft Corporation),
version: 10.0.19041.1415 (WinBuild.160101.0800)

Process Trace
1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [4324]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe http://127.0.0.1:1042/6318?cmd=alert --headless --disable-gpu --remote-debugging-port=0
2 C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [15204]
3 C:\Windows\System32\svchost.exe [1788]
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
4 C:\Windows\System32\services.exe [1172]
5 C:\Windows\System32\wininit.exe [1100]
wininit.exe

Services
1788 Schedule

Dropped Files

Thumbprints
538d38646d7dab691c8a58fdca5ee27ee1610c76f73f451396cb953790cf1354 (pfn-rd -> asus_framework.exe)
815d5b79944a3162126afe6e135ce1b37b93a7324c890509234cf448ac593f32 (pfn-rd -> svchost.exe)

____________________________

Armoury still loads, but when I try going to the Ryujin device, I get the same issue and hence can't access the device.

Here are my software levels:

Item Version
---- -------
Armoury Crate UWP App 5.2.12.0
ROG Live Service 1.5.10.0
Aura Service (Lighting Service) 3.05.66
Armoury Crate lite service 5.2.10
Aura Wallpaper Service Not installed
ASUS AIOFan HAL 1.1.47.0
ASUS AURA Extension Card HAL 1.1.0.18
ASUS AURA Motherboard HAL 1.3.4.0
AacVGA 0.0.5.2
KingstonDram 1.1.12
AURA DRAM Component 1.1.18
ENE RGB HAL 1.1.39.18
ENE_EHD_M2_HAL 1.0.9.12
PHISON HAL 1.0.9.0
Patriot Viper DRAM RGB 1.0.9.4
Patriot Viper M2 SSD RGB 1.1.0.2
Universal Holtek RGB DRAM 1.0.0.3
WD_BLACK AN1500 1.0.14.0

Please let me know if you need any further info. System is Windows 10. I have also contacted Hitman Pro support about this.

Thanks.
Labels:
0 Kudos
2,652 Views
11 REPLIES 11

cindernat
Level 9
In response to MasterC

‎08-30-2022 03:48 PM

MasterC@ROG wrote:
Update: We will be updating the Armoury Crate architecture in the next major update to address some of the recent install and security concerns. The team will focus on releasing the new update as soon as possible rather than releasing patches for the current architecture.


That's great to hear. Thanks! I'll await the update.
0 Kudos

MasterC
Community Admin
Community Admin

‎09-25-2022 09:06 PM

Framework v3.1.1.0 was published on 9/19 to rectify this issue. Please update and try again.
_____________________________________________________________
FPS, Racing, and VR Gamer / Tech Enthusiast / ROG Admin
0 Kudos