Ok there needs to be a way to exclude a program now Win32DiskImager is blocked

[Tempnexus]

Now I can't make RaspPi SD images via Win32diskImager come on! I don't have to freaking uninstall the whole HPA, reboot the PC, install a software and then install HPA again just to install a piece of known code.

Here is the VT of that EXE.

Antivirus scan for 8140f124524fa41e95a391a1d4a3fadedba22178e96e9a1ec715f799927b1c2b at 2016-04-21 04:35:49 UTC - VirusTotal

 

[Jack]

Now I can't make RaspPi SD images via Win32diskImager come on! I don't have to freaking uninstall the whole HPA, reboot the PC, install a software and then install HPA again just to install a piece of known code.

Here is the VT of that EXE.

Antivirus scan for 8140f124524fa41e95a391a1d4a3fadedba22178e96e9a1ec715f799927b1c2b at 2016-04-21 04:35:49 UTC - VirusTotal

Why don't you just disable the HitmanPro.Alert part which is responsible for the "blocking" ?

 

[Tempnexus]

Everything is disabled. I even added the EXE to Exploit Mitigations Exclude.
It doesn't help.

 

[Jack]

Everything is disabled. I even added the EXE to Exploit Mitigations Exclude.
It doesn't help.

Which alert are you seeing from HPA, do you have a screenshot or log?

Also did you try to add the exclusion the program that is causing the alert?

@Erik Loman

 

[Tempnexus]

Which alert are you seeing from HPA, do you have a screenshot or log?

Also did you try to add the exclusion the program that is causing the alert?
View attachment 96027



@Erik Loman

Did that.
Imgur: The most awesome images on the Internet

Mitigation   Lockdown

Platform     10.0.10586/x64 06_2a
PID          27268
Application  C:\Users\\Downloads\Win32DiskImager-0.9.5-binary\Win32DiskImager.exe
Description  DiskImager 0.9.5

Filename     C:\Users\\Downloads\Win32DiskImager-0.9.5-binary\Win32DiskImager.exe
Created By   C:\Program Files\WinRAR\WinRAR.exe


Process Trace
1  C:\Users\\Downloads\Win32DiskImager-0.9.5-binary\Win32DiskImager.exe [27268]
2  C:\Windows\explorer.exe [16228]
explorer.exe

 

[Tempnexus]

Ok so it's been 5 days and no reply from developers. It makes me wonder, why do we have this forum? What's the point? No one else looks at it besides the MT members and they can't fix things so if SOPHOS doesn't care about their product then why host it here?

 

[Erik Loman]

I do not visit MalwareTips that often, sorry for that. I will try to come here more frequent.

The problem you are having is that you (or maybe the software radar) have set Application Lockdown on WinRAR.exe.

Please uncheck Application Lockdown on WinRAR.exe. Note: You must reboot to release the lockdown on the Win32DiskImager.exe binary. There will be a button in the future to more easily release locked down binaries.

Background
Application Lockdown set on an application enforces that the application shall not create executables. For example, Microsoft Word is meant to create document, NOT binaries. So it makes sense to restrict Office application from creating executables. But archivers likes WinRAR or WinZip DO create executables when you unpack the archives. So do not enable Application Lockdown on archivers.

Hope this helps.