Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 14 subscribers
  • Views 2249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Hitman Pro

BeEf

Hello,

we have an Exchange DAG Cluster and are currently installing Sophos EP on these servers.

Currently only one server ist active and this server has the problem that it is not talking to the other because of the fact that one service is not running. In order to becoming both server in the cluster active and do further troubleshooting they need to talk to each other ..



This server (wupms02) does not want to talk to the other.



The other Server (wupms01) is not talking to the active server (wupms02). As far as I can see the server and sophos EP is running without any issues on this server (which is currently inactive in the exchange cluster).



We are not able to start the Hitman Pro Alert service on the active Server (wupms02) with the service manager. The logs in C:\ProgramData\HitmanPro.Alert\Logs do not show anything helpful.

1) Is there any configuration / poliycy change that will enable the communication of the two servers without restarting the server with the hanging hitman pro service.
2) Is there a way to start the hitman pro service? What can be the reason for the service not being able to start.

Regards,
BeEf



This thread was automatically locked due to age.
  • 0

    If you run from an admin prompt:

    fltmc

    does hmpalert appear as a loaded filter driver?  The service will not start if the driver isn't running.  Could that be it?

  • 0 in reply to Sophos User930

    No. It looks like that hmpalert is loaded/running:  

    C:\Program Files\Sophos>fltmc

    Filter Name Num Instances Altitude Frame
    ------------------------------ ------------- ------------ -----
    FsDepends 4 407000 0
    Sophos Endpoint Defense 27 389220 0
    hmpalert 12 345800 0
    vsepflt 0 328200 0
    WdFilter 13 328010 0
    SAVOnAccess 13 324000 0
    storqosflt 0 244000 0
    wcifs 0 189900 0
    FileCrypt 0 141100 0
    luafv 1 135000 0
    npsvctrig 1 46000 0
    Wof 1 40700 0

  • 0 in reply to BeEf

    OK, that's the driver running so no dependency error.

    Does the ImagePath value under: 
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hmpalertsvc
    point to 
    C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe /service
    and the file exists?

    If it does exist, if you run DebugView, with "Capture Global Win32" checked, when you start the service does it log anything of interest?

    Anything in: C:\ProgramData\HitmanPro.Alert\Logs\Sophos.log?

    Otherwise, I think I would run Process Monitor when starting it, and step through the events for the hmpalert.exe process assuming it gets created by services.exe.  Does the hmpalert.exe process exit with a code?

Unfiltered HTML