HitManPro Alert vrs Malwarebytes Anti Exploit Premium

Discussion in 'other anti-malware software' started by bgoodman4, Apr 9, 2016.

  1. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,237
    I have been thinking of purchasing HMPA (actually have a trial of it on my wifes PC) and I just received the following e-mail from Malwarebytes.

    Any suggestions as to which is better (the MB combo suggested in the e-mail or HMPA).

    *Private email removed per TOS*

    Thanks for your input in advance,,,,,,,,by the way, I have been getting numerous false positives with HMPA when using my wifes browser (Opera). At least to me they are false positives. HMPA shuts down the browser and tells me to scan with HMPA, when I do all I find are tracking cookies. I don't really care about these but I do care about having my browser shutting down on me multiple times during a session because of tracking cookies that are going to be eliminated when I shut the browser down at the end of the session (I have Opera set to do this for any new cookies acquired during a browser session).

    My main concern is with ransomeware, and I notice that HMPA has exploit prevention and its cryptoguard protection in seperate parts of the interface. I am a bit confused as to what the two sections are really dealing with. Do I need both of them active at all times?

    Here is what I have on the PC now,

    ESET Smart Security,
    Zemana AntiLogger
    AppGardd, (always set to locked down)

    I am considering adding HitmanPro Alert with Cryptoguard or MalwareBytes Anti Exploit Premium. I also am running AX64 (hourly) and Macrium Reflect Paid (daily) as well as Paragon (weekly) and the backup drive for Paragon is attached to the PC only during the weekly image.
     
    Last edited by a moderator: Apr 9, 2016
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    cruelsister released a video about HMPA/MAR/WAR about its "prevention"
    https://www.youtube.com/watch?v=3YXYnAiSYrY

    it is to mention that cruelsister dont share its samples except the normally so theses test get a small shadow.

    maybe its ad vor WAR but it points out that HMPA an MAR are useless and at least waste of time against cryptos.
     
    Last edited by a moderator: Apr 9, 2016
  4. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    I have yet to see an actual false positive caused by HMPA reported in this forum. So far it's always been either another "security"-software triggering one of the mitigations (i.e. Comodo performing reflective dll injection on the browser) or the protected application is performing blacklisted techniques by itself, like ROP or VM probing.

    Petya actually requires the user to click yes on the UAC prompt. There is no third-party software necessary to be protected from this. It won't work on Windows 8 and above, it won't work on an SUA or UAC protected admin with UAC at proper maximum setting. HMPA covers ransomware that works in this restricted context.
     
  5. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,237
    Thank you for your replies,,,,a bit above my head in most cases but thanks just the same.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    That cruelsister video has been addressed. I don't remember just where in the thread it was. Sorry. One difference, I am not 100% about this, but I don't think in MBAE you can turn off specific mitigations. In HMPA you can so Barry what you can do is when Opera is shut down, rather than scan, there is another link that will tell you which mitigation triggered. Then you can simply turn it off, and then report it in the thread and they will look at it.

    Another unique feature in HMPA is it's application lockdown. So say some one sends you a word doc and suggests turn on macro's which generally a bad idea, but if you do and the macro is something that executes code outside of word, then HMPA would slam the door shut on that code. Significant feature to me. WIll also do the same thing for zip files.
     
  7. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    Quite some mitigations in MBAE can also be enabled/disabled under 'Advanced settings'.

    MBAE will also block executables dropped by macro's using its layer3 mitigations.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay, that's good to know. THanks Ropchain
     
  9. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,237
    Thanks Peter, as usual you have been very helpful, much appreciated.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    If your main concern is ransomware you could choose either HMPA or MBAE + another dedicated anti-ransom tool like WinAntiRansom. Just for the record, you should not combine HMPA with MBAE, since they will most likely conflict because they are both anti-exploit solutions, using similar protection techniques, although HMPA is a bit more advanced.

    http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
     
  11. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,237
    Thank you for your input. I take it WinAntiRansom would not conflict with HMPA and the other antimalware apps on my PC (listed in OP). Probably overkill as I just recently found out that I was not protected from ransomeware because of another thread on Wilders and felt I needed to address this issue. I have decided to buy HMPA. Would you think I would be reasonably safe with this set up?
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    WAR is not an Anti-Ransomware solution. It is an Anti-Exe.

    WAR does not allow any new binary to run unless it is signed.

    The upside, it blocks malware. The downside, it blocks a lot of legitimate stuff (not in the whitelist).
     
  13. WAR is not the only one using such an approach. Spyshelter in medium level secuurity level AUTO allows all signed software. AppGuard for instance blocks all unsigned programs to execute in user folders. AppGuard has received homeland security awards (so unless you think US homeland security guys are a bunch of morons, it is a valid approach).

    All mainstream software is signed, so average Joe/Jane are good to go with security software allowing only signed software. Yes there are legitimate programs which are unsigned from small companies and yes signed malware exists also. But as the video's of Cruel Sister show: the approach works.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I have no problem with approach. Just it is called AntiRansom :confused:. It is also AntiTrojan, AntiRAT, AntiMalware, AntiVirus, AntiRootkit, AntiWorm, etc. etc. Hence, it is an Anti-Exe tool, better yet, it is a whitelisting solution.

    Comparing whitelisting solutions against non-whitelisting solutions is comparing apples and bicycles.

    I like being compared, so we might consider including an Anti-Exe mode as well. Just for proper comparison.
     
    Last edited: Apr 10, 2016
  15. Well that is the advantage (marketing wise) of naming your product HitmanPro Alert, you can use this name for anything that kills (Hitman) malware after an Alert. You are not bound to any (malware) category.
     
  16. hjlbx

    hjlbx Guest

    @Windows_Security

    I don't know about the Homeland Security IT staff, but the ones at airports are morons.
     
  17. Due to international work I have a lot of immigration stamps in my passport of countries in the Middle East. When I visit the US I get asked questions at the airport. Before I may enter the US this will cause a delay of at least 20 minutes. I recognize the protocol and just answer politely. Those people are doing their job and the questions make sense. When I return to the Netherlands and join the normal security line (I have an eye scanner card for Schiphol Airport security), I pass without questions. It sort of makes me feel uncomfortable. Security comes with hassle and like your sig says "security with the least hassle wins..", but without hassle I sort of wonder whether security is really effective.
     
  18. hjlbx

    hjlbx Guest

    @Windows_Security

    I didn't mean the job they perform. I'm all for tight security. I meant that quite a few of them aren't very effective in performing their jobs. You'd have to be there with me in the que to understand... if you saw it, then you'd say "Good grief !" You're a traveler so I'm sure you've got some stories to tell.

    OK. Enough...
     
  19. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    Yes please! :geek:
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Totally agree.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    What the hell, so it doesn't use any behavioral monitoring methods? Then it's definitely not fair to compare it to HMPA, if it's a simple white-listing tool. But from what I understood the "PreEmptive Actions" feature did watch for ransomware-like behavior. So isn't this true or what?

    http://www.ghacks.net/2016/03/31/winantiransom-review/
     
  22. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    NO, txs!

    Alert is in first place a specialized tool to counteract exploit...and must improve expressly in that area.
    Anyway, since it has cryptoguard functionality on board, it can surely improve also in that regard rendering ineffective any form of file infector (Sality,...).

    So, to sum up, it must retain its focus...
     
    Last edited: Apr 10, 2016
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,868
    hey erik, dont do that please - it was not me who named it "WinAntiransom"
    if you have problems with the video - call cruelsister instead.
    i can not verify the results but what i see is that WAR passed and HMPA failed.
     
  24. Cruel Sister is WAR's macho marketing machine disguised as clever community cow girl, she is repeatedly showing how HPMA and MBAR fail against ransomware, advantages no need for questionable sponsored tests:

    1. No need to test competitor's program while it is still beta (MBAE @ PC Security Labs), for the record the MBAE test performed by well known exploit analist Kafeïne are good clean tests

    2. No need to come up with synthetic tests programmed by the sponsor and getting a second chance on test organisation own's test set (HPMA @ MRG)

    Just community mechanisms at work here. My advice to Surfright and Malwarebytes put some attention to the Malwaretips forum, it is a breading place of youtube tests and a perfect spot for free link and followers building.

    For people who missed the internet's effect on buying behaviour: consumers trust other consumer's evaluation more than (sponsored) tests of producers. @erikloman please consider this as a friendly tip, don't shoot the messenger, like you did with @Brummelchen

    :D
     
    Last edited by a moderator: Apr 11, 2016
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Apples Vs Bicycles :argh:

    Are you hinting that HMPA might include an Anti-Exe component down the road? That would compliment the existing feature set I think :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.