HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Ah, thanks.
    That may explain why CryptoGuard didn't stop BcWipe when ComputerSaysNo used it to wipe only a few files.
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I tried axcrypt on 8 text + 2 pdf at once. HMP.A = quiet.
    Any simple real world to simulate Alert for ransomware. And to see change in cryptoguard folder.
    My cryptoguard folder has not budged since day one. I'd like to know what triggers cryptoguard folder to populate and what causes contents to change..?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I tried with axcrypt on 2 pdf's and HMPA shut it down.
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    TXT files are not protected by CryptoGuard because TXT lacks structure. I wrote a post a while ago on which files are protected. You might want to test using images and documents.
     
    Last edited: Jul 3, 2015
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    I guess you were referring to your April 7, 2015 reply?
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    That is the one!
     
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Thanks...OK. I ran axcrypt on 10 png and jpg (at once). Alert threw dialog. But, now I have three png's that will not decrypt. So, Alert blocked 7 and I'm left with 3 that will not decrypt. How can I use cryptoguard roll back..?
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Alert auto rollbacks encryption. Those 3 files should not be left encrypted. Are you running other anti-ransomware software?
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Hi erikloman,
    Please see my signature. I've had concern that AppGuard was an unknown variable.
    AG developer unable to recommend customize setting to accommodate HMP.A as AG does not run HMP.A in-house.
    I have c:\windows\cryptoguard as Exception (Read Write) and c:\windows\cryptoguard in User Space as Yes.
    I have SBIE Direct Access for c:\windows\cryptoguard and Full Access Template for hmp.alert. ERP did not react to axcrypt.
    ERP + AG + HMP.A + SBIE seem okay. But, I have concerns as to whether they play together beyond looking nice in my tray.
     
    Last edited: Jul 3, 2015
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Okay, I just tested. Note in Appguard I have the windows crypptoguard folder in user space with the "yes", and also have in in the guarded apps settings tab with read/write exceptions.

    with Axcrupt I selected 3 pdf files, xxx002.pdf thru xxx004.pdf. HMPA stopped it cold. In the original folder, I had 003 and 004 both encrypted and non encrypted. only 002 encrypted was present, however in the windows crytroguard folder there was now a revert folder that contained 002 in it so all is good. Success.

    Pete
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I also have Yes and Exception (Read Write)
    I do find reverted 07/03 Folder with 504 generic image file.
    Just realized 504 generic image Icon is match to Axcrypt 504 Icon.
    axcrypt.PNG
    504.PNG
    so, axcrypt somehow left dross...
    anyone have a clue as to what happened...and did rollback occur or did Alert block axcrypt.
    The only 07/03 cryptoguard file is 504.
    No idea what 504 was before axcrypt.
    No idea why 504 will not decrypt. I'm told 504 exists and do I want to replace. So, I say yes but, no change that I can see. 504 is in a loop. Do you want to replace 504 > Yes > Do you want to replace 504 > Yes.
     

    Attached Files:

    Last edited: Jul 3, 2015
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I had to manually move the file from the revert folder. Not sure what you are seeing., and I restored the image before I started so it is all lost.
     
  14. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, I'm seeing 504 png that started in Pictures and has been stripped and sent to reverted.
    OK...I manually moved 504 from reverted folder to Pictures...but, 504 will not Decrypt.
    How did I end up with encrypted png's if axcrypt was thwarted by HMP.A
    I posted pics so you can see what I'm seeing.
    So, observationally. Axcrypt is a nice utility but, my toys remain at questionable compatibility.
     
    Last edited: Jul 3, 2015
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I thought it was time to go from build 193 to to build 196, this morning. After the reboot, everything is fine.

    ScreenShot_HMP.A_v3.0.48.196 build_01.gif ScreenShot_HMP.A_v3.0.48.196 build_02.gif
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    To clarify my statement, I used to use Sdelete to delete a sandboxed Firefox or IE11 (Sandboxie). CryptoGuard often didnt kick in after a short browsersession, but almost always after a long browsersession.

    Sdelete.jpg
     
    Last edited: Jul 4, 2015
  17. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
  18. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I still have build 187. Is this the last stable build.
     
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    To my knowledge, HMPA 3.0.45.193 was the latest that wasn't issued as beta.
    Next were three betas, 3.0.46.194, 3.0.47.195 (beta according to the download link with the 'b' in it), and 3.0.48.196, which is the most recent beta.
     
    Last edited: Jul 4, 2015
  20. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I just found a link for softpedia about 193, so i downloaded from Erik Loman 195 link and ended up with a 193.exe to download which i installed.
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Yes, Erik's signature says "Build 195", but the download link in Erik's signature is for the latest build that wasn't issued as beta, which is build 193, currently.
    The download links for the later three betas are in the posts that I referred to in my previous post.
     
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    So much for Alert auto rollbacks encryption. #6334
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Erik and BJM

    Indeed while HMPA protected very well, I retested leaving Sandboxie out of the equation. HMPA did indeed protect the files, but autorollback didn't really work. I had to retrieve one of the files from the crypto folder.

    Pete
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    There have been questions relative to using HMPA, SBIE, and Appguard, and the settings of them. Also how it would impact the crypto protection of HMPA. Soooo....

    Before testing I reviewed all my settings as follows.

    Appguard. I did have two HMPA exe's as power apps. These were in the local/temp area. I think I put them there when by accident, I had guard HMPA. I removed them from power apps with no ill effect. So now all I have in Appguard, are the two folders c:\windows\cryptolocker and c:\Sandboxie. I have them under the user tab with "yes" and also on the settings tab in guarded apps, with read\write exclusions. That is it.

    Sandboxie. I tested in a default box. No Internet, but no start\run restrictions. No file direct access and all that was in the full access was the one lined HMPA thingy that Sandboxie now puts there.

    Hitman Pro Alert. No special settings.

    I tested using Axcrypt and 4 PDF files. Test 3 ways.

    1. Installed Axcryrpt in the Sandbox
    2. Installed Axcrypt on the system, and ran Windows explorer Sandboxed to encrypt
    3. Installed Axcrypt on the system and set it as a forced program.

    The third case was a little strange in that it didn't completely run.

    Results. In all cases HMPA alerted and shut down the encryption. So clearly HMPA worked with SBIE. Also SBIE contained everything with in the sandbox, so there was double protection.

    Some additional comments. Normally I run SBIE much tighter. This test was essentially out of the box. Also this is my laptop. On my desktop Appguard is also a bit tighter.

    Anyway. well done HMPA. It and SBie are great companions.

    Pete
     
  25. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    well guys ive decided to finally update my hitmapro alert install from 2.6.5.77 to 3.0.45.193

    and first thing ive noticed is , secure desktop mode doesnt show up anymore while using Keepass even thou its option has always been checked in the keepass security settings and always worked until the upgrade of hitman pro alert , this ought to be fixed, oh and if possible improve the algorithm for the keystroke encryption , since from what ive heard zemana antilogger seems to do a much better job at it , thanks
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.