HitmanPro.ALERT Support and Discussion Thread

Is Alert alone your defence or do you have other real time software?

 

I have Malwarebytes premium and Panda free....

These programs already had them before and also have in exclusion of all others...

I tried to uninstall antivirus... etc and still the same

 

HitmanPro.Alert 3.5 Build 528 Private Beta



Changelog (compared to 373)

• Added WipeGuard mitigation (currently part of CryptoGuard).
  Protects against bootkits and boot-time ransomware like Petya and Mischa.
• Added DLL Hijack Mitigation (part of Process Protection).
  Protects against DLL hijacking (also known as a binary planting attack) by forcing all downloaded executables to load application extensions (DLLs) from system32. This mitigation prioritizes both statically and dynamically loaded system DLLs, on Windows XP up to Windows 10.
  For an example, see here: https://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/
• Added Settings Import and Export.
  This feature can be accessed via the gear icon at top right of the GUI.
• Improved CryptoGuard, world's first anti-ransomware since 2013, now in its 4th generation!
• Added cloud-driven false positive handling, which allows fast response to correct detections without software upgrades.
• Improved ROP mitigation.
• Improved Application Lockdown.
• Improved BadUSB mitigation.
• Improved HollowProcess mitigation.
  
• Updated Network filtering component.

Download
Send me a PM to receive the download link. Please report issues via PM as this build is still private.

 

First impressions show that 3.5 has no obvious issues.

 

+ 1, i was really impressed (light on resource, stable,...)

 

Can you give us some more info?

User must point out a (probable) FP and wait for your fix on the cloud? (if you obviously evaluate it as such)...

 

Hi Erik and all,

I really like HPA, so much so I am a paying customer . (Wish I was wealthy enough to be a patron or serious investor!)

All working well, version 3.1.10.373, with the exception of today, having trouble updating MS 7, 64, home premium. Update has run all day, with no results .... I don't know if there's any conflict or not, and haven't read thru the threads. Wondered if anyone else had any thoughts. MS 1st tech notes troubleshooting says to try turning off security software, but I am of course reluctant to do that.

There's a few other things that could be the issue, but I thought I'd check here 1st.

 

There's a whole thread about that problem.

https://www.wilderssecurity.com/threads/windows-update-long-time-to-check-for-updates.379435/

 

Thanks! I searched/scanned HPA thread but not all of Wilders before posting ... I'm a bonehead tonight

 

Q: Has "Why No Tamper/Self Protection" been asked and answered before...?

 

We have something cooked up, but our colleagues at Sophos have something as well. We are still deciding which one to use for tamper protection.

 

It may be their signatures. Using Emsisoft IS v11 and had same issue. Stuck on Black screen had to hard shutdown, drain power and reboot (Windows 10 Home 64-bit). Going back to ESET.


Edit: I have noticed the interesting encryption/decryption issues with garbled text in browsers (when I type) lately as well. Has anything changed in the past 15-30d w/ Keystroke encryption?

 

Nothing has changed towards keystroke encryption.

We did make small changes to keystroke encryption in 3.5. Including you can now enable, disable keystroke encryption per browser.

Note: Keystroke Encryption is currently no longer supported in Microsoft Edge on Windows 10 Redstone 1 (build 14291 or newer). We have no idea what MS has done but no other keystroke scrambling software is not working in Edge on 14291+ either.

 

Hi, does boot time protection cause problems with bitlocker or veracrypt? if not, i wouldn't mind taking the latest release on one of my machines for a spin.

 

Erik

Dit is een dubbele ontkenning, wat je bedoeld waarschijnlijk is dat keystroke scrambling ook bij alle andere scrambling software NIET werkt ?

 

If the bootrecord is written you need to disable WipeGuard first. But once VeraCrypt wrote the bootrecord you can enable it.

 

Our WipeGuard technology protects the Master Boot Record (MBR) so when anything needs to write to this area on your disk, it is intercepted.
BitLocker is not a problem, works seamlessly.
But contrary to BitLocker, when you use VeraCrypt for the very first time to encrypt an entire disk, our WipeGuard will prevent VeraCrypt from putting its bootloader on the MBR (as designed).

Mitigation WipeGuard

Platform 6.1.7601/x86 06_4e*

PID 3264
Application C:\Program Files\VeraCrypt\VeraCrypt Format.exe
Description VeraCrypt Format 1.17

Master Boot Record (MBR)​

In this case, you temporarily need to disable WipeGuard's Master Boot Record protection before running VeraCrypt's encryption wizard. You can find it under CryptoGuard:

1. Open HitmanPro.Alert
2. Click on the gear icon in the top right corner of the window
3. Select Advanced interface
4. Click on the orange tile called Risk reduction
5. Select CryptoGuard
6. Uncheck Master Boot Record (MBR)

You can now start the VeraCrypt wizard to encrypt the disk. When finished, re-enable Master Boot Record protection.

Hope this helps!

 

In 3.1 nothing has changed.
In 3.5 small changes were made, including that we had to disable on Edge Insider Preview. Other scambling tools also do not work on Edge Insider Preview.

Hope this helps

 

Cool to see that HMPA protects against stuff like DLL Hijacking and aggressive ransomware like Petya. I assume HMPA protects the MBR from modification?

It's best to write in English on these forums, you can PM in Dutch. But yes, it seems that he meant that other anti-keyloggers also can't protect the latest Edge browser. But I just saw that Erik has already replied.

 

Sorry, I must have missed this reply, but sounds cool to me.

 

Yes you're right about that !

 

WipeGuard works.
It blocked Rufus from creating a bootable usb drive.

There should be an option to allow once, after UAC is confirmed.
Default selection should be deny,
and of course there should be a warning, what writing to the MBR can cause.

 

still no allow/deny function?

 

Allow/Deny what exactly?

 

HMPA may block some legit process automatically without user consent.

an "allow/deny" button would be convenient.