HitmanPro.ALERT Support and Discussion Thread

Last few months can indeed be summed up to these points:

1. Extremely busy getting Alert integrated in Sophos products
2. Vacation period started beginning of July
3. Microsoft launched Anniversary Update too soon (many issues) and surprise-flipped the switch on the new code signing policy which was not enforced in the Insider Preview builds; so there was no way to anticipate this; to top it off it they launched in our vacation period while understaffed; then we had to wait for Microsoft to ship a physical USB stick to our office

 

ok, now ALL is working as expected here (10 x64 Anniversary Update)


--------

To be fixed:
FP with Avidemux 2.6 and Aimp 4

 

I get it @erikloman I do.
You are swamped trying to keep the higher ups pleased.

However as a paying costumer I plainly should not have to care about all of it as I did not "buy" the product to include possible trouble ahead imposed upon us end-users by what might be poor management in general.

1. Extremely busy getting Alert integrated in Sophos products -> both HitmanPro/Sophos might have seen this coming as one if not both companies should know that summer time is never the best of times to integrate complicated processes.
2. Vacation period started beginning of July -> again most companies have some kind of administration in place to make sure "enough" people are around to keep going. Seems to me this was not solidly planned by human resources.
3. Microsoft launched Anniversary Update too soon (many issues) and surprise-flipped the switch on the new code signing policy which was not enforced in the Insider Preview builds; so there was no way to anticipate this; to top it off it they launched in our vacation period while understaffed; then we had to wait for Microsoft to ship a physical USB stick to our office. -> granted a new signing policy is disruptive, fully agree. Yet again when signs are there that the launch was coming might have be a red flag to make sure some moving around in resources assigned would have been possible. But I really find the USB part hard to swallow: The Microsoft MediaCreator tool was almost if not directly available during the release of Windows 10 Pro AU for you to get and make your own USB-stick. Even getting a license for 10 is webbased available.

I like the product as it is so please see my comments as a constructive note of at-least this end-user.

Summer time might indeed be the best time to keep a sharp eye out for things released like zero-day leaks. Think hacker conventions info being releases. This might mean a higher priority could be given by companies to people like you to solve those exploits asap and putting integrations of processes on the back burner to release your workload.

 

Smooth upgrade from 553 to 558

Edge, Chrome 32 bit, Firefox 32 bit, and IE 32 bit all working fine; all showing colored borders and indicators. The only exception is Edge not showing the keystroke encryption indicator (I haven't been using Edge though so don't know if this is an ongoing issue).

 

Did Erik say the USB stick from Microsoft was a copy of Windows 10 Pro AU?

 

No issues with 558 here, win10 pro(64)

 

All seems well on my Windows 7 x64.
Updated 3.5.2 build 556 to build 558.
I skipped 557, because of Hiltihome's report of log on black screen issue.
Even though no fix was mentioned in the build 558 changelog, I tried 3.5.2 build 558.
Luckily, no log on black screen issue here. (I hope the same for Hiltihome.)
Also, no add-on issues in W7 IE11.
Chrome not tested.

 

Settings

 

You have a point if the USB-stick was indeed for the signed drivers bit.

 

The Software is licensed, not sold. The Software is licensed “as-is”. You bear the risk of using it. SurfRight gives no express warranties, guarantees or conditions. http://www.surfright.nl/en/terms

 

One addition, SurfRight are 8 people (5 developers). If there is a vacation, then we are cut in half (and that half has to cover for the guys on vacation). If a major product release is in the summer (Sophos Intercept X) and also a major unannounced code signing policy then **** does hit the fan. We have tested EVERY Insider Build and delivered updates accordingly. MS just flipped the switch on the last one.
If everybody is then on vacation and you have to wait two weeks for the USB stick to arrive and also work your way into MS new infrastructure (it is not like you submit a .sys file; you have to do a ton of work to get your driver accepted at all from scratch).
Then the Windows 10 AU code signing policy issue only exhibits when you have SecureBoot enabled and installed Win10 from scratch AND your driver has a certificate newer than a date in 2015. So it is not that easy to spot. You have to run into it.

I'm not going to say anything more. I want to look forward. Sophos Intercept X will bring all features of Alert managable from the web and also installs alongside other vendor AVs. SurfRight did the client side, Sophos did the cloud stuff. And while we made that we also kept our existing software up-to-date (albeit slower number of updates). Yes, 8 people, 23 million users. But integration is almost complete and additional help is on the way.

 

True and I could also argue that given that we as end-user should not even have the option to vent our opinions after the money back period has ended when we buy a product with software support for a year for systems specified in the system requirements.
Yet we can and as far as I know we should.

However better leave the legal stuff where it should be.. In court and not in this forum.

 

The stick has a unique client certificate that we have to use to authenticate at Microsoft. Releasing a driver is a whole lot more complex with the new policy as we have to run it through MS services and wait for it to complete (about half an hour). We had to figure this out as well right after the Win10 AU got published.

 

How to trigger the Avidemux FP?
Simply opening Avidemux UI, or opening a video file (which file type?), or certain processing tasks?

On Windows 7 x64, with Avidemux 2.6.13 x64, simply opening Avidemux and loading and playing an .mp4 video file doesn't trigger a HMP.A false positive.
I haven't tried Avidemux processing tasks, as I didn't know what to look for.

 

@erikloman thank you for making your point.
I am not attacking you as a person, keep that in mind.

My frustration is mostly directed at the powers that be seems to have overloaded a small but willing group of people who try to keep 23 mil souls happy with the product in general.

 

exactly (with hw-cfi): in VM, infact, Avidemux runs issue-free (but VM doesn't support this tech)...
Which CPU do u have? Txs

 

If you'd like to use our signature-less technologies in your company and control them from a very pretty management console, a beta of Sophos Intercept X is now available through Sophos' Early Access Program (EAP) on Sophos Central. Yes, we've built a lot more things in and underneath HitmanPro.Alert this year Get a free 30 day trial here: https://blogs.sophos.com/2016/08/02...-ransomware-in-its-tracks-try-the-beta-today/

And if you want to be the first to learn about visualizing attacks using the new Root Cause Analytics feature in Sophos Intercept X, come to London next week on the 15th! I am there too, doing a live "Mr. Robot"-style attack in the keynote of Sophos Next-Gen Security event, using a 3 year old exploit on a PC protected by a fully enabled and up-to-date 2016 market leading security product. I'm also talking about the latest developments in crypto-ransomware during a breakout session. You can sign up here (limited spaces available): https://secure2.sophos.com/en-us/co...s-next-gen-it-security/15-september-2016.aspx

 

@markloman :
Will there be a live feed, or at least a tube video?

 

I see no difference. 1y1pc was 30 EUR, new website shows 35 USD, which is calculated back to 30 EUR in the online shop when using an European ip address.
The new website only offers 1 year licenses, and the old one also offers 3 year licenses.

 

I am more interested personally in a family/small business environment based management console.
Something that would run on my Windows 2012 R2 Essential server or it's upcoming 2016 version someday (think the current version of Windows 2016 is still TP5).

Anyway, like @Hiltihome suggested a live feed/potcast etc would be interesting to watch.

Sophos Intercept X might be an option for my employer so I can always mention this to "certain ears" if they are willing to listen.

 

Compare the prices on

http://www.surfright.nl/en/shop/ and
https://www.surfright.com/en-us/surfright/buy-now.aspx

Prices have increased by quite a bit.

 

Thanks.
I tested on my E8600 system, for which HMP.A offers no Hardware Assisted Exploit Protection.
So that may be the factor that explains the different experience.
Has anyone else - N.B. with Hardware Assisted Exploit Protection - confirmed the Avidemux FP?

 

I'm seeing 1yr 1pc costing 19.95 EUR not 30 EUR. On xe.com this equates to only 22 USD, so a 13 USD increase.