HitmanPro.ALERT Support and Discussion Thread

At some point I remember someone said they protect against exploits but with different approaches so they could work together.
If this is not the case I would keep HPA

 

You can run both programs together, but HMP.A is taking over and MBAE has basically "nothing to do" and is only protecting applications which are not in HMP.A's applications list.

 

Many of their exploit mitigation features overlap and are based on the same principles. Implementation wise might be slightly different, but this is not significant enough to run both at the same time and risk compatibility issues as others have already said. In fact, if both hook the same functions they can cause compatibility issues at best and miss an exploit attempt both should have blocked at worst.

HMP.Alert has some useful unique features though, which I find seals the deal between the two

 

Over 24 hours and no reply so I guess they have enough beta testers.

 

or too much requests and must select the trustful ones.

 

They sent me the link but (I should've known) it doesn't have co-signed driver yet so I'll pass.

Would it be legit to pass mine on to you?

 

It depends if they are keeping a record of which wilders members have been accepted as closed beta testers.
Personally I would not pass on the link to anyone else as it breaks the trust between the two parties.

 

Probably not. Thanks though.

Hmm, maybe. I never thought of myself as untrustworthy before today.

 

But they have to sort through the many thousands of untrustworthy ones, until they find your name...

 

Yeah, that's OK. I can only ask to try the new version, but I'm not about to beg for it. Erik and Mark have allowed me to test private betas in the past so I doubt they distrust me.

 

Yeah. I suspected it would be dodgy.

 

It's weekend. I suppose Erik really needs these days off, to get some rest.
Perhaps you'll get a reply after the weekend.

 

It was a kind gesture though

 

"through the many thousands" ..... even the replies are not so many =

 

I was just joking. I think the weekend explanation is more likely to be true.

 

https://adsecurity.org/?p=2921

Have you though about adding some mitigations to protect against file less attacks? Like disabling PowerShell, etc

@erikloman

 

+1

 

co signed driver or not , it did run fine on my windows 10 x64 creators build without issues

 

It's OK Pete. No-one passed on any links or private versions of Alert.

 

Thanks Mate.

Cheers!

 

Is the "hitmanpro.com" site down for you too?

http://www.isup.me/hitmanpro.com
http://www.isitdownrightnow.com/hitmanpro.com.html
http://isitdownorjust.me/hitmanpro-com/

 

That was discussed in the HMP thread on April 30, already.
It seems to depend on your location, and on which "Is it up/ is it down" tool you use.
https://isitup.org/www.hitmanpro.com says it is up.

 

Protection against file-less attacks like PowerShell are already in HitmanPro.Alert. They are covered by our Application Lockdown mitigation, part of Exploit Mitigations.
As of build 704 we did improve Application Lockdown for Browsers to block e.g. a Microsoft HTML Application (HTA) that spawns a PowerShell, but other than that we are already in very good shape against file-less attacks.
Big difference between our approach and that of some others is that you do not need to configure anything. Admins can still use PowerShell but any unusual attempt, like running PowerShell from a Browser, Office or Media application, will result in HitmanPro.Alert blocking that PowerShell script.