HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    Can someone tell me whether Alert is now able to protect the old Edge browser? Haven't used this in a few years. Also, if anyone runs a Windows Insider build, any issues with that?
     
  2. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Is keystroke encryption really necessary if you're using a VPN? In other words, do you need both?
     
  3. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
  4. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    When using Edge, the only active HMPA protection that I see is "Exploit Mitigation". It's missing "Safe Browsing" and "Keystroke Encryption".
     
  5. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Thanks for that info, and it does appear up to date today.

    But in the past when I checked that page, it wasn't always up to date at the time the push notification showed up in the application.
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    It didn't get updated until a few hours ago.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    VPN and keystroke encryption are completely different. Keystroke encryption scrambles keystrokes locally on your computer, so malicious software present on your computer cannot capture the keystrokes. VPN encrypts your internet traffic when it leaves your machine, to the VPN provider. This means your ISP or other people on public WiFi cannot see your traffic.
     
  8. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Good distinction! :thumb:
     
  9. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    OK, this is good to know. It'll be interesting when chromium Edge becomes the replacement default browser in Windows. I always sort of wondered about Defender's Exploit Guards as it is. :cautious:
     
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    That will be interesting to see the change with Chromium.

    This is a bit off-topic, but I use Firefox as my armor plated "surfing" browser, and only use Edge for known trusted sites such as banks, etc. As a security measure I believe in using separate browsers for surfing and banking. Probably even better to use separate computers with an air gap, but I find that method a bit impractical and cumbersome. :)
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    I use Qubes OS for a nice middle ground ;)
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Is there any loose expectation as to when 8.x will be available? It can't come soon enough for me--there is software that I hate being without that I can't use at all until I'm able to exclude it from HMP/HMP.A.
     
  13. hotlips69

    hotlips69 Registered Member

    Joined:
    Nov 3, 2005
    Posts:
    55
    Location:
    Sussex. UK
    Are "Wilders" members still getting a free product key for HMP.A as a thanks for their testing help?

    This was well documented before my current key was very kindly renewed by the admins here at my request a couple of years ago, but not sure if this still happens since Sophos took over?
     
  14. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @erikloman, @markloman, @RonnyT,

    Since today,
    HitmanPro.Alert's AntiMalware component blocks G Data AVKProxy.exe as malware, Trojan.Win32.Wofith.za.
    Which is crazy, of course, as G Data AVKProxy.exe is an essential part of G Data IS.
    With HMPA 3.7.12.793, the only way to stop HMPA blocking G Data AVKProxy.exe as malware, is to disable HMPA's AntiMalware component.
    Please, whitelist G Data AVKProxy.exe.

    Code:
    Malware found:
    Trojan.Win32.Wofith.za
    C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    Mitigation   MalwareBlocked
    Timestamp    2019-12-10T07:30:05
    
    Platform     6.1.7601/x64 v793 06_17*
    PID          960
    Application  C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    Created      2019-04-23T20:16:49
    Modified     2019-12-02T22:36:52
    Description  Trojan.Win32.Wofith.za
    
    
    SHA256:	
    d4f99e888c8aee7073b2da85ccd553773210f55288713f129af32d7ec0b5e345
    
    Process Trace
    1  C:\Windows\System32\services.exe [960] 2019-12-10T07:29:53
    2  C:\Windows\System32\wininit.exe [884] 2019-12-10T07:29:53
       wininit.exe
    3  C:\Windows\System32\smss.exe [816] 2019-12-10T07:29:52 811ms
       \SystemRoot\System32\smss.exe 00000000 00000040 
    4  C:\Windows\System32\smss.exe [500] 2019-12-10T07:29:47
       \SystemRoot\System32\smss.exe
    5   [4] 2019-12-10T07:29:47
    
    
     
  15. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi, we've whitelisted the detection on our end.
     
  16. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Great!
    A very swift response! :)
    Thank you very much.
     
  17. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @RonnyT,
    Something is not right with the whitelisting on SurfRight/Sophos end.

    After re-enabling HMPA AntiMalware component and rebooting the system, I got multiple Alerts, again.
    Again, HMPA's AntiMalware component blocks G Data AVKProxy.exe as malware, Trojan.Win32.Wofith.za.
    Again, I had to disable HMPA's AntiMalware component.
    I hope you can give whitelisting G Data AVKProxy.exe another go.

    Code:
    Malware found:
    Trojan.Win32.Wofith.za
    C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    Mitigation   MalwareBlocked
    Timestamp    2019-12-10T09:25:54
    
    Platform     6.1.7601/x64 v793 06_17*
    PID          960
    Application  C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
    Created      2019-04-23T20:16:49
    Modified     2019-12-02T22:36:52
    Description  Trojan.Win32.Wofith.za
    
    
    SHA256:	
    d4f99e888c8aee7073b2da85ccd553773210f55288713f129af32d7ec0b5e345
    
    Process Trace
    1  C:\Windows\System32\services.exe [960] 2019-12-10T09:18:48
    2  C:\Windows\System32\wininit.exe [884] 2019-12-10T09:18:48
       wininit.exe
    3  C:\Windows\System32\smss.exe [816] 2019-12-10T09:18:47 936ms
       \SystemRoot\System32\smss.exe 00000000 00000040 
    4  C:\Windows\System32\smss.exe [500] 2019-12-10T09:18:42
       \SystemRoot\System32\smss.exe
    5   [4] 2019-12-10T09:18:42
    
    
     
  18. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @RonnyT,
    I tried again, re-enabled HMPA AntiMalware component and rebooted the system, and this time I got no alerts.
    I suppose whitelisting on SurfRight/Sophos end was now done correctly.
    Thanks very much.
     
  19. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Why?

    2019-12-26_161109.jpg
    2019-12-26_082835.jpg


    If I switch to HitmanPro.Alert in silent mode, DefenderControl will still not work, but there will be no notification. I can only use DefenderControl, if I uninstall HitmanPro.Alert. More than one program has happened similar. HitmanPro.Alert version 3.7.12 build 793. Windows 10 Pro 64bit version 1909 build 18363.535
     
  20. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Excluding does not whitelist. It does exclude from protection.
    Apps that try to change security settings, are usually malware.
    That's why HMP.A blocks them.
    That's exactly what HMP.A is for.
    You should not ask for an option to whitelist.
     
  21. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    OK. Is silent audit silent protection? Without alarm?

    I also think it would be necessary to have a white list, the responsibility of the user. Without a whitelist, using HitmanPro.Alert is uncomfortable. If there is no whitelist, the user may temporarily uninstall HitmanPro.Alert, which can lead to a much more serious error than whitelist.
     
  22. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @feerf56,
    As mood replied in a thread started by you, feerf56,
    Perhaps it is not defendercontrol.exe that must be excluded, but perhaps Far.exe needs to be excluded?
    Have you tried that?
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    I believe you would have to disable "Application Lockdown" for Far.exe. I've had to do so for several applications, and it definitely reduces security more than whitelisting would. But not doing so is intolerable.

    You may need to reboot for this to take effect. Please search this thread for my own questions about this feature (i.e. "lockdown"), and the responses to them.
     
  24. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Thanks very much, nameless. :thumb:
    Yes, if FAR.exe is one of feerf56's protected programs, disabling mitigation "Application Lockdown" for Far.exe may be better than excluding Far.exe.
    However, in case FAR.exe would not be one of the protected programs, perhaps excluding Far.exe might help, I'm not sure.
     
  25. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Silent audit = protection disabled, no alarm raised, event written to Windows event log.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.