Installed 857. It works fine except: I am still having trouble with "bad usb". When it is enabled, my usb keyboard does not work. I cannot type any characters in an entry box on the screen. If disable "bad usb" I can immediatey use the keyboard agin. I have been having this issue for quite some time. I figured it would be fixed eventually, but hasn't been todate. Anyone else having this issue? I am using a switcher to connect several computers to 2 monitiors.
Auto-updated from 839 CTP3 to 857 Beta after notification of update, and reboot. No issues. My question is: Having fifddled with it, I am not sure now if Remote Desktop Lockdown was disabled or enabled by default? I think it was disabled by default? If I enable, it recommends creation of a token file - if I then create that and try to save it to root of C: I get the attached message, even though I am logged in with Admin privileges ... could be some security soft intervening, though I don't know which one (EAM, though I doubt it?). Should I leave it disabled, or is there something else i should try / do to enable? Edit: On review of Release notes, I see default is off. But my question remains, as I like to have as many protections active as possible.
Hallo, After notification update to versie 3.8.0 built 857 Beta and reboot. No issues. Works fine here on Win 10 Pro 674bits versie 1909
On the question default "Enabled or Disabled" CTP builds where enabled, since Beta we'll go for disabled, however upgrades or config imports can stay or set to enabled. On the question to Enable or Disable, do you have RDP enabled and configured? if not e.g. firewall blocks incoming traffic to the machine, or RDP / Remote assistance is disabled then there is little use to enable this feature. If you do use RDP to remotely manage the machine running Alert you can enable, save the file in an other location for now. First make sure you share the local drive where you stored the file with the remote machine (so from the machine not running alert/rdp guard) remote desktop setting (show options, local resources). That drive should then show up as a mounted drive in the remote session. If the file is in the root of that shared drive e.g. (D:\) then it should detect the file and auto-unlock. If that fails you can manually point Alert to the token when the black fly-out is shown in the remote session. Click on it and the chose file dialog should appear, point it to the token file and it should unlock the session.
Hello, After the new update I can no longer open txt files, I get the following message and Firefox is closed. https://www.imgdumper.nl/uploads9/5deb897d053ae/5deb897cf3780-hitmanpro.png
Thanks Ronny for explaining. Figured I don't need it, as I see now I have remote desktop connections disallowed ... will leave it disabled.
Thanks for reporting, you can untick "Application lockdown" for Firefox and you'll be able to run all other protection features. You can also try to "Suppress similar" alerts if the trigger is always the same that should work. (You do have to close Firefox and restart that after the change for it to work). If that for some reason doesn't work either please try a system reboot.
Can you post a screenshot of BadUSB -> USB Keyboard devices panel? should show "List of currently connected keyboards".
Suppress similar for AV works based on the SHA256 of the file, so as long as the hash doesn't change there should be no repeated alerts. There is however a bug that we need to fix, if you Suppress similar for the first time the AV module doesn't get updated, so you have to Disable/Enable the AM feature before it "unblocks" the desired application. Currently there is no way to whitelist other then having to run in to an alert first. For Credential theft protection suppression should work, but I'll see if I can reproduce that, but could well be that also needs a Disable/Enable.
Hello, I have reinstalled HitmanPro.Alert (Version 3.8.0 build 857, Beta) that went well. I have tested whether the .txt files can now be opened and now I am no longer notified in Firefox. Has an adjustment been made?
I downloaded the latest SpywareBlaaster in Firefox 71, clicked the downloads folder to install and got a "Lockdown" Alert. How do we get the content of that alert to you?
I uninstalled Build 857 including deleting c:\programdata\hitmanpro.alert\excalibur.db, restarted my machine and installed Build 793. Brave Browser was not detected automatically so I manually added Brave. First time I have ever had to manually add a browser.
Hello, I downloaded the latest SpywareBlaster in Firefox 71, clicked the downloads folder to install and got a "Lockdown" Alert. I have uintick Application lockdown and Firefox is opening now.
Gees, that sounds familiar! It is common courtesy that when you quote someone you give credit to that person, otherwise it is plagiarism. Thanks.
I also experience Lockdown alerts with build 587 in Firefox 71, even when opening a Magnet link. Wasn't Lockdown disabled by default in the past for browsers?
Did a test with Firefox 71 sandboxed. No Lockdown recovering out the sandbox after downloading Spywareblaster 5.6 from the Brightfort-site (Save file to dekstop). Using build 857 BETA. Win10 1909 build 18363.476 x64/Norton Security v22.19.9.63
PrivGuard (build 587 BETA) with Sandboxie 5.31.6 and Firefox 71. Long time ago the last one (known issue). Win10 1909 build 18363.476 x64/Norton Security v22.19.9.63
I never managed to find a clean copy of Process Hacker download it 3 - 4 times, always SHA-256 shown an infected file on VirusTotal. Do you have clean Process Hacker? ~ Removed VirusTotal Results Image as per Policy ~
Hello @Merlucius , Unfortunately, Process Hacker is classified as a hacking tool/PUA/PUP (potentially unwanted application/program) by several anti-malware vendors since it has been and can be used maliciously. There is not much that can be done about this. My advice is that if you trust the vendor of Process Hacker and want to use it, always download it from the vendors site (https://wj32.org/processhacker/nightly.php for the nightly builds) and verify the SHA2 hash and/or use Process Hacker's internal updater. If your anti-malware solution detects it, you will either have to add an exclusion for it or find another workaround. Probably not the answer that you are looking for but I hope it helps...