HitmanPro.Alert BETA

Unfortunately the license I was given expired a long time ago and I don't have a license to test the beta versions.

 

I remembered, you already mentioned it. I did it and now everything is OK! Thank you!

 

Build 907 working fine (Windows 11 Pro 22000.71 on seventh generation Intel Core-based PC, 4GiB RAM).

 

Very disappointing that you guys don't answer technical questions anymore, see link 1. I have already found it, this is about the Trusteer bypass, see link 2. Would HMPA protect against such a thing? And of course I understand that you guys are busy and don't want to give away all of the technical details, but some more info would be welcome.

https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-75#post-3018340
https://www.adlice.com/carberp-anti_rapport-beating-trusteer-protection/

 

I agree. It's great marketing when and if they demonstrate that HMP.A would have stopped (for example) the Colonial Pipeline hack.

 

You could check the Twitter-account of Mark Loman.

https://mobile.twitter.com/markloman

 

Thanks for the info. I'll check it out. But trying to follow Twitter threads is a confusing, frustrating experience for me.

 

Yes exactly, why not give some more info on the HMPA website about all of the protection options? Speaking of protection, I keep reading that nowadays lots of trojans are stealing passwords stored by browser, will HMPA also protect against this in the near future?

Yes same over here, I hate Twitter, it has a horrible design. I'm not a fan of Facebook either.

 

Here is an example of a browser-password stealing trojan, would be nice if HMPA could block this, in addition to protecting cookies.

https://www.cyberark.com/resources/threat-research-blog/raccoon-the-story-of-a-typical-infostealer

 

That's exactly what the new CookieGuard protection does, prevent stealing of cookies and passwords for the Chromium fleet of browsers. Not looked at this specific sample, but in general when we terminate the attempt on the browser, the other collected data is still on disk and not packed and send out yet, so as a side effect it also protects the loss of other application creds that where perhaps already harvested in that case.

 

Please check your DM for a new license

 

If something else then the browser it self tries to access the browsers cookies or credentials it will be terminated, extensions is a but of a different thing, that's not covered and requires completely different techniques.
As a side effect we see a load of 'stealers' also get terminated in the process, while they are still collecting credentials, and so we terminate them before they can compress and send-out, so it has a neat side-effect in that.

Yes that's the case, but as always there are some vendors who (ab)use this to 'protect and detect' being tampered with so it requires a few tweaks.

 

OK thanks for the info, sounds very cool! So if I understood correctly, it's not just cookies that are being protected but also browser credentials. So perhaps you might want to rename this feature and why not update the HMPA site with some more technical info, seems like a major selling point.

 

Speaking of credential stealers, did you guys test HMPA against this type of malware?

https://attack.mitre.org/techniques/T1555/003/
https://attack.mitre.org/techniques/T1555/004/

 

003 is exactly the reason we build this protection.

 

OK cool, I believe none of the other security tools offer such a feature, including SpyShelter. BTW, I installed the latest HMPA on Win 10 1909 but I can't get the GUI to load via the tray-icon after it has been closed, so it's clearly malfunctioning, major bummer. Of course I did reboot my system, but it still won't work. Also, can I get a license purely for testing?

 

How are you tying to open Alert? I find double-clicking the tray icon works.

 

Also, I assume HMPA's banking protection feature is watching for this stuff, see link 1. However, it doesn't try to block it, it simply alerts whenever it sees that certain browser API's have been modified in Chrome, Firefox, Edge and I assume also in Vivaldi and Opera, is this correct?

From what I understood, banking trojans are still being actively developed. But they mostly target online banks with a weak protection. For example with ABN Amro it's hard to steal money because of the hardware based authenticators, it's shocking that most banks don't use it and rely on 2FA via SMS, which is of course vulnerable to SIM swapping.

https://attack.mitre.org/techniques/T1056/004/
https://www.onespan.com/products/hardware-authentication

 

Believe me it really doesn't work, the GUI won't show up. The tray-icon seems to be displayed normally. The only time I get to see the GUI is after install, but if you close it, it's game over. Also, I'm not really that happy with the GUI, it's very good looking but it's a bit unhandy if you want to quickly enable/disable stuff, but I will explain it a bit more if I can get HMPA to work normally.

 

Weird, is this machine logged on with more that one user simultaneously? (we seem to have an issue in that scenario where the first logged on user is able to use the GUI but the other account not, it just flashes open and closes directly).

 

No there is only one user, namely me. Other tools that I have installed are AppCheck, SpyShelter, OSArmor, Sandboxie, Secure Folders, TinyWall and of course Win Defender. But I don't see how these apps would interfere with HMPA's GUI. In the past I didn't have this problem, now that I think of it, I forgot to test older versions. But this is exactly the reason why I never stuck with HMPA, it's technically one of the best, but I always have weird problems with it.

 

I may be wrong but I have a sneaking suspicion that your issues may be: Appcheck, OSArmour, Sandboxie, Secure Folders, Tiny Wall, Defender HMPA. Too much.

 

Yes, I can understand that you might think this. But all of these tools work just fine together, no system slowdown or stability issues and they hardly use any CPU or RAM. And I have just reinstalled HMPA and guess what, I can launch the GUI via the shortcut, but the tray-icon doesn't respond to anything. To be fair, other system icons in the tray like volume and battery control stopped working months ago when I installed some Windows system update, but I don't see how HMPA should be affected by this.

 

I hope you will be figure this out. Of course I will also perform a full PC reset, because my Win 10 1909 installation is partially broken, that's why it's best to avoid Windows Update as much as possible, it's going to cost me so much time having to reinstall and reconfigure all of my apps. But still, no other third party app gives me problems with tray-icons, so there must be something wrong with HMPA, like you said yourself.

 

I have finally been able to take HMPA 3.18.14 build 907 for a test drive.

Seems like keyboard encryption is working correctly, but it gives me problems with certain symbols during typing and how to disable the encryption notification, it's a bit annoying. And does it protect every app like like KeyScrambler and SpyShelter, or only the browsers? And it's not clear to me how to add apps to the Exploit mitigations, or does HMPA decides this?

Also, I don't see the CookieGuard in the settings, is this part of the Credential Theft feature? If so it should be made more clear especially since it also protects browser credentials. And it would be handy to have tooltips when you hover over the Risk Reduction icons.

The good news is that so far I don't seem to have any conflicts or false alerts, I did needed to add hmpa.exe to SpyShelter's exclusion list when it came to keystroke encryption. Also, what's up with the constant phoning home stuff? If malware protection is disabled, this shouldn't be needed.