HitmanPro.ALERT Support and Discussion Thread

I have a problem using Hitman Pro Alert v3.1.8.360 with my new TP-Link Archer C5 v2 router. While HMPA is installed the webinterface of my router becomes very very slow. By slow I mean each click on a configuration page takes about 1 to 2 minutes to load. After uninstalling HMPA the problem goes away.

Things I tried that didn't help:
- disabling all protection options in HMPA under Safe Browsing, Exploit Mitigation and Risk Reduction (does HMPA load some driver that maybe causing the problem?)
- trying a different browser ( I tried Firefox, Chrome, Edge and Internet Explorer.)
- Reinstalling HMPA.

I'm using Windows 10 Pro x64
TP-Link Firmware Version: 3.17.1 Build 20150908 Rel. 40831 (this is the latest firmware available)

 

I guess HMPA (or EMET) won't help against this kind of exploit/logical flaw, right?

https://googleprojectzero.blogspot.de/2016/03/exploiting-leaked-thread-handle.html

 

right

 

It seems there is a problem with TP-Link routers ... @simon_777 and I have reported similar issues previously. See here, plus some subsequent posts.

 

Does HitmanPro.Alert 2.6.5.77 do anything to protect my computer? It's an old version, I know, but I'm sure that there are older threats still out there.

Note: I have a paid 3 PCs license for HMP 3.x (including HMPA), so, please don't suggest to upgrade to that version. Thanks.

 

Thx for your reply. I'm curious what the cause is, guess we'll have to wait for Erik or Mark to reply.

 

But HMP.A does detect Hollow Process on 64 bit ? I tested samples and HMP.A generated Hollow Process alerts.

 

so you have just replied to your own question...

Simply, Hollow process test is unavailable on 64bit...

 

Both correct.

 

any news on 3.5?

 

Hollow Process protection is system-wide; not limited to just protected apps. Is this not correct ?

Hollow Process seems a bit tricky on 64 bit; sometimes HMP.A will catch it, other times it will not - but it will detect rapid file modification, control flow, etc.

Sorry, I not completely understand the basics of the HMP.A internal mechanisms.

 

Correct. This as you do not know which process is being hollowed

 

See edit prior post.

 

How does HMPA differ from CryptoPrevent? I'm new to this subject.
How does someone even get hit by a ransom attack?

 

HitmanPro.Alert's CryptoGuard technology works at the driver level and is very simple. A file was first a proper image or document. After ransomware touched it, it is no longer a proper image or document. If this happens en masse, the process is blocked and files are restored. Works on all professional ransomware families: CryptoWall, TorrentLocker, CTB-Locker, AlphaCrypt, TeslaCrypt, Locky, and lots more.

It works without signatures and without cloud connection.

Some background here:
https://hitmanpro.wordpress.com/2016/02/20/are-you-up-all-night-after-getting-locky/

CryptoLocker
https://www.youtube.com/watch?v=5M8YYnXIAlw

CTB-Locker
https://www.youtube.com/watch?v=XrSP-CMjuFk

AlphaCrypt
https://www.youtube.com/watch?v=yBta0cflhIE

Locky
https://www.youtube.com/watch?v=0sZnLr6Qsbw

 

HMPA's CryptoGuard protects by blocking the attempt to encrypt multiple files, while CryptoPrevent protects by blocking access to the folders where ransomeware typically executes. They are complimentary and I use them together.

 

I expect that it still protects against those older threats, but why use it?

 

any known conflicts with bitdefender total security 2016?
What would be the recommended setting for bitdefender intrusion protection module -- low, medium, or high? Or maybe it doesn't matter?
windows 10 pro x64 stable build

edit: and is it compatible with malwarebytes anti-exploit premium?

 

+1
win 10 x64

 

I could be wrong but I thought I read in this thread that Alert 2 users would be upgraded to v3.x.

 

Can't advise on Bitdefender, but regarding MBAE - it is not recommended to run two anti-exploit softs together, you should use one or the other.

 

thanks. now that I am running the paid version of HMPA, I will say goodbye to MBAE

 

I use bitdefender total security 2016 along with HitmanPro.Alert without any problems on my Win10 pro machine.
My bitdefender setting on intrusion protection is medium.

 

Since no further replies were given from either Erik or Mark, I submitted a ticket through e-mail. I will post the answer here.

 

Thanks @denniz