HitmanPro.ALERT Support and Discussion Thread

I ran the 574 installer, it recognised was already installed and it ran a upgrade install.

From what I can see all other configuration is intact.

Extra reboot is a negative as has been 3 reboots anyway since the upgrade.

 

Thanks for the extra details, chrcol.
I don't know what can be the cause of this issue.
I don't recall such issue was reported before (but I may be wrong).
I hope Erik, or Mark, or anyone else has any idea about this issue.

 

I think I need to reduce security software on the laptop, lately I have sort of been going against my principles which is I am using too much 3rd party software vs relying on integrated windows security mechanisms, the cause in other words could easily be everything not playing well together.

Laptop right now has.

eset AV v10 (was updated from v8 last week, everything except http/https scanning and exploit protection enabled)
voodooshield latest beta (which currently seems to be behaving oddly)
HMPA
emsisoft EAM v12 (which is buggy very close to been uninstalled, right now I have its file guard and BB disabled, its just been used for its web protection).
EMET (just using ASR, all other stuff is not used)
WFC
ZAM (automated scanning disabled)

when appropriate security software is whitelisted in each other's settings.

 

The browser vulnerability which allowed this exploit could have been leveraged to deploy any sort of malware of the attacker’s choosing. In this instance the goal was limited, to take advantage of shellcode as a convenient means of collecting and transferring the affected machine’s IP and MAC addresses as well as hostname supposedly to circumvent the identity protections provided by the Tor network.

 

I suspect running ESET and EAM at the same time would cause issues, the rest not so much.

 

That sure is a lot of security software on that laptop.

Regarding EMET, October 5, Erik wrote:

Regarding the other security software on that laptop, I don't know which elements make it too much, which elements are incompatible with HMPA, other than probably EMET.

 

IMO: either eset or emsisoft, not both
either EMET or HMPA, not both
then you will be good

 

The only problems I have with hitman pro alert is now there is bad pricing and no enterprise versions. I go to buy hitman pro alert and its 35 bucks a pc. I am trying to buy for a company about 115 licenses. If I visit the old website its about 1029.00 If go to SOPHOS it is 4090.00!! I say don't buy it and go with someone else. The lack of freindly purchasing has pushed me away I don't care how good it is. Backup software is cheaper along with ANY OTHER AV our there. I wanted to use it as a complimentary solution because it did well against the RAMSIM test. But I also have others that did well. Just an FYI for other IT managers on here.

 

It's already too late, but don't forget that HMP.A has an option to import/export the settings.
Before the next upgrade better export your settings and if you see that your settings are deleted you can simply import them back.

I would rather use only HMPA. Even if you are only using ASR in EMET, both programs offer ASR and might conflict with each other.
Regarding ASR:

 

I am aware but bare in mind I am not using any memory exploit protections in EMET. It actually only hooks into ms office applications and a few limited windows binaries as mentioned in another thread on here to harden against specific ASR related threats. I would be very surprised if EMET was to cause the loss of exclusion configuration.

ESET and EMSISOFT is where I found myself caught between to a/v solutions, I at one point was considering ditching ESET, but am now leaning in the other direction so I wont be keeping both going for long.

VoodooShield I am testing as an anti exe solution, but seems to have turned out to be a more complex program then I expected it to be which was a very simple anti exe. Given the issues I have seen so far with VS this could well have impacted the upgrade.

Of course a bug with HMPA causing the issue is also quite possible.

 

Hi and thanks for your answer @Stupendous Man

I don't have any BSOD. Maybe you are confused with another user ( https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-494#post-2635530 ).
Thanks anyway.

It was only an observation

 

Hello @erikloman

Perfect. That's all.

Thanks a lot.

 

Thanks very much for pointing that out, Libraman.
I sure must have been quite confused, combining your question "What's wrong?" regarding the hmpalert.sys version, with seemingly the issue that JohnDil mentioned. I don't know how that happened, at all. I must have lost my mind, for a moment.
I'll try to do better.


Edit:
Oh, wait, now I see what happened.

To which Erik replied:

To which you, Libraman, replied:

Your question "What's wrong?" must have caused my confusion, leading me to combine JohnDil's issue with your question and messing up.

Good we cleared that up.

 

OK, I see. This is definitely an example of why anti-exploit is sometimes the better choice when compared to anti-executable/white-listing, who can not stop in-memory payloads. The good news is that in-memory malware is almost never used in exploit-kits that are targeting home users, so that's why I wondered what type of malware was used.

 

You know that there is a enterprise version for HitmanPro.Alert which is called Intercept X? It also adds some more Sophos-built technology to it like central management plus a very nice root cause analysis. It's kind of obvious that this will cost more than the same amount of single HMPA licenses.

I doubt that.

 

I've noticed a bug which started when I updated to the Windows 10 Anniversary update and has persisted since. When keystroke encryption is enabled text entered into the search box after hitting the Win+Q combination is encrypted approximately 50% of the time. If I click the Cortana icon or search box there isn't a problem. Also, pressing the Win key or clicking the windows icon in the bottom left of the screen before typing allows normal text entry.

This is on Win10 x64 with Defender as the only other security software running and was replicated on another Win10 x64 machine.

edit: The same problem occurs when using the Win+S shortcut.

 

All working now after numerous installs/uninstalls of various anti-malware programs. Good to support cutting edge work.

 

Hi all

I bet has been discussed before, but I have been searching all over the net for an hour with little luck! I installed hitman pro alert yesterday. It removed 130 malware items! I bought it! I have a microsoft wireless keyboard and randomly it refuses to type certain characters...seems to affect Shift characters the most... I periodically glimpse a box from Hitman that says "encrypting" and sometimes it coincides with the problem. It is not exactly crippling, but REALLY annoying!

Hitman does not appear to have any avenue for customer support... It was only $50 but I have never dealt with a company that has no way to contact them! If anyone knows how to fix this, or can direct me to a thread on it, it would be most appreciated!

 

G'day WmH,

support@hitmanpro.com

 

Oh Wait. Really? I had just started investing in Hitmanpro alert for my corporate.

This is really bad news.

 

The issue is that the OP doesn't want the extra features of Intercept X for that added extra cost. I know I don't either as I am in the same position.

Now the OP has to try to justify a 4x increase in price to their boss. Not going to happen, they will simply ditch HMP.A and I suspect this is going to be a common thing as Enterprise licenses come up for renewal.

Surfright have dropped the ball on this.

 

Yes really. I highlighted this when Intercept X pricing became available and Surfright removed Enterprise licenses from their website.

 

As a temporary fix try disabling keystroke encryption. If HMPA is displaying the Standard Interface click the gear icon and switch to advanced. Then click the keyboard icon in the Risk Reduction area and disable it.

You can send a private message to Erik Loman here on Wilders for customer support.

 

Thanks krusty and SHvFl AND Victek!

 

Hi All

I am new here, just joined yesterday, and I would like to thank again the folks who nudged me in the right direction to solve my problem. The problem turned out to be a bit of a "no-brainer" once I figured it out, but I suppose many problems are so in retrospect. As I am recuperating from surgery, I have a bit of time on my hands, so I just thought I would make a few comments. (This is a discussion board after all!) And I think someone from Hitman (or Sophos) monitors it.

OP:
I bet has been discussed before, but I have been searching all over the net for an hour with little luck! I installed hitman pro alert yesterday. It removed 130 malware items! I bought it! I have a microsoft wireless keyboard and randomly it refuses to type certain characters...seems to affect Shift characters the most... I periodically glimpse a box from Hitman that says "encrypting" and sometimes it coincides with the problem. It is not exactly crippling, but REALLY annoying!

Hitman does not appear to have any avenue for customer support... It was only $50 but I have never dealt with a company that has no way to contact them! If anyone knows how to fix this, or can direct me to a thread on it, it would be most appreciated!
​

SHvFl suggested I disable keystroke encryption, which was good advice. I had thought of it myself, but I had no idea how to do it! I had another look today with less tired eyes and I worked out that there was indeed a way to change the settings, by clicking the little "cog" icon at the top.

SUGGESTION ONE: I know the "cog" icon is a common windows convention, but IT is REALLY small and faint in Hitman. I actually like the simple, stripped down interface of Hitman, in general, but perhaps a second button in colour (say, like above the "benefits" button) and clearly labeled in English "SETTINGS" would have allowed me to solve the problem without seeking outside help!

So once I enabled the ADVANCED settings. I was faced with 3 new buttons, which is not too bad, except the icons seemed to make no sense! But "RISK REDUCTION" turned out to be a winner, first pick! Once I got there, disabling keystroke encryption was no big issue! Problem solved.

QUESTION ONE: Is disabling keystroke encryption a big enough deal to be an ADVANCED option?

The main issue I had with Hitman was that I had to do a lot of detective work to find anything like product support. When I googled "hitman pro support" the first page included mostly "support vendors" for want of a better term. I think these are folks who sit by the phone and charge people money to solve their computer problems when they cannot get in touch with the vendor. Anyhow my best bet at that point seemed to be this forum...

However, at some point during an hour-long googling session, I eventually googled "hitman pro official website". I was getting concerned by now, because I was starting to think I that I was going to have to just uninstall the program to fix the problem, and given after an hour of searching I still had no way to contact the company that made Hitman, I had just flushed $50 down the toilet. To my chagrin my "official website" search turned up both www.hitmanpro.com and www.hitman-pro.com. Now, don't get me wrong...everything, EVERYTHING I have read online about Hitman online was positive. I had even used the product several times (for free!) and it SEEMED to work a charm. BUT(!) two almost identical domain names still made me worry that Hitman was dodgy.

SUGGESTION TWO: A single domain name and more professional website might make Hitman look more legitimate. (The website itself LOOKS fine. However, the INFORMATION it actually contains is lacking. This leads to my next point.)

I eventually worked out that the two domains were crosslinked. That kind of made me feel better. I am really worried about downloading some sort of phishing software from a "look alike" website of a legitimate vendor (that was the source of my concern about "www.hitman-pro.com"). And I think one could understand such concern from someone looking to get rid of malware that was crippling his web browser! I looked all over, I mean ALL OVER, the www.hitmanpro.com site, including the very long, but uninformative "SUPPORT" page.

SUGGESTION THREE: How about an email address for support? (I know this looks like a question ) I mean some vendors even supply an address, toll-free number and even a chat line. I was not expecting all that! But not even an email address on the official website? Again, looks dodgy.

I know it staes on the website, "SurfRight, the creators of HitmanPro, joined the Sophos family in 2015. We are innovators in online security, focused on developing new applicable technologies to fight malware, spam, phishing and other forms of cybercrime with experience and products stretching back over 30 years. Today our products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba."

That is great! BUT utterly unimpressive to someone who wants to ask a simple question about the product. I eventually got an email address, but I had to join this forum and post a question before I could get it! Thanks Krusty!

Finally, I want to say that I believe HitmanProAlert seems to be a great product so far.

And to complete the story...it has a happy ending... After disabling "keyboard encryption" (as what I thought would be a temporary measure), I was about two sentences into an email to support@hitmanpro.com (or was that "support@hitman-pro.com"? ) when the penny I dropped: I vaguely recollected that the box my new keyboard, purchased a few months back, came in mentioned "encryption". In fact, I remember thinking at the time, "Do I really need THAT? Oh well, guess it cannot hurt..." Well, keyboard encryption will STAY disabled in Hitmanpro for now on... With two encryption systems fighting with each other I am actually surprised that the keyboard worked at all!

SUGGESTION THREE: Perhaps, as more people employ hardware with encryption, it may be a good idea to make keyboard encryption DISABLED the default.

Thanks for listening...