HitmanPro.ALERT Support and Discussion Thread

And CryptoGuard is only one layer. There are other layers which may have prevented the malware in an earlier stage:

 

Just being devil's advocate here, maybe there's still a point in doing CryptoGuard-only test to cater the possibility, no matter how slim, that the whole exploit and other mitigations might fail, or that the malware might even not trigger those mitigations. And so, CryptoGuard, as the last line of defense against ransomware, must act accordingly. CryptoGuard must never say, "This software acts like a ransomware, but it passed the first layers of defense, so I must stay quiet."

 

In the past such tests of CryptoGuard has led to added defenses of the product as a whole, which speaks rather highly of the Developers. But trying to put the same old point a different way, running malware from the desktop will only be invalid if a product has a warning to never expect protection from either saving and running files from the desktop or running files from a flash drive.

But as I am aware of no such protection preclusions...

 

Is a new video in preparation? Or, when can we expect it

 

Yes I agree, it makes sense to test CryptoGuard on its own, because of this reason. But in certain cases, ransomware will be stopped by the anti-process hollowing feature, perhaps you can also test this? Would be interesting to know.

 

Sometime in the next 24 hours (released either before or after I go out)- as to Process Hollowing, there is a Cerber (the first sample tested) that attempts to screw with svchost.

 

I monkeyed around with a Cerber .exe in a Windows 10 VM here a few days ago. I uploaded my CS homework in a .docx file onto the VM. Then I activated the file. I had to turn off Windows Defender, click past SmartScreen & then trigger the .exe. The Cerber ransomware loaded with all of its scary things such as parroting back into the speakers that my files have been encrypted. But surprisingly my file was intact until I disabled cryptoguard. I doubt my test will be as extensive as cruelsister's.

 

Yes, that's what I would like to know, how many of the ransomware samples that you test are blocked by HMPA's process protection.

 

I am getting an Intruder Alert whenever I open a web site in Edge. I am running Windows 10 Home with Alert 3.6.4 build 588, running as a normal user. This seems to happen on any web site; going to the same site in Chrome does not result in any warnings. Scanning with HitmanPro and Zemana AntiMalware shows no issues.

 

Looking like build 589 has some ransomware tweaking coming...

 

Build 589? Has a new build been mentioned?

 

I guess Telos foresees cruelsister's CryptoGuard test to result in modifications in a next HMPA build.

 

The video was published some hours ago (HMP.A build 588 was tested):

HitManPro Alert vs Ransomware
https://www.youtube.com/watch?v=qNTD2kr1q58

 

Stupendous- They are quite good at recoding HMP.A to improve it. Case in point is that they added protection for the original Bart (which zips personal files and password protects the created archives) with Build 588. This was actually a pain as I had a build 586 video completed and had to trash it and redo it as 588 improved the mechanistic detection of the product- very annoying!!

 

Thanks for testing It looks like the "revenge" ransomware was the only one to bypass CryptoGuard; is that correct?

 

HMPA is improving on its ransomware detection but not its removal. If just using HMPA alone then how to recover a mix of files if they were infected by a ransomware? Any recommendation of some software to recover files?

I believe a dedicated antiransom software with files recovery will complement HMPA nicely.

 

When you say "removal" do you mean the removal of the malware? If so that's what HitmanPro is for. HMP.Alert just alerts (and blocks of course) Regarding recovering files if CryptoGuard is not bypassed there no need for recovery, but if it is bypassed then the only thing that's going to help is a decrypter tool.

 

and the "Sage" Ransomware has encrypted all files

 

I meant the removal of the malware. HMPA blocks the ransomware but does it removes the ransomware file from the system?

Thanks

 

The malware is blocked, but it is not removed.
But after a click on "Scan Computer", HitmanPro is scanning the PC and is able to remove it.

 

HMP uses BD and Kaspersky engines which independently are not strong in antiransomware. Now, I believe HMP does not buy the complete BD & Kaspersky engine modules over which makes them worse as compared to BD and Kaspersky products themselves. So you think HMP alone is good for the detection and removal of ransomware?

 

Are you referring to creating restore points with instant rollback or system image roll back.....with scheduling, of course?

 

M

Nice video Noticed a few files were encrypted with the 7-Zip.

AS long as I was there also took a look at your Shadow Defender Vid. Happened to notice you had a pic of a woman with an M below it