HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    HitmanPro and and Alert are already part of the Sophos suite of products. Alert is Sophos Intercept X.
     
  2. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    I have been running this since Monday, and the only issue so far is when I toyed with Microsoft Edge (which I rarely do), I received the following:

    Intruder

    PID 10008
    Application C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    Description Microsoft Edge 11

    Detour Report
    # Address Owner Disassembly
    -- ------------------ ------------------------ ------------------------
    URLDownloadToFileW
    1 0x00007FFAFB9B2250 urlmon.dll JMP 0x7ffacfec0bd8
    2 0x00007FFACFEC0BD8 (unknown)

    EncryptMessage *
    1 0x00007FFB06AD5880 SspiCli.dll JMP 0x7ffac7150b98
    2 0x00007FFAC7150B98 (anonymous)

    FilterConnectCommunicationPort
    1 0x00007FFB06D220A0 fltlib.dll JMP 0x7ffac7150298
    2 0x00007FFAC7150298 (anonymous)

    FilterSendMessage
    1 0x00007FFB06D222D0 fltlib.dll JMP 0x7ffac71502f8
    2 0x00007FFAC71502F8 (anonymous)

    EndTask
    1 0x00007FFB08BE3370 USER32.dll JMP 0x7ffac71503b8
    2 0x00007FFAC71503B8 (anonymous)

    GetMessageA
    1 0x00007FFB08B9E8B0 USER32.dll JMP 0x7ffacfec0cce
    2 0x00007FFACFEC0CCE (unknown)

    GetMessageW
    1 0x00007FFB08BA4840 USER32.dll JMP 0x7ffacfec0c8e
    2 0x00007FFACFEC0C8E (unknown)

    IsDialogMessage
    1 0x00007FFB08BE61F0 USER32.dll JMP 0x7ffac7150958
    2 0x00007FFAC7150958 (anonymous)

    IsDialogMessageW
    1 0x00007FFB08B941F0 USER32.dll JMP 0x7ffac71509b8
    2 0x00007FFAC71509B8 (anonymous)

    PeekMessageA
    1 0x00007FFB08B9E300 USER32.dll JMP 0x7ffacfec0c4e
    2 0x00007FFACFEC0C4E (unknown)

    PeekMessageW
    1 0x00007FFB08B9E430 USER32.dll JMP 0x7ffacfec0c0e
    2 0x00007FFACFEC0C0E (unknown)

    SetWindowsHookExA
    1 0x00007FFB08B82730 USER32.dll JMP 0x7ffac7150a18
    2 0x00007FFAC7150A18 (anonymous)

    SetWindowsHookExW
    1 0x00007FFB08BA7490 USER32.dll JMP 0x7ffac7150a78
    2 0x00007FFAC7150A78 (anonymous)

    SetWinEventHook
    1 0x00007FFB08BA7D70 USER32.dll JMP 0x7ffac7150ad8
    2 0x00007FFAC7150AD8 (anonymous)

    TranslateMessage
    1 0x00007FFB08B95330 USER32.dll JMP 0x7ffac71508f8
    2 0x00007FFAC71508F8 (anonymous)

    CreateDCA
    1 0x00007FFB0AB038A0 GDI32.dll JMP 0x7ffac7150418
    2 0x00007FFAC7150418 (anonymous)

    CreateDCW
    1 0x00007FFB0AB04190 GDI32.dll JMP 0x7ffac7150478
    2 0x00007FFAC7150478 (anonymous)

    DeleteDC
    1 0x00007FFB0AB02080 GDI32.dll JMP 0x7ffac71505f8
    2 0x00007FFAC71505F8 (anonymous)

    GdiAlphaBlend
    1 0x00007FFB0AB05450 GDI32.dll JMP 0x7ffac7150598
    2 0x00007FFAC7150598 (anonymous)

    GdiTransparentBlt
    1 0x00007FFB0AB054E0 GDI32.dll JMP 0x7ffac7150538
    2 0x00007FFAC7150538 (anonymous)

    GetPixel
    1 0x00007FFB0AB04660 GDI32.dll JMP 0x7ffac71504d8
    2 0x00007FFAC71504D8 (anonymous)


    Thumbprint
    d6095eb13ea95426826bd617e82e395041dc94ecfb5ce4cb514816fc2d7c3b53
     
  3. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I am on build 593.

    I understood Erik was working on build 600 as BadUSB and Keystroke Encryption were not working, so not advisable to use yet?
     
  4. plat1098

    plat1098 Guest

    I have build 600 and Keystroke Encryption still isn't encrypting anything, so I would say "no". Checked for updates: none. Nothing in Event Viewer about HMPA. So, nothing yet.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, i'm aware of that. I can't use it with Eset though.
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Because of the mentioned issues I skip build 600, and I am waiting to test the next build 60x beta.
    Regarding build 600, Erik said, "We will address this tomorrow", but I suppose it takes more time than anticipated.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Yes, but so far they are also keeping HMPA a separate product.
     
  8. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Yes, I appreciate that they are doing that. I was originally talking about how I would like to see HMPA monitor for all malicious behavior with their BB instead of primarily focusing on Crypto-malware. I do acknowledge particular attention needs to be paid to Crypto-malware though. Their BB will be only as limited as they decide to make it. The sky's the limit.
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I

    Not sure I understand. The crypto stuff is very minor compared to what the whole product covers, and more is coming. But don't think of it as a BB. Have you actually looked at it?

    Pete
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I have HMPA installed right now. I know Crypto-Guard is one of several modules under risk reduction included in HMPA. I think the Module uses behavior blocking to block the Crypto-malware. I would like to have a behavior blocker that covers just about everything, something similar to Emsisoft. It looks like all the modules collectively covers a lot though.
     
  11. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    Broadly speaking, I may say that HMP.A uses BB because the different components monitor process behaviors, detecting any anomalies in the chain. Maybe the other term for HMP.A's is exploit-chain blocker or malware-chain blocker. Remember the picture of the several stages of attacks used by HMP.A's marketing? :)
     
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Erik, sent you a mail with a hmp.alert-dmp.
     
  13. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I was just auto updated to 593 and everything seems to be good.
     
  14. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Not that I'm into doing the sort of thing this article talks about (I'm not), but I'm curious if HMP.A would stop the behavior described in the report:

     
  15. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    I think you've missed the point. You said:

    As I pointed out, that is already the Sophos suite of products which HMP.A is already part of under the guise of Sophos Intercept X. You simply need to swap to the Sophos suite of products. It is up to you whether you choose to do so or not.
     
  16. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    +1 (10 x64 Creator Update)
     
  17. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Erik announced here that version 3.7 would have real-time malware protection.

    https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-543#post-2672301
     
  18. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    exciting times, HMPA keeps getting better :) Well done to the dev's.

    Hopefully the next build of the big beta update comes soon.
     
  19. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    HMPA v. 3.6.6 Build 593 -- Changelog ?

    Released Today -- 5/25
     
  20. guest

    guest Guest

    HPA will be real time but what about HP?
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    See HitmanPro.Alert 3.6.6 build 593 BETA/RC:
     
  22. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
  23. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I'm guessing the real-time malware protection will come from HitmanPro. Currently, it's an on-demand scanner which you can run from within HitmanPro.Alert or its own executable. Of course, this could be wrong and they have something else lined up for real-time malware scanning. We'll have to wait and see when the preview builds become public to test as I'm sure the closed-beta testers can't discuss it yet.
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I'm not missing anything. I just simply stated some functionality I would like to see in the stand alone product. It's totally up to the developers what they include in their products. Since when is customer feedback a deadly sin?


    I've used Sophos as my gateway AV in the past, but switching to Intercept X is not an option at this time.
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.