HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I noticed it when I did my first Macriuim Image of the day. Typically it will start at 120 MB/s and drop to about 65 near the middle of the image and the rise back up again at the end. With V5 it started at 105mb/s and dropped all the way to 13mb/s and stayed there. Subsequent images are with CBT and normally take around 45 seconds. With V5 they took about 2:30 minutes. Then with Acronis, the normal daily incremental is around 3-4 minutes. With v5 it took over 7 minutes. Finally IFW which normally takes around 4 minutes, was chuggging along very slowly. At eight minutes I switched from v5 back go v4 and the speed went back to normal.

    Reproducing is easy just image with V5 on.
     
  2. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242

    Yes.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    No problem on my Win10 x64 1809 machines..

    Nice! :thumb:
     
  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Didn't notice a CryptoGuard v5 slowdown with an incremental just now. No CBT.

    Still can't get Event List though (#1439).
     
  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    In fact it shows the oldest Laatste melding (the first of 23 notifications). All known issues btw: SAM and Sandboxie related.
     
    Last edited: Apr 22, 2019
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    After going all day yesterday with a couple of reboots, and no issues, this morning during boot up I got and RDP alert. System booted but it was a mess and the RDP stuff was all locked. I hit the power reset and did another boot up and all was well. Generated the token file just in case. Will monitor.
     
  7. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Hooray ... at last
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Got an intercept with CCleaner 5.56 (portable) ... could be the experimental CryptoGuard v5.

    Event List panel still 'dies', though I can get to HmP.A events in Event Viewer (albeit with 'snap-in not responding' sometimes.
     
    Last edited: Apr 22, 2019
  9. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    I manually upgraded from 3.7.9 Build 779 Release Candidate to 3.8.0 Build 839 CTP 1. Looks like a very exciting upgrade! The only anomaly I have experienced so far is I received a Malware Blocked alert after trying to fire up TDSSKiller v3.1.0.28. It may be because it generates a couple of hits on VirusTotal? Also, I noticed that the HMPA description for the event (see attachment) appears to be in latin?!?!
     

    Attached Files:

  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    See here..
    https://loremipsum.io
     
  11. guest

    guest Guest

    "Sophos AV" is detecting it as Malware/Generic-S and is therefore causing the alert. You can try this now:
     
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    With CCleaner portable 5.56 a cryptoguard-alert/risk reduction (normal file deletion).

    Detection: Generic.Ransom.N
     
    Last edited: Apr 24, 2019
  13. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Removed CCleaner64.exe from Blocked list (now empty) but the text still shows Geblokkeerde Items 1.
     
  14. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    After the today's alert a correct Laatste melding (i.e. today).
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    @ronny,@markloman I repeated the Imaging test and still see the lag on the Crypto v5. If you can't reproduce and others don't see it, then I suspect it's a conflict with Pumpernickel, in which case I will just stay with Crypto v4.

    But you might want to test with some other dedicated Ransomware programs.

    Pete

    PS other than that this version is really nice. Well done
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Pete, I also don't use Image Guardian and have Pumpernickel on the same machine and not noticing a slowdown with CryptoGuard v5 ticked (no 'scientific' testing though!).
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    'Hmm. So it may be something else, because I can measure the effect across all my imaging stuff.
     
  18. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    I see the slow down making a image (MR), about 16mb/s torwards the last part and stays until finished with Crypto 5.
    I thought it might have been the net-frame update for April.
    This is Windows 7x64.
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I was also on Win 7 x64 and saw about the same speed, as opposed to about 70 mb/s
     
  20. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    We're going to address this, no worries. Will take 2 to 3 weeks though. Stay tuned! You can switch to CG4 in the meantime. Thanks guys!!
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Mark

    I have no doubt or worries. I am back on CG4 and will test the fix when you announce it.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Bad USB Mitigation keeps disabling itself. Is anyone else seeing this? I'm using HMPA 3.79 build 779. I saw the same behavior in the build prior to this. I'm using Windows 10 x64 Pro version 1709.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Should probably be posted in the non-beta thread now: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-615#post-2823552

    Now that you mentioned it, I checked and it was disabled on the machine recently upgraded to 779 (Win 10 Home v1803). Don't know when it happened.

    Not seeing it on build 839 CTP1 though ... (Win 10 Pro v1809).
     
    Last edited: Apr 27, 2019
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I think my problem may just be a timeout issue. I can open Event Viewer, though it may take a little while.
     
  25. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi All

    Is anyone having an issue with the Anti-Malware component?

    Mine (under Build 839) is showing as enabled but when I attempt to run a scan...a few seconds after the start of the scan I get a 'Failed' label appearing to replace the 'Anti-Malware' label in the main GUI.

    I was getting this on the same system when running the latest stable build (779). Have never seen that before and cannot work out why it is happening. Have noticed it before but then I have not run a scan for a week or so hence not really sure as to when the issue started. Do not have the 1903 Windows build installed BTW.

    Thanks in advance, Baldrick
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.