HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    174
    Installed 857. It works fine except:

    I am still having trouble with "bad usb". When it is enabled, my usb keyboard does not work. I cannot type any characters in an entry box on the screen. If disable "bad usb" I can immediatey use the keyboard agin. I have been having this issue for quite some time. I figured it would be fixed eventually, but hasn't been todate. Anyone else having this issue?

    I am using a switcher to connect several computers to 2 monitiors.
     
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Auto-updated from 839 CTP3 to 857 Beta after notification of update, and reboot. No issues.

    My question is: Having fifddled with it, I am not sure now if Remote Desktop Lockdown was disabled or enabled by default?

    I think it was disabled by default?

    If I enable, it recommends creation of a token file - if I then create that and try to save it to root of C: I get the attached message, even though I am logged in with Admin privileges ... could be some security soft intervening, though I don't know which one (EAM, though I doubt it?).

    Should I leave it disabled, or is there something else i should try / do to enable?

    Edit: On review of Release notes, I see default is off. But my question remains, as I like to have as many protections active as possible.
     

    Attached Files:

  3. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    Hallo,

    After notification update to versie 3.8.0 built 857 Beta and reboot. No issues.
    Works fine here on Win 10 Pro 674bits versie 1909
     
  4. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    On the question default "Enabled or Disabled" CTP builds where enabled, since Beta we'll go for disabled, however upgrades or config imports can stay or set to enabled.
    On the question to Enable or Disable, do you have RDP enabled and configured? if not e.g. firewall blocks incoming traffic to the machine, or RDP / Remote assistance is disabled then there is little use to enable this feature.

    If you do use RDP to remotely manage the machine running Alert you can enable, save the file in an other location for now.
    First make sure you share the local drive where you stored the file with the remote machine (so from the machine not running alert/rdp guard) remote desktop setting (show options, local resources).
    That drive should then show up as a mounted drive in the remote session.

    If the file is in the root of that shared drive e.g. (D:\) then it should detect the file and auto-unlock.

    If that fails you can manually point Alert to the token when the black fly-out is shown in the remote session.
    Click on it and the chose file dialog should appear, point it to the token file and it should unlock the session.
     
  5. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands

    Attached Files:

  6. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    I had to remove HitmanPro to keep doing my work on the forums.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks Ronny for explaining.

    Figured I don't need it, as I see now I have remote desktop connections disallowed ... will leave it disabled.
     
  8. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Thanks for reporting, you can untick "Application lockdown" for Firefox and you'll be able to run all other protection features.
    You can also try to "Suppress similar" alerts if the trigger is always the same that should work. (You do have to close Firefox and restart that after the change for it to work).
    If that for some reason doesn't work either please try a system reboot.
     
  9. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Can you post a screenshot of BadUSB -> USB Keyboard devices panel? should show "List of currently connected keyboards".
     
  10. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Suppress similar for AV works based on the SHA256 of the file, so as long as the hash doesn't change there should be no repeated alerts.
    There is however a bug that we need to fix, if you Suppress similar for the first time the AV module doesn't get updated, so you have to Disable/Enable the AM feature before it "unblocks" the desired application.

    Currently there is no way to whitelist other then having to run in to an alert first.

    For Credential theft protection suppression should work, but I'll see if I can reproduce that, but could well be that also needs a Disable/Enable.
     
  11. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
  12. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    Hello,


    I have reinstalled HitmanPro.Alert (Version 3.8.0 build 857, Beta) that went well.

    I have tested whether the .txt files can now be opened and now I am no longer notified in Firefox.

    Has an adjustment been made?
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I downloaded the latest SpywareBlaaster in Firefox 71, clicked the downloads folder to install and got a "Lockdown" Alert.

    How do we get the content of that alert to you?
     
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    And what are all of these?? I did NOT receive ANY 'Alerts' except for today's.
     

    Attached Files:

  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I uninstalled Build 857 including deleting c:\programdata\hitmanpro.alert\excalibur.db, restarted my machine and installed Build 793. Brave Browser was not detected automatically so I manually added Brave. First time I have ever had to manually add a browser.
     
  16. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    174
    upload_2019-12-7_21-17-30.png
    upload_2019-12-7_21-18-3.png

    Here are the screen shots.
     

    Attached Files:

  17. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    Hello,

    I downloaded the latest SpywareBlaster in Firefox 71, clicked the downloads folder to install and got a "Lockdown" Alert.






    I have uintick Application lockdown and Firefox is opening now.
     

    Attached Files:

    Last edited: Dec 8, 2019
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Gees, that sounds familiar! :rolleyes:

    It is common courtesy that when you quote someone you give credit to that person, otherwise it is plagiarism.

    Thanks.
     
    Last edited: Dec 8, 2019
  19. OB1W4N5

    OB1W4N5 Registered Member

    Joined:
    Jul 27, 2015
    Posts:
    29
    Same thing happening here. Thank you for the fix.
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    I also experience Lockdown alerts with build 587 in Firefox 71, even when opening a Magnet link.
    Wasn't Lockdown disabled by default in the past for browsers?
     
  21. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    Ok I am adding the missing ticks back and will see how it goes, thanks.
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Did a test with Firefox 71 sandboxed. No Lockdown recovering out the sandbox after downloading Spywareblaster 5.6 from the Brightfort-site (Save file to dekstop). Using build 857 BETA.

    Win10 1909 build 18363.476 x64/Norton Security v22.19.9.63
     
    Last edited: Dec 10, 2019
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    PrivGuard (build 587 BETA) with Sandboxie 5.31.6 and Firefox 71. Long time ago the last one (known issue).

    1.JPG

    Win10 1909 build 18363.476 x64/Norton Security v22.19.9.63
     
  24. Merlucius

    Merlucius Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    17
    Location:
    uk
    I never managed to find a clean copy of Process Hacker download it 3 - 4 times, always SHA-256 shown an infected file on VirusTotal.
    Do you have clean Process Hacker?

    ~ Removed VirusTotal Results Image as per Policy ~
     
    Last edited by a moderator: Dec 14, 2019
  25. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello @Merlucius ,

    Unfortunately, Process Hacker is classified as a hacking tool/PUA/PUP (potentially unwanted application/program) by several anti-malware vendors since it has been and can be used maliciously. There is not much that can be done about this. My advice is that if you trust the vendor of Process Hacker and want to use it, always download it from the vendors site (https://wj32.org/processhacker/nightly.php for the nightly builds) and verify the SHA2 hash and/or use Process Hacker's internal updater. If your anti-malware solution detects it, you will either have to add an exclusion for it or find another workaround. Probably not the answer that you are looking for but I hope it helps...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.