HitmanPro.ALERT Support and Discussion Thread

Yes we all know this, but we still use an AV in case you somehow get tricked into downloading malware. And that's also why we use tools like HMPA in case the AV fails to spot the malware. So what I'm saying is, that everything what you're saying isn't really relevant. HMPA is designed to block certain malware, so it should deliver on its promise.

 

Well, then it appears that it's on you to prove that HMPA does not deliver on its promise. Click away on those sketchy links!

 

I'm not really that worried about sketchy links, because even if HMPA fails to block exploits, I got a couple of other tools that should tackle malware. However, I was mainly talking about this new ransomware technique, would be interesting to know if HMPA is already designed to block it.

 

A strange FP while updating PrivaZer:

Spoiler: MalwareBlocked

Mitigation MalwareBlocked
Timestamp 2022-10-29T23:12:08

Platform 10.0.19045/x64 v947 06_5e
PID 6192
Application C:\Users\David\AppData\Local\PrivaZer\PrivaZer_for_Donors.exe
Created 2022-05-29T22:11:59
Description Mal/Behav-048


Process Trace
1 C:\Users\David\AppData\Local\PrivaZer\PrivaZer_updater.exe [6192]
2 C:\Program Files (x86)\PrivaZer\PrivaZer.exe [15224]
"C:\Program Files (x86)\PrivaZer\PrivaZer.exe" C:\Program Files (x86)\PrivaZer\PrivaZer.exe
3 C:\Windows\System32\svchost.exe [1400]
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
4 C:\Windows\System32\services.exe [856]
5 C:\Windows\System32\wininit.exe [560]
wininit.exe

Services
1400 Schedule

Dropped Files

Thumbprints
e79249dc9f0273630f4e7e738c90e862b95e3cd40dfb0d320c906f12aed9417e

 

Another day, another PrivaZer update, another HMP.A false positive.

I've uninstalled HMP.A for now.

 

It's probably because PrivaZer uses Powershell or something. Too bad you can't simply whitelist this tool. But I personally don't like tools like PrivaZer because they trigger too much suspicious stuff.

 

It seems that Sophos has fixed the false postive.
I presume HMP.A as well, no ?

 

@Krusty, you can install HMP.A again.
The false positive is fixed. They have updated their virus definition.

 

Thanks The_PrivaZer_Team. I guess we'll see what happens when PrivaZer updates again.

 

No more black friday deals?
No one even mentioned
First
Bye

 

I got a buy one/get a 2nd year free deal 2 years ago via email in mid-November. So I'll be coming up for a renewal in the near future, but I haven't seen any deals yet!

 

Is there any news?

 

I honestly don't follow the thread but I would like to see HMPA that has the microphone protection and anti-screen capture features.

 

My subscription was just for HitmanPro (scanner) and it just lapsed a few days ago. I recall I would get an email reminder with an offer for a discount and I always took it and renewed. But not this year. Nothing at all.

Hmm, doesn't bode well for some reason but maybe it was just an oversight. Hope everything's OK over there.

 

Maybe the new owners have gone into "Scrooge" mode?

https://www.sophos.com/en-us/press-...on-of-take-private-acquisition-by-thoma-bravo

 

I worried about the future of HMP / HMP.A when Erik left.

 

I think that we all did!

 

HMP.A is upset by PrivaZer updating again.

Spoiler: HMP.A FP on PrivaZer

Mitigation MalwareBlocked
Timestamp 2022-12-03T05:30:12

Platform 10.0.19045/x64 v947 06_25
PID 8924
Application C:\Program Files (x86)\PrivaZer\PrivaZer.exe
Created 2022-12-03T05:29:40
Description Mal/Behav-048


Dropped Files
1 C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\Transcoded_000
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
Read by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
2 C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
3 C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1366_768_POS4.jpg
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
4 C:\Users\Dave\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
5 C:\Users\Dave\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000045d.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
Read by \Device\HarddiskVolume2\Windows\System32\svchost.exe [6608]
6 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
7 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
8 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
9 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
10 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
11 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
12 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
13 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
14 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
15 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
16 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
17 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
18 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
19 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
20 C:\Users\Dave\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
21 C:\Users\Dave\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000045e.db
Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [8924]
Read by \Device\HarddiskVolume2\Windows\System32\svchost.exe [6608]

Thumbprints
7d8f0fd2962e4eec52884404fda4541a861a5ae963211423c58200131249d487

 

Although I still have over a year left on my license I doubt I will renew. In all the time I've been using HMP.A, not once has it protected me, only ever blocked legitimate programs.

 

Perhaps you simply didn't encounter malware, which is a good thing, but I'm sure HMPA would protect you, if you ever did. But I can understand you, false positives are annoying especially if you can't easily fix them. Sophos should put more time into testing HMPA with legitimate software, and make it more easy to whitelist software. For example, last time I checked, it will also warn about Sandboxie.

 

I can't see this product lasting much longer as a standalone. Seems all the code is within the Sophos product and will only be available there sooner or later.

 

One reason that Sophos may want to keep HMPA around as a standalone is that it is likely a useful testing ground for new features to be used in their Sophos Intercept X Endpoint Protection.

https://www.pcmag.com/reviews/sophos-intercept-x-endpoint-protection

 

...I'm weary of being used as a guinea pig.

 

I've had the product for several years. My license expires in 226 days. Doubtful I'll renew this time.

 

I've recently started having the keystroke encryption gobbledygook issue again when typing in Gmail or WhatsApp, etc.
Haven't had that for ages.