Hitman Pro Support and Discussion Thread

I still haven't had the chance to download it. Does this version allow the user to choose whether or not to "Automatically upload unknown suspicious files to the Scan Cloud"?

Thanks

 

Will Himan retain Prevx when version 4 of Prevx is released? I ask because the Prevx people say it (Prevx 4) will function much differently. Or is it just signatures you use?

 

I have been running the 3.5.8 build 120 beta since its release, but after a program update earlier this morning, which I thought was the gold release of 3.5.8 build 120, it has reverted to the 3.5.8 build 119 beta.

A little bit strange....

 

Same just happened here.....strange to see it revert to .119. Maybe they were
just temporarily trying/experimenting with build .120?

 

Hi

I have another FP

File name:
oahlp32.sys
Submission date:
2011-04-05 16:08:08 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

~ VirusTotal Results URL Removed per Policy ~

 

Hi,

one fp on WinXP Pro SP3 IE8 here.

Reported over the GUI in HMP.

regards,

iNsuRRecTiON

 

In this post Mark announced 2 weeks ago our newest patent pending cloud technology embedded in the latest Sitecom home routers.

Now Sitecom released a few movies that explain in layman's terms how Sitecom Cloud Security works and how you can use it:

English:
-http://www.youtube.com/watch?v=NCSzqBebcSA-

German:
-http://www.youtube.com/watch?v=YgnqeJ3MxV4-

Spanish:
-http://www.youtube.com/watch?v=ww32XJsCeGM-

We've put up a page that outlines the new technology:
http://www.surfright.nl/en/hitmanpro/utm

Note: The multi-vendor antimalware filter has a throughput of 50Mbps on the low-end gigabit router (79 EUR).

Compare that to the antimalware solutions offered by other router vendors

 

Congrats. Anyway, while seeing your here - I am back now so if you resend me the translation file for Czech I will update it with the missing stuff.

 

This is not an FP. You are scanning with Early Warning Scoring (EWS). This means that Hitman Pro will list files with an interesting scoring. Nothing more nothing less. It is not saying it is suspicious or malicious, it is just listing it as unknown with a score.

In the near future we will add a help feature to the application so that people understand more what EWS is and what exactly the score means. You should not run EWS on a regular basis. EWS is used by experts to clean unknown malware from a computer.

The other file under Opera is more interesting as it is listed as Suspicious. But I think that is a incomplete download. You've had more of these in the past. I will notify the team to look into this some more to see if we can exclude these from the result list.

Hope this helps.

 

Sorry for this seemingly strange behavior.

The Hitman Pro beta's have an expiration of 14 days. After that it will overwrite itself with the latest released version. Since we did not yet release build 120 you are being reverted to build 119.

This function is in the beta's to prevent running the beta indefinitely.

Sorry for the confusion. We will release build 120 (or 121) in the next couple of days.

 

Well, I have seen it to revert immediately when I installed it over 119 to \Program Files. Would not stick at all, immediate revert when trying to update. Maybe it does not do it when used as portable.

Note, that was about a day after 120 beta was released.

 

You have to keep the file named as HitmanPro35beta.exe otherwise it will not see itself as beta.

The default behavior of non-beta's (released version) is that they check for a new version at startup. So if you strip the 'beta' from the filename it will behave as a released version and install the latest released version.

The beta just postpones this for 14-days.

 

Well, LOL... confusing like hell.

 

If you DO NOT rename the beta you will be upgraded/reverted to the latest version: after 14-days.
If you rename the beta you will be upgraded/reverted to the latest version: immediately.

So if you just leave stuff as is (don't rename), it will work not entirely unexpected

 

Well yeah, I understand what you said. But I kinda did not expect an executable to roll back based on filename, LOL.

 

Thank you very much when did you release the Build 120 via Auto Update Function

 

I did a test on Hitman Pro this morning. I tested Hitman against 3208 samples collected between April 7-8. The collection consisted of mixed types of malware. I don't have the exact numbers for how many of the different sorts. Most of the samples should be considered as 0-day as the majority was released and collected in the last 24 hours.

The test took quite some time perform because most files had never been seen in the 'cloud' before and hence had to be uploaded to Hitman's cloud. One thing worth noticing; most threats detected were detected by the heuristic and generic definitions of Hitman's vendors (GData, Ikarus & Dr. Web seemed to detect most of the identified threats).

Anyhow, here's the result;



Score: 94,64%


That's a score which is quite impressive considering most of the malware were released in the last 24 hours! Hitman really shines when it comes to 0-day threats!

If anyone is interested, I could gather malware for a week and test Hitman against the last week's new malware. That'd be about 14.000 samples of malware.

 

very good and very impresive thanks for testing buddy

 

Count me in as an interested party.

 

me 2

 

How many?
Thanks for testing!
Hope you continue.

 

I guess that means that HMP still uploads unknown files to the cloud service. I wonder when an optional option (sorry for the redundancy...) for that will come out.

 

Alright then! I'll collect malware for a week and test Hitman against those collected samples. Rest assured it'll not be any old samples in the honeypot but brand new 0-day specimen!

 

Yes, all unknown files were uploaded to the cloud in order to be scanned 'in-the-cloud'. At the moment I'm stuck on a 24/3 Mbit connection so the test where I go for 14-16k (4-5 gb of data) samples will take a few hours to conduct.

I agree with you that a user should be allowed to disable file transfers to the cloud. That option is currently not available for me;

 

Sadly, everyone, Hitman Pro simply can't take searching 15k malware samples at the same time. I really would like to do that as I would like to have one, big log file which you, the users, should be able to look through what was actually scanned and detected by each engine etc.

Is there a possible fix for this bug? Hitman freezes after about 1½ hours. Now that I try and re-scan the files Hitman freezes after about 23 mb of disk i/o.

Here's what where Hitman froze the first time after scanning the set of samples for 1½ hours;



Here's Hitman after reboot and several tries to complete the scan but gets stuck at about the same read data each time;



Here's the directory I'm trying to scan full of malware;



Should I expect a possible fix (a new version) for Hitman or is Hitman simply not made to take this kind of hit with malware samples? Even after 4000 samples are scanned the Hitman Pro window begin to stop responding every now and then.

Setup; 4 gb of RAM, Intel Core 2 Duo Q9550 @ 3700 Mhz, Veliciraptor 74 GB 10200 RPM. Win 7 x64 Ultimate SP1.