Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,

    My HitmanPro just auto-updated to version 3.8.0 build 295. There was no information on their website as of this posting, however the new version is available for download there (the website states build 294 but build 295 actually downloads).
     
  2. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    630
    Location:
    Planet Earth
  3. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    323

    Attached Files:

  4. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,638
    Location:
    Under a bushel ...
    Seeing the same here, my 'Quick Scan' just finished now after much longer than normal 17+ minutes.
     
    Last edited: Jun 28, 2018
  5. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    323
    After repeated shutdowns and restarts (about 3 times) of HitmanPro, it worked normally.
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    A friend reported that after HMP automatically updated to build 295 she did a HMP scan and HMP gave a false positive for excalibur.db-shm.
    HMP reported excalibur.db-shm as suspicious (in Dutch: "Verdacht").
    C:\ProgramData\HitmanPro.Alert\excalibur.db-shm
    My friend rebooted the computer and did a new HMP scan, and now all was well.

    Edit:
    Further details for my friend's system, in case that is relevant in any way:
    Windows 7 x64, with G Data IS, HitmanPro.Alert 3.7.6.739, DEP enabled for all programs and services, SEHOP enabled, UAC most secure setting, standard user account.
     
    Last edited: Jun 29, 2018
  7. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    630
    Location:
    Planet Earth
    That's possible this file is on disk during the gathering of interesting things to scan and when the scanner kicks in the file is no longer on disk, so that is 'suspicous' from a behavioral point of view.
    In this case it's a tmp file from the excalibur.db, nothing to worry about.
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    How can it be there when HMP is gathering and not when it is scanning?
    Isn't there always an excalibur.db-shm in C:\ProgramData\HitmanPro.Alert?
    If I look for it, it is there.
    If it is always there, there is no 'suspicious' behavior, I would think.
    In that case, if it is always there, and there is no 'suspicious' behavior, why would HMP report a safe HMPA file as 'suspicious'?
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Does anyone here run HMP together with another antivirus?
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,836
    Location:
    the Netherlands
    Do you mean HitmanPro.Alert (HMPA), not HitmanPro (HMP)?

    The HitmanPro scanner is part of HitmanPro.Alert, but there is also the standalone HitmanPro scanner.
    This is the thread for the standalone HitmanPro scanner.
    The standalone HitmanPro scanner is an on demand scanner, to be used as a second opinion scanner, next to other protection such as an antivirus program.

    There is a different thread specifically for HitmanPro.Alert.
    First, HitmanPro.Alert was meant as an additional active protection next to other protection such as an antivirus program.
    I guess most users still use an antivirus program with HitmanPro.Alert.
    In my signature, you can see that I use HitmanPro.Alert with G Data antivirus.
    Most antivirus programs work well with HitmanPro.Alert, with some exceptions, sometimes some option needs to be disabled or some setting needs to be changed or exclusions need to be made.
    Nowadays, HitmanPro.Alert could be used as more or less full protection, without an antivirus program next to it.
    I don't know what percentages of users use HitmanPro.Alert with or without antivirus program.

    Does this answer your question?
     
  11. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    I don't believe that HMP was intended to be an antivirus replacement. I run HMP & HMPA with a real-time antivirus.
     
  12. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I thank you both for the explanation. Yes, it was HMP is was asking about, not HMPA.

    Aloha from Hawaii,
    Bell
     
  13. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,182
    Location:
    The Netherlands
    Some false positives:
    Code:
    Suspicious files ____________________________________________________________
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71E9BCE111E9429C\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : A8D9243B5F6EA04B1C7FC178EFAFA93391AA7B471E13B6FB24EE6F7840A9ABEF
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb\15.0.0.0__71E9BCE111E9429C\Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 0607F30C58AF4EE9287C80DC4EB6032D084470F2CA544F22A72A3D480034BFC7
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.11.0.Microsoft.Office.Interop.Visio.SaveAsWeb
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71E9BCE111E9429C\Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : D03F38A1A142D0E4EE1B7BACB4A6ED5DE5FD3396D3A62B295316F76D79CEC8B9
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.12.0.Microsoft.Office.Interop.OutlookViewCtl
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Visio.SaveAsWeb\15.0.0.0__71E9BCE111E9429C\Policy.12.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 7AA932461A469CF1E27458EB31CCBE1AC3ABC82C6FAABF10CC48F9064D79F911
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.12.0.Microsoft.Office.Interop.Visio.SaveAsWeb
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl\15.0.0.0__71E9BCE111E9429C\Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : AFEF4215369138F9A65832A7DFC607A4C304C090E8738D71CBE3B1B744713E79
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.14.0.Microsoft.Office.Interop.OutlookViewCtl
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
    
       C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Office.Desktop_16040.10325.20082.0_x86__8wekyb3d8bbwe\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.Visio.SaveAsWeb\15.0.0.0__71E9BCE111E9429C\Policy.14.0.Microsoft.Office.Interop.Visio.SaveAsWeb.dll
          Size . . . . . . . : 11.944 bytes
          Age  . . . . . . . : 1.4 days (2018-07-28 09:07:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 4B711C422B5338678EF3E390ED0AA9EDFBF3F27A3C1AB24BF7F3844D67120149
          Product  . . . . . : Microsoft Office 2013
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : Policy.14.0.Microsoft.Office.Interop.Visio.SaveAsWeb
          Version  . . . . . : 15.0.4420.1017
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 22.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Time indicates that the file appeared recently on this computer.
     
  14. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I am interested in HMP, not HMP.A. It seems that this HMP forum has become very quiet. Has most everyone moved over to HMP.A?

    By the way, I can see them asking a goodly price for HMP.A, but I wonder why they charge $24.95 for HMP -- isn't that a bit steep for an on-demand, 2nd opinion scanner?

    I run Win7 64. What does HMP 64 have that HMP 32 doesn't?
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,193
    Location:
    Among the gum trees
    You can't really compare HMP and Alert. HMP is a scanning tool while Alert is an anti-exploit that can use HMP to scan for malware.
    Scanning with HMP is free but you need a license to remove any malware it finds.
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    When you buy one you get them both.

    I should clarify... when you purchase HMP.A you also get HMP, but not the other way around. Last I heard, and from what I understand. ;) Which probably does not address your question. Sorry. Just posting to increase my post count. :cool:
     
    Last edited: Aug 4, 2018
  17. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    HMP.A is the one that will protect you from exploits. HMP is on-demand scanner for clean-up. HMP license is included with HMP.A, and is run whenever you click the 'Scan Computer' button in HMP.A.
     
  18. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Thanks for the reply. The reason I posted in THIS thread is because I am interested in HMP. As I understand it, HMP is an on-demand, & that kind of AV scanner is exactly what I need. I do not need the ".A" of HMP.A because I run OSArmor, MalwareBytesAntiExploit(MBAE) & NoScript. If an exploit gets past that gruesome threesome, it deserves my admiration.

    So please... may we stick to discussing HMP? To wit, is HMP single engine or does it have >1 engine? If so, which engines? AND does HMP have a behavior blocker, or HIPS, or super-power heuristic, or what -- in order to deal with zero-day stuff? PLUS I cannot find anywhere that HMP has been formally tested by a Test Lab. Has it ever been? If so, link please.

    Grace & peace to all,
    Bell
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    https://malwaretips.com/threads/what-are-hitmanpro-engines.65379/#post-563601

    https://www.wilderssecurity.com/threads/how-is-herdprotect-doing-it.374702/#post-2474784

    https://www.wilderssecurity.com/thr...gree-assessment-certification-q1-2018.403947/
    https://www.wilderssecurity.com/thr...ecurity-certification-project-q1-2018.405222/

    https://www.mrg-effitas.com/test-library/
     
    Last edited: Aug 5, 2018
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Not sure if we have the same definition of HIPS and behavior blocker, but for me they're realtime protection tools and as you already said, HMP is on-demand.
    Regarding zero day, in addition to some engines in the cloud from other vendors, HMP has it's own behavioral detection engine. You can also enable Early Warning Score mode scanning to flag more stuff that looks suspicious, but note it is meant for experts, it can also flag files that belong to Windows or other legitimate programs.
     
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I am running HMP. Where can I locate HMP's quarantine file?
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    When you open HMP, go to Settings, then History.
     
  23. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    Got it, Roger. Many thanks!
     
  24. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    HMP is not actually an on-demand AV scanner.

    This link posted earlier by @anon sums it up well. https://www.wilderssecurity.com/threads/how-is-herdprotect-doing-it.374702/#post-2474784

    From the developer:
     
  25. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,099
    Location:
    Hawaii
    I see. So my post, which you quoted, is obviously sheer nonsense, right? And whatever a developer says must be true, right? So if I see something on TV, or on the internet, or read it in a newspaper ad, it must be true, right? Good grief!

    HMP does not run real-time. It runs when the user initiates a scan. THAT is "on-demand."

    A fly swatter & a bug spray work differently but they are both "anti-bug". HMP certainly is not PRO-virus. If it detects a virus, HMP does not act in a friendly way. Instead it acts ANTI-that virus. THAT is "anti-virus." Or AV. Or "anti-malware".

    Upload a file to VirusTotal. Bear witness to the fact that VirusTotal uses a list of dozens & dozens of AVs, all of them competing for the same market as HMP's market. Marketing 101 teaches that you must show (again & again) how your product differs from all its competitors' products -- in a superior, never-before discovered way. In HMP's case, that is mostly a valid claim. It is also valid for many of HMP's competitors.

    IMO, critiqueing my post by quoting a developer's marketing hyperbole is not productive to meaningful discussion.
     
    Last edited: Aug 7, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.