Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    I see. So my post, which you quoted, is obviously sheer nonsense, right? And whatever a developer says must be true, right? So if I see something on TV, or on the internet, or read it in a newspaper ad, it must be true, right? Good grief!

    HMP does not run real-time. It runs when the user initiates a scan. THAT is "on-demand."

    A fly swatter & a bug spray work differently but they are both "anti-bug". HMP certainly is not PRO-virus. If it detects a virus, HMP does not act in a friendly way. Instead it acts ANTI-that virus. THAT is "anti-virus." Or AV. Or "anti-malware".

    Upload a file to VirusTotal. Bear witness to the fact that VirusTotal uses a list of dozens & dozens of AVs, all of them competing for the same market as HMP's market. Marketing 101 teaches that you must show (again & again) how your product differs from all its competitors' products -- in a superior, never-before discovered way. In HMP's case, that is mostly a valid claim. It is also valid for many of HMP's competitors.

    IMO, critiqueing my post by quoting a developer's marketing hyperbole is not productive to meaningful discussion.
     
    Last edited: Aug 7, 2018
  2. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    645
    Location:
    USA
    Please calm down. I was only providing info from the developer of the product that you requested we focus on. It was not clear based upon your post that you fully understood the nature of the product being discussed.

    I'm done here.
     
  3. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,846
    @Tinstaafl It is an on-demand scanner, even though it's not using signatures.
     
  4. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    645
    Location:
    USA
    I have been using it for several years, so I understand that. It IS an on-demand scanner, but is not an AV replacement. It is more of a 2nd opinion, clean up tool, for things that a signature based AV may miss. I like that it may be more likely to catch zero day malware, so I choose to use it as part of my layered defenses.
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Me, too -- off & on.

    There are very few AVs around any more that are based exclusively on signatures. 3 of several possible examples: EmsisoftAM, ESET, Kaspersky -- these are by no means limited to signatures. Far from it!

    Ergo, to say that HMP *might* find what these 3 missed is no sounder than saying that these 3 *might* find (on-demand) what HMP missed (on-demand). By this theory, if a 2nd opinion AV is better than 1 AV, then one should proceed to include even more AVs for even more opinions. In fact, that is exactly what Virus Total does, right? By the way, HMP itself uses 4 other AVs to some extent, right?

    The concept of a "second opinion" on-demand scanner is based on the assumption that every security wall MUST include a real-time (patrolling) AV. However, a fully-effective security wall can be built without including any patrolling AV. For instance: OSArmor +EXE Radar Pro 4.x + Comodo FW +HMP +Macrium.

    Of course, there are a number of other security apps that, used in a layered wall, can obviate the need for a patrolling AV & its incumbent overhead. Examples include but are not necessarily llimited to: Appguard, Voodoo Shield, & SpyShelter.

    Bottom line -- Whatever someone's security wall consists of, its real-time components are primarily aimed at *protection* (prevention of infection) whereas HMP & its ilk are aimed *detection* (spotting infections that got through the real-time wall). AS SUCH, I consider that HMP is a valuable adjunct to almost any security set-up. That statement is equally (?) true for Emsisoft Emergency Kit et alia.
     
  6. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,092
    holy moly, you should start your own security blog. couldn't have put it any better. :thumb:
    but i think this combo you offered is an overkill:
    "OSArmor +EXE Radar Pro 4.x + Comodo FW +HMP"
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    You call it overkill, I call it "prudent redundancy". :rolleyes:
    I am merely a security tyro. The little I know I learned from reading posts by the real Pros: itman, FanJ, Blackcat, Umbra, LowWaterMark, Peter2150, Kees, Paul Wilders, Krusty, et alia.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
    Hi @bellgamin ,

    I'm just an enthusiast, certainly no pro.

    Cheers!
     
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,092
    sure but my post was referring to the way you put it. :thumb:
     
  10. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    123
    The HitmanPro 3.8.0 Build 295 is wrong. Because:

    1. HitmanPro is misidentifies some members of Nirsoft Utilities to malware. Nirsoft Utilities is not a malware because they do what I want. On this basis, any file manager is malware (such as Far Manager, Total Commander, Windows Explorer) because I can delete any file with these. I can cause more damage with them if I want to do it than with Nirsoft Utilities.

    2. It takes a long time to remove some files, it's been trying for more than 40 minutes. While I would be able to remove it manually within a few seconds. Why? How can this be?

    I stopped running HitmanPro with the task manager and then I started it again. New search did not find anything. Windows 10 v.1803 Build 17134.191.

    2018-08-14_123147.jpg

    2018-08-14_123739.jpg

    2018-08-14_123817.jpg
     
    Last edited: Aug 14, 2018
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Nirsoft produces many unique apps. Several of those apps use similar tools to those used by malware. Hypothetical examples:
    Case 1: I use a Nirsoft app to uncloak a lost password on my computer. I use that password to get on with my business.
    Case 2: A malware gets onto my computer and uses a *tool* to uncloak my password. Malware then uses that password to steal from me.

    Case 1 & Case 2 use VERY similar behaviors. HitmanPro uses a behavior blocker. As such, it will block BOTH Case 1 & Case 2. Blocking stuff like Case 1 is annoying but if that is the price for preventing stuff like Case 2, I will accept it.
     
  12. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,092
    @feerf56
    if it was based on a blacklist, then it would be a problem, but it's based on a behavior blocking mechanism. so @bellgamin 's argumentation looks valid.
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,331
    Location:
    .
    I didn't know that HitmanPro performs behavior analysis of files that it scans. Is it performed locally during scan, or in the cloud and after cloud analysis those files are blacklisted for all users?
     
  14. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,092
    @Minimalist
    from https://www.hitmanpro.com/en-us/hmp.aspx

     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,331
    Location:
    .
    Thnx @imdb. It doesn't say much about those techniques but it's good to know that they employ them.
     
  16. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,092
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,106
    Location:
    .
    Last edited: Aug 14, 2018
  18. Hijin25

    Hijin25 Registered Member

    Joined:
    Jun 15, 2017
    Posts:
    10
    Location:
    México
    Greetings. I made an analysis and I throw this detection:

    Properties
    Name events.dat-shm
    Location C:\ProgramData\NVIDIA Corporation\NvTelemetry
    Size 32.0 KB
    Time 0.4 days ago (2018-08-14 11:16:20)
    Entropy 5.5
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description Monitor Driver
    Version 6.1.7600.16385
    Copyright © Microsoft Corporation. All rights reserved.
    LanguageID 1033
    SHA-256 6E2D9013D5220BB4D60E1960D91BDF050162BD674BBF27517A3F79616D9B962B

    Scoring (52.0)
    The file is hidden from Windows API. This is typical for malware.
    The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
    The file name extension of this program is not common.
    Program is running but currently exposes no human-computer interface (GUI).
    Time indicates that the file appeared recently on this computer.
    The file is in use by one or more active processes.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.

    Forensic Cluster
    -0.2s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
    0.0s C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-wal
    * C:\ProgramData\NVIDIA Corporation\NvTelemetry\events.dat-shm

    Will it be a false positive or a real threat?

    Thanks in advance.
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,331
    Location:
    .
  20. enemyofarsenic

    enemyofarsenic Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    76
    What is the Virustotal api key for in the advanced tab?
     
  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,132
    Location:
    Outer space
    Afaik HMP lets you scan suspicious files on Virustotal. However, Virustotal doesn't just allow use of it's services like this, so you need to register an account with Virustotal and then you can enter your API key in HMP.
     
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    I like HMP a lot. I would buy a subscription in a heartbeat except the price of just under $25 is unreasonable for an on-demand AV that is basically a 1-trick pony. If anyone spots a sale, I would really appreciate a heads-up.

    Aloha,
    bellgamin
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,218
    Location:
    Among the gum trees
    After the trial HMP is free to scan with. You only need the paid version if you want it to remove malware.
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    10 Q Krusty! I would never clean up malware by any method other than restoring a clean iimage. I want a paid version of HMP because I run it on-demand at least daily. I like to support good software, but not if it is grossly overpriced. ESET often sells via Newegg @ $19.95. HMP doesn''t do nearly as much as Eset. Even so, at $19.95 or lower & I would buy HMP. At its present price of almost $25, I will not.
     
    Last edited: Sep 6, 2018
  25. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Bit the bullet -- I am now a joyful subsciber to HMP. :thumb:
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.