HitmanPro.Alert BETA

I'm sorry haven't scrolled back to the posts, but just Credential theft protection on it's own (don't enable SAM) should run fine and protects you from e.g. mimikatz from stealing your Windows credentials from memory.
But if one of the others cover that then it's redundant.

 

Okay thanks may enable again sometime.

 

+1

 

Well, I would like a feature to load microcode updates to protect against side channel attacks. A lot of manufacturers don't provide them, though MS is making them available but only for Windows 10. I don't know however if HMP.A is able to do this early enough in the boot process for it to be effective.
Some smaller points:
-Exclusions from realtime protection(afaik already on roadmap)
-Notification of expiring license(also already on roadmap)
-Improve HMP.A's original functionality, the browser protection. It failed against the Event Tracing for Windows -CLI method: hxxps://www.mrg-effitas.com/wp-content/uploads/2018/06/MRG-Effitas-2018Q1-Online-Banking.pdf

 

- an option in tray icon to disable all mitigation and risk reductions; and to exit the GUI.
- the option to scroll applications (in Mitigation) vertically instead of horizontally.
- a separate tab for exclusions in Mitigation. (example: Applications, Running Applications, Excluded Applications)
- an exclude button on the alert popup.

 

I second all of these.

 

False alarm (Windows 10 v.1803 64bit, Firefox Firefox 61.0.1 (64 bites)):

 

+1

 

+1

 

I would also vote for a more informative tray icon, for instance displaying license status and update availability.

 

Rebooted my system to 3.7.8 build 750 via automatic update. No issues to report.

As for suggestions for the next version, I don't know how feasible it is, but any measures that can be taken to help protect against the CPU vulnerabilities would be nice. I understand that they tend to be firmware fixes, however, the ChromeZero plugin for Chrome would seem to indicate that software measures can be taken as well.

 

Version 3.7.8 b750 Release.



https://i.imgur.com/bAEsc7n.jpg

 

Always when Firefox has an update (x32/x64)
'Mitigation Exploit' Off on Firefox and 'Mitigation Exploit' ON again. Restart and work well (normally)

 

I have found an issue whereby the Anti-Malware warnings are not shown if back to back infected files are run. I have included a video which shows the issue very easily: https://uploadfiles.io/cjiyd

The version used is the latest: HitmanPro.Alert 3.7.8.750

This issue has been happening ever since the Anti-Malware module was added to HitmanPro.Alert, even the first betas.

I had written about this then, but no-one bothered to fix it, so when I tested the latest build and found the issue still present, I decided to make a video to show exactly what the issue is, and to show how easily its happening. In fact, I'm very surprised this sort of simple bug has been hanging around for so long. I'd have caught this the first time I tested the feature.

 

Hi feerf56,
We need the magic behind the "Technical details" link to see why it determined that firefox was under attack.
Can check "Number of alerts" and copy/past the text from the Windows Eventlog for this occasion?

 

Thanks. I have no idea why this was never noticed.
Let me include the links to your earlier posts in which you reported the issue:
June 10, 2017, #202 and #203.

 

Thank you.
I appreciate that you also looked into my earlier posts and linked to those.

I also agree with the earlier posts that asked for a right click and disable and quit the Hitman.P

~ Off Topic Remarks Removed ~

 

Hi RonnyT!

Excuse me! Here you are!

 

Again...

 

I tried it out myself, and yes, it seems that HMPA is compatible with Core isolation.

 

And what about the Attack Surface Reduction rules, especially the ones for MS Office?
Could they potentially conflict with HMPA? It looks like some of the ASR rules are trying to do the same thing as some of the HMPA protections/mitigations.

 

Feature request: ability to make exceptions for folders.

Let's say I want to make exceptions for my AV, but it keeps all its executables in a subfolder with the version number in the folder name. If I am able to exclude the main folder of the AV from HMPA protection, then my exclusions will survive a program update.

 

I was scanning my computer using the Microsoft Safety Scanner, and this issue cropped up.
I hope it can be fixed.
PS: No bad stuff was found during the scan, the message appeared while the scan was happening.
https://imgur.com/a/x7kUXn6