HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    199
    Unfortunately the license I was given expired a long time ago and I don't have a license to test the beta versions.
     
  2. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    246
    I remembered, you already mentioned it. I did it and now everything is OK! Thank you!
     
  3. Mr Humphries

    Mr Humphries Registered Member

    Joined:
    Dec 3, 2016
    Posts:
    14
    Location:
    Australia
    Build 907 working fine (Windows 11 Pro 22000.71 on seventh generation Intel Core-based PC, 4GiB RAM).
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    Very disappointing that you guys don't answer technical questions anymore, see link 1. I have already found it, this is about the Trusteer bypass, see link 2. Would HMPA protect against such a thing? And of course I understand that you guys are busy and don't want to give away all of the technical details, but some more info would be welcome.

    https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-75#post-3018340
    https://www.adlice.com/carberp-anti_rapport-beating-trusteer-protection/
     
  5. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    483
    I agree. It's great marketing when and if they demonstrate that HMP.A would have stopped (for example) the Colonial Pipeline hack.
     
  6. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    981
    You could check the Twitter-account of Mark Loman.

    https://mobile.twitter.com/markloman
     
  7. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    483
    Thanks for the info. I'll check it out. But trying to follow Twitter threads is a confusing, frustrating experience for me.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    Yes exactly, why not give some more info on the HMPA website about all of the protection options? Speaking of protection, I keep reading that nowadays lots of trojans are stealing passwords stored by browser, will HMPA also protect against this in the near future?

    Yes same over here, I hate Twitter, it has a horrible design. I'm not a fan of Facebook either.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
  10. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    That's exactly what the new CookieGuard protection does, prevent stealing of cookies and passwords for the Chromium fleet of browsers. Not looked at this specific sample, but in general when we terminate the attempt on the browser, the other collected data is still on disk and not packed and send out yet, so as a side effect it also protects the loss of other application creds that where perhaps already harvested in that case.
     
  11. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    Please check your DM for a new license
     
  12. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    If something else then the browser it self tries to access the browsers cookies or credentials it will be terminated, extensions is a but of a different thing, that's not covered and requires completely different techniques.
    As a side effect we see a load of 'stealers' also get terminated in the process, while they are still collecting credentials, and so we terminate them before they can compress and send-out, so it has a neat side-effect in that.

    Yes that's the case, but as always there are some vendors who (ab)use this to 'protect and detect' being tampered with so it requires a few tweaks.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    OK thanks for the info, sounds very cool! So if I understood correctly, it's not just cookies that are being protected but also browser credentials. So perhaps you might want to rename this feature and why not update the HMPA site with some more technical info, seems like a major selling point.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
  15. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    OK cool, I believe none of the other security tools offer such a feature, including SpyShelter. BTW, I installed the latest HMPA on Win 10 1909 but I can't get the GUI to load via the tray-icon after it has been closed, so it's clearly malfunctioning, major bummer. Of course I did reboot my system, but it still won't work. Also, can I get a license purely for testing?
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,901
    Location:
    Among the gum trees
    How are you tying to open Alert? I find double-clicking the tray icon works.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    Also, I assume HMPA's banking protection feature is watching for this stuff, see link 1. However, it doesn't try to block it, it simply alerts whenever it sees that certain browser API's have been modified in Chrome, Firefox, Edge and I assume also in Vivaldi and Opera, is this correct?

    From what I understood, banking trojans are still being actively developed. But they mostly target online banks with a weak protection. For example with ABN Amro it's hard to steal money because of the hardware based authenticators, it's shocking that most banks don't use it and rely on 2FA via SMS, which is of course vulnerable to SIM swapping.

    https://attack.mitre.org/techniques/T1056/004/
    https://www.onespan.com/products/hardware-authentication
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    Believe me it really doesn't work, the GUI won't show up. The tray-icon seems to be displayed normally. The only time I get to see the GUI is after install, but if you close it, it's game over. Also, I'm not really that happy with the GUI, it's very good looking but it's a bit unhandy if you want to quickly enable/disable stuff, but I will explain it a bit more if I can get HMPA to work normally.
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    Weird, is this machine logged on with more that one user simultaneously? (we seem to have an issue in that scenario where the first logged on user is able to use the GUI but the other account not, it just flashes open and closes directly).
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    No there is only one user, namely me. Other tools that I have installed are AppCheck, SpyShelter, OSArmor, Sandboxie, Secure Folders, TinyWall and of course Win Defender. But I don't see how these apps would interfere with HMPA's GUI. In the past I didn't have this problem, now that I think of it, I forgot to test older versions. But this is exactly the reason why I never stuck with HMPA, it's technically one of the best, but I always have weird problems with it.
     
  22. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    907
    Location:
    Canada
    I may be wrong but I have a sneaking suspicion that your issues may be: Appcheck, OSArmour, Sandboxie, Secure Folders, Tiny Wall, Defender HMPA. Too much.
     
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    Yes, I can understand that you might think this. But all of these tools work just fine together, no system slowdown or stability issues and they hardly use any CPU or RAM. And I have just reinstalled HMPA and guess what, I can launch the GUI via the shortcut, but the tray-icon doesn't respond to anything. To be fair, other system icons in the tray like volume and battery control stopped working months ago when I installed some Windows system update, but I don't see how HMPA should be affected by this.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    I hope you will be figure this out. Of course I will also perform a full PC reset, because my Win 10 1909 installation is partially broken, that's why it's best to avoid Windows Update as much as possible, it's going to cost me so much time having to reinstall and reconfigure all of my apps. But still, no other third party app gives me problems with tray-icons, so there must be something wrong with HMPA, like you said yourself.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,395
    Location:
    The Netherlands
    I have finally been able to take HMPA 3.18.14 build 907 for a test drive.

    Seems like keyboard encryption is working correctly, but it gives me problems with certain symbols during typing and how to disable the encryption notification, it's a bit annoying. And does it protect every app like like KeyScrambler and SpyShelter, or only the browsers? And it's not clear to me how to add apps to the Exploit mitigations, or does HMPA decides this?

    Also, I don't see the CookieGuard in the settings, is this part of the Credential Theft feature? If so it should be made more clear especially since it also protects browser credentials. And it would be handy to have tooltips when you hover over the Risk Reduction icons.

    The good news is that so far I don't seem to have any conflicts or false alerts, I did needed to add hmpa.exe to SpyShelter's exclusion list when it came to keystroke encryption. Also, what's up with the constant phoning home stuff? If malware protection is disabled, this shouldn't be needed.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.