Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Yes, running without any problems here.
Interesting, didn't know that, but I can understand it on one hand, it is kind of a killer feature.
At this point we don't know that CryptoGuard has been made a premium feature. The last thing Erik said is that it would remain free in v3. It may be a bug in the RC builds causing the issue with the unlicensed installs. Hopefully he will speak to this.
Thanks Mark, Here's the Antivirus configuration (paid versions, not free trials):
HitmanPro 3.7.9 - Build 238 (64-bit)
Norton Security with Backup (2015)
Webroot SecureAnywhere (2015)
Malwarebytes Anti-Malware (Premium, v2.04.102
I am running everthing directly (no sandboxie), with Windows 7 x64 SP1 (with all Windows patches/updates installed). This CPU is an Intel Core i7 CPU 920 @ 2.67 GHz. HMPA is using the Intel CPU for ROP mitigation. FYI, there is some sort of accelerator software built into the paid version of PowerDVD 14 Ultra (that is not included in the 30-day trial version) and is required if no built in hardware accelerator is equipped with your PC. I noted this, when first installing the trial version on a laptop equipped with a hardware accelerator, and then later the full paid version required on my Intel Core i7 CPU 920 tower, which is where I am running this configuration with HMPA RC 153.
Hope this helps. Best Regards.
I just wanted to clarify, CryptoPrevent is a different program. HMP.A has CryptoGuard.
HitmanPro.Alert 3 Build 155 Release Candidate
IMPROVED: CryptoGuard now blocks more variants of CryptoWall 3.
IMPROVED: An alert can now be shown on the winlogon desktop when a new keyboard is connected.
IMPROVED: BadUSB mitigation.
FIXED: CryptoGuard false positive on NET 3.5 installation (TiWorker) on some system.
FIXED: Compatibility issue with some 3rd party security products causing protected applications to sporadically deadlock on startup.
FIXED: Outlook failed to connect to some mail server on specific configurations.
FIXED: Crash in hmpalert service.
Please let me know how this version runs on your computer
Running just fine here.
Using W7-Pro_x64 with HitmanPro.alert build 155 and HitmanPro 238:
1. MediaPlayerClassic-x64-1.7.8, protected with template 'Media', is stopped by hpalert 155 showing a 'NullPage' mitigation error on opening of every .mp4 and/or .wmv file!
Unchecking the memory mitigation 'NullPage' makes MPC-x64 1.7.8 run again.
2. Application Soft Organizer 3.51, protected with template 'Other' runs into a 'ROP' mitigation error at the opening of the application.
Unchecking the ROP mitigation makes Soft Organizer 3.51 run again.
Point 1. and 2. are valid too for build 143, 151, 152 and 153
Scanning with HitmanPro 238 does not show anything.
Question: Are these 'false positives'?
Build 155 running well here with no issues.
Build 143 is still the last version without CryptoGuard and Process Protection licensed.
My HMPA RC 143 says that my trial license will expire in 4 days. That could be it for Crypto Protection.
I have another CrashDump for v153 after coming out of suspend. Do you want me to send it your way?
I've installed it, and I don't want to speak too soon, but I haven't got any error messages yet. But I do wonder how HMPA manages to protect sandboxed processes without the need to add the "OpenPipePath=\Device\NamedPipe\hmpalert" line to Sandboxie? Is that line really needed for protection purposes, or only to make the "fly-out" appear correctly?
But anyway, I will let you know if it will continue to play nicely with SBIE, and if not, no big deal because I'm planning to mostly protect apps that are running outside the sandbox. I hope you will add tool-tips support soon, and "keystroke encryption" should have its own section where you can add apps to the list.
Correct, same over here, with the difference that MPC crashes even when "NullPage" is disabled. This app also crashes with MBAE.
I'm getting to see weird behavior from both HMPA 155 and Sandboxie 4.15.12, which version of SBIE are you guys using? So far I've seen SBIE giving error messages when launching WPS writer. I've also seen that Maxthon v3 and Vivaldi partially escape the sandbox, by refusing to run with "untrusted" integrity and also don't run in the NT AUTHORITY\ANONYMOUS LOGON user account.
And when launching Vivaldi, HMPA tells me that it's watching for intruders (in Dutch weirdly enough), while Vivaldi is not even protected. Same goes for WPS Writer and Maxthon, they are both not protected. This is really bad stuff, seems like SBIE and HMPA are not compatible on my system. So I will uninstall HMPA once again, to see if these issues disappear.
Had the same problem, how ever - only with MadVR ! Maybe try EVR or haali (just for testing purpose) ?
Yes please! Thanks
The line is needed otherwise there are no protections by Alert.
No problems updating build 155 (W7 64 bits).
No problems with Sandboxie beta 4.15.12, Firefox 35.0.1, IE11 and build 155 (W7 64 bits). Soon release of Sandboxie 4.16.
Yes, the rumors are true. We have decided to make CryptoGuard and Process Protection a trial > paid feature. But the reason behind this shift is not only because we want a return on our product development investment. Let me explain it a little bit.
Over the last years you can see the shifts that attackers are taking to get money from their victims. They went from:
1. Rogueware or Fake Anti-Virus software that scare people with fake infections so people buy this fake product.
2. Police-themed ransomware that lock down your pc or browser, showing an indictment and a fine to scare and make people feel guilty about downloading pirated music, software or illegal pornography.
3. Police-theme ransomware with a switched on webcam stream of you, sometimes next to real pictures of child pornography to induce fear and prevent malware victims from bringing the computer to a repair shop.
4. Crypto-ransomware, like CryptoLocker, CryptoWall and CTB-Locker, that are encrypting your documents, photos and other data on your local disk, network drives and USB (flash) drives. The encryption is irreversible without the key.
So for victims the stakes have seriously gone up.
Everybody runs anti-spam, anti-phishing and anti-virus software and still people get hit by these attackers. For signature and heuristic signature based solutions, identifying these early-life malware is difficult, especially in the first hours or days of the infection.
Know that it takes a lot more time for attackers to change the behavior of their malware than to beat a virus signature. Also know that CryptoLocker, CryptoWall and CTB-Locker all have slightly different technical approaches to attack your data (copy/read, encrypt and rename/overwrite your data). Our protection covers every approach but we do keep an eye out for new behaviors. Because even though our technology does not rely on signatures, the underlying engine needs maintenance as well, which involves a bit more work than e.g. create a virus signature for a single sample.
So CryptoGuard is developed to universally detect and stop crypto-ransomware behavior. Not only does it stop malicious processes from attacking your files, it also prevents attackers from abusing legitimate processes to attack your valuable data (as can be seen in our demonstration video). Today’s variants often employ a hollow process to hide themselves in-memory inside trusted processes (CTB-Locker abuses C:\Windows\explorer.exe and CryptoWall 3 abuses C:\Windows\System32\svchost.exe). So in a way, the attacks take place in name of Microsoft.
99% of the victims of these attacks are *not* tech savvy people or security software enthusiasts like you. They expect from us to stop and get rid of this malware, which is (as mentioned) also capable of transitioning from one process to another. But only our on-demand Anti-Malware has comprehensive malware removal capabilities - Alert does not. Especially for infections like these we made our two HitmanPro programs work together. Alert offers strategic (historic and real-time) threat information to our HitmanPro scanner to point out the threat for remediation – we need to attack the object that initiated and controls the attack, not the legitimate abused file.
Since our on-demand HitmanPro removal engine already requires a license, it would frustrate and be bad service to our end-users to just keep the threat on the machine and make him or her search for another solution in the hope that one can get rid of it.
Of course, you guys (who we provided with free annual licenses) have the time and the skills to go and hunt for an alternative remediation tool, but the majority of our customers do not. Fraud caused by banking Trojans is still largely reimbursed by banks, but loss of data is never compensated. By law, doctors have a responsibility towards their patients because patients are at a disadvantage as they do not have the knowledge, experience or skills to treat their condition. We want to give victims of crypto-ransomware the best possible care, including the solution to the problem. This is also the reason why we offer our two products for the price of just one – we identify the attack, we can also clean it for you.
Some of you will be disappointed or disagree. We still love you guys but you are not like our mainstream customers. We hope you understand this transition.
Update: For your convenience I created a version comparison that shows which features are free and which are trial > paid:
OK, thanks for making it clear! I still look forward to what each new version brings.
Thank you for this clear and fully acceptable explanation.
Thanks for the clarification. I can see your point too.
If I need to buy a licence once mine expires, so be it. I think they are great products and you guys deserve the support. I've just checked the prices and for 3 PC's, a 3 year subscription is under $100 AU, so that's less than $30 AU a year - Not too bad!
I hope the licensing issue with reinstalling the Operating System can get sorted soon as that is something I tend to do way too often.