HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Peter2150 et al,
    So, #6348 having to retrieve one of the files from the crypto folder will remain as one off.
    So, #6337 will remain as one off unless I can duplicate.
    Curious we both had an autorollback event that didn't really work
    Curious, how c:\windows\cryptoguard found it's way into Direct Access.
    As I extrapolate ... c:\windows\cryptoguard Direct Access degraded autorollback...or, Start Run restrictions degraded autorollback.
    Hmm....
    Edit: Do I need c:\windows\cryptoguard Exclusion in Shadow Mode. Are the contents of cryptoguard folder needed after an autorollback event while in Shadow.
    By your test Sandbox #6349. Do you have Drop rights checked.
     
    Last edited: Jul 4, 2015
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    FWIW ~ with 196 and earlier v3 builds. KeyPass (for me) goes to 'Other' with blue border and encrypting.
     
    Last edited: Jul 4, 2015
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,751
    I had to restart Opera 12.15 because it periodically locks up. I have Vivaldi browser running simultaneously. After restarting Opera 12.15, I have lost keystroke encryption, but retained it for Vivaldi browser...I notice that an extra hmpalert. exe started at 5:46 am as per process explorer.

    ScreenShot_HMP.A_v3.0.48.196 build_04.gif
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    You should try the latest build which is 196
     
  5. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,751
    Your eyes need checking. :)
     
  6. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    what exactly are you trying to say with this statement? , of course it does , but that doesnt explain why in hell secure desktop mode wont function anymore while ticked in the security options of keepass aka nothing has changed in my keepass settings , all i did was upgrade hitmanpro alert, please fix , thanks
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Apparently, I'm not saying anything of interest...Where do I find secure desktop mode in Options
    Please remain calm and open minded
     
    Last edited: Jul 4, 2015
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,751
    I had to shutdown Opera 12.15 because it became non responsive, and restart it a short time ago. After, the restart I have got back keystroke encryption.

    ScreenShot_HMP.A_v3.0.48.196 build_05.gif
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    1. My test Sandbox doesn't have Drop Your rights checked.

    2. On Shadow Mode I am assuming you mean ShadowDefender, and I would say no. When I tested some ransomware for BRN, I had all three of my disks in shadowed by shadowdefender. I stopped HMPA for that test, and the ransomware had a ball on all 3 disks. But reboot and it was all gone, so no I don't think you want exclusions.

    Pete
     
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Yes, I appreciate value of SD regarding ransomware.
    I was wondering about the revert folder created by rollback event and the c:\windows\crytpoguard folder. Seems, I have c:\windows\crytoguard in Sandboxie Direct Access so, at some point I must have thought cryptoguard needs outside sandbox for day to day. And at some point I also added SD cryptoguard exclusion.
    Don't I need changes to cryptoguard folder committed.
    I'm trying to pick apart auto rollback hiccup #6337
     
    Last edited: Jul 4, 2015
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    No you don't. That folder is only significant if HMPA detects and shuts something down. No matter what happened when you exit SD your system goes back to state you entered shadow mode. That that point the crypto folder isn't relevant any more.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Aha, seems I'm always at some point in a learning curve and I'm a slow learner.
    Thanks
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Not a problem. Hang in there.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    its under options>security>options>enter master key on secure desktop


    btw im calm , not sure what mightve given the impression of me not being so, all i did was report an currently unsolved bug that needs fixing, and a request to improve the keystroke encryption algorithm , since zemana antilogger seems to do a better job at it, thats all
     
  15. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    Hmmm...
    Fresh install of Windows 8.1 x64 and no keystroke encryption indicator is visible on both stable and latest beta...
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,518
    Location:
    Among the gum trees
    Check your settings.

    Advanced Interface > Safety Notification > At Application Start.

    Also, check Coloured window border settings.
     
  17. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    I left all settings on default.
     
  18. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,518
    Location:
    Among the gum trees
    That could be why?
     
  19. pablozi

    pablozi Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    215
    Location:
    nowhere
    Nevermind. I'm stupid. I have unchecked this option by accident :oops:
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Thanks, found > enter master key on secure desktop. Master Password dialog looks the same for me. So, sorry...can't confirm as I'm not familiar with what secure desktop looks like sans Alert. Never had secure desktop checked.
     
  21. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    @ erikloman et al,
    pdf desktop folder with 5 pdf files. AxCrypt test.
    Pic 1) CryptoGuard Off > Pic 2) CryptoGuard Off w pdf's encrypted > Pic 1) pdf's decrypted > Pic 3) CryptoGuard On - encrypt w Attack Intercept at pdf 4 w pdf 3 stripped > Pic 4) showing Attack Intercept at pdf 4 > Pic 5) showing pdf 3 stripped > Pic 6) showing pdf 3 in reverted > Pic 7) showing opening pdf 3 in reverted.
    PDF Pic 1.PNG PDF Pic 2.PNG PDF Pic 3.PNG Attack Intercept on PDF 4 Pic 4.png PDF Pic 5.PNG
     
    Last edited: Jul 5, 2015
  22. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    PDF Pic 6.PNG PDF Pic 7.png
    Test Protocol = only HitmanPro.Alert and Norton in tray. Test from desktop. Machine as quiet as possible.
    My earlier test with encrypted png's and stripped png had SBIE and ERP and AG in play and open directory.
    My test protocol must be flawed as I'm not able to stimulate an Attack Intercept early enough upon pdf folder encrypt call nor prompt auto rollback.
    pdf 1 and 2 are encrypted. pdf 3 is stripped. pdf 4 and 5 remain as is. Speculation = Attack Intercept occurs at some point between 3 and 4, 5 and only evidence of rollback is stripped pdf 3 in reverted.
     
    Last edited: Jul 5, 2015
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Bascially confirms what I saw. Not perfect, but bottom line is no data files lost.
     
  24. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,416
    Location:
    .
    Yeah, I lost a png and pdf. I moved png back to Pictures n' could not decrypt.
    Moved pdf back to desktop folder n' cannot open.
    Forget the png test ...too many variables. pdf was clean test with unexpected results.
    I had 5 pristine files in. I expected 5 pristine files out.
     
    Last edited: Jul 5, 2015
  25. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    488
    Location:
    italy
    can someone explain me why the latest stable version isn't again released into autoupdate channel?? o_O...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.