HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    Or ... perhaps it could be a false positive detection?

    In "Spoiler" in your December 29 post, there is a lot of information.
    I would hope Erik or Mark could be able to determine what was happening.

    But perhaps Erik and Mark overlooked that information in "Spoiler"? I certainly did!
    Offering that information as "Code" could've helped to make it more eye-catching.
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There won't be an update today due to last minute setback. Will try to release this weekend or Monday.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    BJM, from your posts I have no clue what you did. What are you trying to do?
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Okay, next time I'll use "Code" or annotate "Event Viewer". Thanks
     
  5. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Well, I observed Anti-VM exploit Attack Intercepted while testing suspicious file sandboxed.
    So, I asked. Did Alert intercept "sandbox aware malware" or did Alert intercept "any" malware in my sandbox.
    Does Alert invoke Anti-VM only for sandbox aware/VM aware malware....or, any malware run in my sandbox.
     
  6. CCV

    CCV Registered Member

    Joined:
    Nov 7, 2015
    Posts:
    44
    Location:
    Tasmania
    A side note on Anti-VM detection:
    This was actually a false alert during attempted uninstall of Dell Backup & Recovery. Pretty useless arrangement, for my purposes. The uninstall process was a bit different to standard uninstalls.

    HMPA_FP.jpg
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.1.1 Build 347 PreRelease

    As stated, HitmanPro and HitmanPro.Alert will continue to be developed.
    Here is our first new build since the acquisition of SurfRight by Sophos.
    The new build sports a new feature and several fixes.

    Audit.png

    Changelog
    • Added Audit feature.
    • Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files.
      See also: http://social.technet.microsoft.com...thenticode-code-signing-and-timestamping.aspx
    • Improved feedback to user when failing to activate a product key.
    • Fixed rare BSOD in hmpnet driver on some Windows 10 computers (build 10586).
    • Fixed keystroke encryption compatibility with Trusteer Rapport.
    • Fixed race condition when specifying both /install and /lic command line switches.
    • Updated hmpnet driver for improved compatibility and performance.
    Download
    http://test.hitmanpro.com/hmpalert3b347.exe

    Please let me know how this build runs on your computer :thumb:
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Some unsigned installers try to detect whether they are running in VMware. This triggers the Vaccination feature of Alert. We are working on improving the Vaccination feature on these unsigned installers.
     
  9. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The Anti-VM alert is triggered when ANY malware tries to detect it is running in a virtual machine like VMware and VirtualPC.

    Hope this helps.
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Build 347 installed and running on Win 8.1 64-bit. No issues.
     
  11. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    @erikloman,
    @markloman,
    @Dan Schiappa,

    December 8, HitmanPro.Alert 3.1.0 build 343 was released, mentioning "Later this week, we'll be updating existing users automatically to this new build."
    December 11, HitmanPro.Alert 3.1.0 build 344 prerelease was offered.
    Today, January 11, HitmanPro.Alert 3.1.1 build 347 prerelease is offered.
    Currently, HMPA 3.1.0 build 343 is still not offered by automatic update.
    And currently, the version offered via the download link at the SurfRight download page is HMPA 3.1.0.344, even though this build was presented as a prerelease and not for general availability.
    Could one of you please clarify, what is the plan for automatic updating?
    Will users be automatically updated to HMPA 3.1.0.343 or 3.1.0.344, shortly, or is there a different plan? And if so, why?
    Thanks very much.
     
  12. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    Is Sophos going to add their AV engine to HMP, and HMPA now?
     
  13. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problem upgrading build 347 PreRelease.

    Action mode > Silent Audit > Allow attacks. Confusing. Only use this setting with a sandbox and/or a VM?
     
  14. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    228
    Location:
    UK
    I'm afraid I have no idea what this means. It seems contradictory.
     
  15. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Build 343/344 were generally created and pushed out to solve issues with Sophos endpoint software, just in time for the acquisition press release. E.g. it fixed compatibilities with Sophos' network component as well as their SafeGuard Encryption suite.
    Build 344 went to GA on our website in case Sophos customers wanted to take HitmanPro.Alert for a spin. But due to the holiday, when basically all of us are on leave, we decided not to automatically update users to the latest build 344.
    There is no hard date for the next automatic update yet. Just stay tuned.
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I think what this is, is an option to not have HMPA automatically terminate, but the "attack" continue, but provide a record of it.
     
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Erik,Mark a heads up. Hiemdal Pro is what prevents me from routinely downloading from the links. I manually typed in test.hitmanpro.com and Heimdal immediate had a full page notice it blocked the website. You need to get with them as it's clearly a false positive.

    Build 347 is running very nicely here.
     
  18. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    No issues upgrading hmpa b344 to b347, using W7 Pro. x64
     
  19. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Silent audit is a pretty awesome feature as it basically fulfills two purposes:

    1. Corporate environments with active security officers / incident responders can now track attackers without stopping them, thus let the attacker infect and control the machine. You may think "why would you want to do that?" Well, sometimes, you may want to figure out the identity and/or intention of an attacker by letting him/her deliver the malware (which helps with attribution).

    2. Potential new customers can now test compatibility and effectiveness of HitmanPro.Alert in real-world scenario's first, without having to deal with any problems or worry the user.

    For regular users, the Silent audit feature is not a desired setting as it allows attacks to pass through.
     
  20. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    We are currently adding multiple Sophos detection technologies to our Strider cloud. And, like before, there is no technology from either Sophos, Kaspersky or Bitdefender inside HMP or HMPA.
     
  21. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    In my case, a blank page appears, with a spinning circle in the IE tab. After a while, I get a message saying, "Internet Explorer cannot display the webpage."

    However, there is no notice from Heimdal Pro (v1) and nothing about blocking the page shows up in the logs.
     
  22. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,843
    Location:
    the Netherlands
    Thanks very much for your reply, Mark.
    You wrote, "we decided not to automatically update users to the latest build 344."
    Not only that, but not to build 343 either.
    So, let me get this straight - different from the intention that you expressed on December 8, currently, there is no plan to update build 340 users automatically to build 343?
    That's OK, but you can imagine the December 8 intention lead to a little confusion. ;)
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    1)....and like Sandboxie....?
    2)....so, when ANY malware tries to detect it is running in a virtual machine. I'll ONLY see Anti-VM and not perhaps another exploit other than VM aware.
     
    Last edited: Jan 11, 2016
  24. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    You are totally right. And it indeed was confusing, sorry for that. We'll do better this year!
     
  25. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    observe continues in 3.1.1 build 347
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.