Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Thanks for looking into the matter and providing a solution for AppGuard users
I'm using XP and AppGuard. Maybe I need to do this as well.
So, Erik, can I delete all of the CryptoGuard folder entries I mentioned in post #923 above?
I'm on Windows XP Home with hmpalert.exe running and no Flyout is shown for Opera 12.16 and Firefox 25.0.1 which are the only two browsers installed.
The HitmanPro.Alert version is 2.5.1 BETA with CryptoGuard from erikloman's signature.
Exactly what steps need to be taken to accomplish this with AppGuard 4?
Add that C:\Windows\Crytoguard folder to the Guarded-Apps section under folders and change the permissions to Read\Write.
Thank you. Is it okay to delete all of the items I have in the CryptoGuard folder?
I did it and haven't found any problems.
Hi Erik, found some problems again. While I tried to update HMP.Alert 220.127.116.11 (The one you PM'ed me) to the public beta 18.104.22.168 from your signature it was said to scheduled for next reboot. However after the reboot, it was not updated and I am still on 22.214.171.124 and the following files are here
C:\Program Files (x86)\HitmanPro.Alert\Update Files
If I try to install again FROM THERE, I am getting "Application failed to install. Error 183." And if I try to install from any other location I am still getting the message it will get updated after reboot.
I have a couple new entries in my CryptoGuard folder. Safe to delete?
Yes they are safe to delete.
Thank you. Is this something I need to watch in order to delete them from time to time, or is there a mechanism in place to automatically purge them periodically?
I found an issue in the driver where files can keep lingering in that folder. An update will be released either tomorrow or Thursday.
Thanks! Will be on the lookout for the update.
Might it be because the browsers are installed in a non-standard location which is "D:\Programs"?
HitmanPro.Alert only supports browsers that are registered in the Windows operating system. If you are using portable browsers, then follow these steps:
Sorry if it has been asked before or if it's too evident but, does HitmanPro.Alert check the browser when it is launched only or does it check injections in real time too? I have been wondering about this for some time but I never remember to ask here.
It detects these as they happen. So not only at startup.
If you take into account everything that HitmanPro.Alert already does it looks more and more like an amazing behaviour blocker.
The browser installations are not portable.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\(Standard) has the value "D:\Programs\Opera\Opera.exe".
ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61
HitmanPro.Alert 2.5.6 Build 61 BETA
Only one more BETA build before stable release.
CryptoGuard for Windows File Sharing (SMB)
Major new feature in this build is CryptoGuard support for Windows File Sharing (SMB). This means that you can now protect documents and files shared on the network against remote crypto-ransomware attacks. No need to install software or deploy group policies on every endpoint, just install Alert on the server and your shared documents are protected against network based CryptoLocker attacks.
When an attack has been detected, the infected client(s) can no longer open shared documents for writing on the server. Of course other users in the network are not affected by this mitigation.
This new CryptoGuard for Windows File Sharing feature is supported on Windows Server 2008 R2 or newer.
Note: 64-bit versions of Windows 7 and Windows 8 share the same technology as Windows Server 2008 R2 so these support the new feature as well.
As you can see in the screenshot below we gave the user interface an update so that it reflects the features in Alert.
Windows Event Log
Installs, updates and alerts are now logged to the Windows Event Log. This allows system administrators to remotely view which computers in the network tried to encrypt shared documents and files. This so they can take appropriate actions.
The event data contains remote client IP, share name and the documents under attack:
Finally we've added compatibility with Norton 360 and Norton Internet Security (a restart might be needed after installing Alert).
Checkout the full list of changes in the changelog below:
ADDED: CryptoGuard for Windows File Sharing (SMB).
Protect your file shares against rogue endpoints by simply installing Alert on the file server. Requires Windows Server 2008 R2 or newer.
ADDED: Alert writes remote crypto-ransomware attacks to Windows Event Log. The event data contains remote IP, local share name and the filenames under attack.
ADDED: CryptoGuard minifilter driver now supports oplocks (64-bit only).
ADDED: CryptoGuard minifilter driver now supports process and IP clustering (64-bit only).
ADDED: Command line switch /flyout to configure flyout during command line based installations.
IMPROVED: Fine-tuned CryptoGuard algorithm.
IMPROVED: Installer and updater write to the Windows Event Log.
IMPROVED: User interface now shows tiles representing Alert’s features.
FIXED: CryptoGuard handling JPG files.
FIXED: CryptoGuard working folder is cleaned up when computer shuts down.
FIXED: Small kernel memory leak.
FIXED: Alert is now compatible with Norton 360 and Norton Internet Security.
Please let me know how this version runs on your computer
Re: ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61
Looks like lot of bug fixes and UI change. Do I have to do a clean install or just install on top of earlier version ?
Re: ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61
Just download this one and it will upgrade the existing installation.
working very good and this program is a must
Installed (over the top) on Win7 (64) without any issues so far.
Separate names with a comma.