HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Thanks for looking into the matter and providing a solution for AppGuard users :thumb:
     
  2. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    I'm using XP and AppGuard. Maybe I need to do this as well.

    So, Erik, can I delete all of the CryptoGuard folder entries I mentioned in post #923 above?
     
  3. Throwawayaccount12

    Throwawayaccount12 Registered Member

    Joined:
    Nov 13, 2013
    Posts:
    23
    I'm on Windows XP Home with hmpalert.exe running and no Flyout is shown for Opera 12.16 and Firefox 25.0.1 which are the only two browsers installed.

    Edit:
    The HitmanPro.Alert version is 2.5.1 BETA with CryptoGuard from erikloman's signature.
     
    Last edited: Nov 18, 2013
  4. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    Exactly what steps need to be taken to accomplish this with AppGuard 4?
     
  5. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,060
    Location:
    South Texas, USA
    Add that C:\Windows\Crytoguard folder to the Guarded-Apps section under folders and change the permissions to Read\Write.

    dja2k
     
  6. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    Thank you. Is it okay to delete all of the items I have in the CryptoGuard folder?
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,060
    Location:
    South Texas, USA
    I did it and haven't found any problems.

    dja2k
     
  8. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    746
    Hi Erik, found some problems again. While I tried to update HMP.Alert 2.5.1.55 (The one you PM'ed me) to the public beta 2.5.1.56 from your signature it was said to scheduled for next reboot. However after the reboot, it was not updated and I am still on 2.5.1.55 and the following files are here

    C:\Program Files (x86)\HitmanPro.Alert\Update Files

    hmpalert.sys
    hmpalert_x64.dll
    hmpalert_x86.dll
    hmpalert.exe

    If I try to install again FROM THERE, I am getting "Application failed to install. Error 183." And if I try to install from any other location I am still getting the message it will get updated after reboot.
     
  9. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    I have a couple new entries in my CryptoGuard folder. Safe to delete?
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    I have a couple new entries in my CryptoGuard folder. Safe to delete?
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes they are safe to delete.
     
  12. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,031
    Location:
    USA
    Thank you. Is this something I need to watch in order to delete them from time to time, or is there a mechanism in place to automatically purge them periodically?
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I found an issue in the driver where files can keep lingering in that folder. An update will be released either tomorrow or Thursday.
     
  14. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,060
    Location:
    South Texas, USA
    Thanks! Will be on the lookout for the update.

    dja2k
     
  15. Throwawayaccount12

    Throwawayaccount12 Registered Member

    Joined:
    Nov 13, 2013
    Posts:
    23
    Might it be because the browsers are installed in a non-standard location which is "D:\Programs"?
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert only supports browsers that are registered in the Windows operating system. If you are using portable browsers, then follow these steps:
    https://www.wilderssecurity.com/showpost.php?p=2294216&postcount=758
     
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Sorry if it has been asked before or if it's too evident but, does HitmanPro.Alert check the browser when it is launched only or does it check injections in real time too? I have been wondering about this for some time but I never remember to ask here.
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It detects these as they happen. So not only at startup.
     
  19. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Fantastic. :thumb:

    If you take into account everything that HitmanPro.Alert already does it looks more and more like an amazing behaviour blocker.
     
  20. Throwawayaccount12

    Throwawayaccount12 Registered Member

    Joined:
    Nov 13, 2013
    Posts:
    23
    The browser installations are not portable.

    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\(Standard) has the value "D:\Programs\Opera\Opera.exe".
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61

    HitmanPro.Alert 2.5.6 Build 61 BETA

    Only one more BETA build before stable release.

    CryptoGuard for Windows File Sharing (SMB)
    Major new feature in this build is CryptoGuard support for Windows File Sharing (SMB). This means that you can now protect documents and files shared on the network against remote crypto-ransomware attacks. No need to install software or deploy group policies on every endpoint, just install Alert on the server and your shared documents are protected against network based CryptoLocker attacks.

    When an attack has been detected, the infected client(s) can no longer open shared documents for writing on the server. Of course other users in the network are not affected by this mitigation.

    This new CryptoGuard for Windows File Sharing feature is supported on Windows Server 2008 R2 or newer.

    Note: 64-bit versions of Windows 7 and Windows 8 share the same technology as Windows Server 2008 R2 so these support the new feature as well.


    User Interface
    As you can see in the screenshot below we gave the user interface an update so that it reflects the features in Alert.

    Alert256.png


    Windows Event Log
    Installs, updates and alerts are now logged to the Windows Event Log. This allows system administrators to remotely view which computers in the network tried to encrypt shared documents and files. This so they can take appropriate actions.

    The event data contains remote client IP, share name and the documents under attack:

    EventLog.png


    Finally we've added compatibility with Norton 360 and Norton Internet Security (a restart might be needed after installing Alert).

    Checkout the full list of changes in the changelog below:

    Changelog
    • ADDED: CryptoGuard for Windows File Sharing (SMB).
      Protect your file shares against rogue endpoints by simply installing Alert on the file server. Requires Windows Server 2008 R2 or newer.
    • ADDED: Alert writes remote crypto-ransomware attacks to Windows Event Log. The event data contains remote IP, local share name and the filenames under attack.
    • ADDED: CryptoGuard minifilter driver now supports oplocks (64-bit only).
    • ADDED: CryptoGuard minifilter driver now supports process and IP clustering (64-bit only).
    • ADDED: Command line switch /flyout to configure flyout during command line based installations.
    • IMPROVED: Fine-tuned CryptoGuard algorithm.
    • IMPROVED: Installer and updater write to the Windows Event Log.
    • IMPROVED: User interface now shows tiles representing Alert’s features.
    • FIXED: CryptoGuard handling JPG files.
    • FIXED: CryptoGuard working folder is cleaned up when computer shuts down.
    • FIXED: Small kernel memory leak.
    • FIXED: Alert is now compatible with Norton 360 and Norton Internet Security.

    Download
    http://dl.surfright.nl/hmpalert25.exe

    Please let me know how this version runs on your computer :thumb:
     
  22. fearlessscientist

    fearlessscientist Registered Member

    Joined:
    Sep 6, 2013
    Posts:
    166
    Location:
    USA
    Re: ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61

    Looks like lot of bug fixes and UI change. Do I have to do a clean install or just install on top of earlier version ?
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: ANNOUNCEMENT: HitmanPro.Alert 2.5.6 Build 61

    Just download this one and it will upgrade the existing installation.
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,885
    Location:
    Canada
    working very good and this program is a must:thumb:
     
  25. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    Installed (over the top) on Win7 (64) without any issues so far. :thumb:
     
Loading...