HitmanPro.ALERT Support and Discussion Thread

Nope. NTFS. External HD.

 

I've placed 2.5.6 build 63 on the download site which should fix the FAT32 bug.

Download
http://dl.surfright.nl/hmpalert25.exe

Please let me know whether this version still causes BSOD when accessing FAT32 volumes

 

2.5.6 build 63 fixed the BSOD issue for me.

 

Fixed
Thanks for prompt action

 

Build 63 working fine here.

 

I've uninstalled 2.5.6.63, so unfortunately I can no longer give you the "exact" message I was getting, but using Sandboxie on XP with Firefox 20.0.1, I would get a popup when attempting to exit Firefox saying that (something) was unable to read memory and FF was not able to shutdown. As I recall, I had to click an "OK" in that popup to close Firefox. It only seemed to happen when I opened Firefox with Sandboxie - not Firefox alone.

After going back to hmp.alert 2.5.1.56, the problem disappeared.

 

EDIT: No longer getting update error, only got it twice and then it stopped.

 

HitmanPro.Alert 2.5.6 Build 64 BETA

Changelog

• ADDED: Start Menu shortcut when installing Alert. Note that when upgrading from older version the shortcut is not installed.
• FIXED: The IPv6 address of a CryptoLocker client attacking shared files on a server is now properly formatted in Event Log on the server.
• FIXED: BSOD when accessing FAT32 volumes. Bug was introduced in BETA build 61 and is fixed as of build 63.
• FIXED: Event Log Message File pointed to the download file instead of installed file.

Automatic Update
Existing HitmanPro.Alert 2.5 BETA users are automatically updated to build 64 if you start a web browser. The update is downloaded in the context of the web browser.

If you click on the flyout you should see that an upgrade is pending:



Download
http://dl.surfright.nl/hmpalert25.exe

Please let me know how this version runs on your computer

 

A few pages back we were talking about HPA v3 being release soon, if all this is being added in 2.5 what will be new in v3?

si there any plan to include an auto-update feature?

 

FYI lord : https://www.wilderssecurity.com/showpost.php?p=2309338&postcount=959

 

Automatically updated to build 64 after a reboot and running fine here

 

And even:
https://www.wilderssecurity.com/showpost.php?p=2310187&postcount=983

 

HitmanPro.Alert 2.5.6 Build 64 BETA sees Sdelete v1.51 as a virus while deleting a sandbox (Sandboxie 4.07.04).

Same for Eraser (http://eraser.heidi.ie/).

 

Crypto ransomware has been around for a few years. But the number of reports reaching our helpdesk increased steadily over the past months. Most of the times the cryptography was reversible. Until CryptoLocker came along with a big campaign: huge infection numbers, irreversible encryption, lots of documents and files lost (no backup or failing backup).

We came up with the idea for CryptoGuard many months ago but we never got around creating it due to schedules. CryptoLocker changed our priority.
While we were working on Alert version 3, we decided a few weeks ago to temporarily halt development of v3 and create CryptoGuard as part of v2. Hence, version 2.5.

Version 2.5 was never planned. We just saw the urgent need for CryptoGuard as there was no solution available other than setting group policies on where software is allowed to run. We cannot rely on sigatures because the effect of a 'miss' is usually catastrophic where the user ends up paying the ransom to get the files back/decrypted.
Just look at the thread at Bleeping Computer where people are begging to get the malware back because they WANT TO pay the ransom. Even a police department in Swansea paid the ransom.

We expect crypto ransomware to up their game by encrypting files from within legitimate processes via code injection. Think of winword.exe starting to encrypt documents, images and presentations.

Since CryptoGuard does not look at who is encrypting the files, but actually looking at the changing content of the files, we think CryptoGuard is more robust against both the polymorphic changes of malware binaries as well as which files and registry keys the malware is using.

The fact CryptoGuard works at the file system level, we also offer protection against _remote_ crypto ransomware on locally shared files. This means that CryptoGuard blocks the encryption while the actual infection is on a remote infected computer that is not running Alert!

On to the question, now that version 2.5 nears completion, work on Alert version 3 has already continued. I cannot elaborate on the features of v3.

As you can see in my post above, every Alert 2.5 user is now updated to the latest build. Existing 2.0 users will be updated when 2.5 is declared non-BETA.

Hope this helps.

 

When using these secure delete tools, you need to disable CryptoGuard under Settings and when you're done, enable CryptoGuard again. That is because Sdelete writes a high entropy stream (random) to the file which looks the same as cryptography.

Note that cycling the on/off state of CryptoGuard also clears the list of blocked processes and IPs.

 

@erikloman

Is there any plan to include the UTM scanning abilities (http://www.surfright.nl/en/hitmanpro/utm) on Hitman Pro alert?
Something like, every file downloaded is scanned in the cloud automatically.

 

It just updated itself to the latest version on my XP/SP2, & no issues to report. So the ongoing fixes appear to be working

HMP & the team should be congratulated for providing this extremely beneficial & life saving App for FREE

Here's a gold award from me.

 

Thanks for info. Btw... HMP Alert doesnt always intervene during deletion of a sandbox by Sdelete.

 

Problem with fligh-out with latest beta (and older betas). Word "gevonden" cant be read.

http://postimg.org/image/xkpgjk701/

 

Do you have high DPI / large fonts configured?

 

Standard 96 DPI. It's a 22 inch screen.

 

I see, you have a non standard font configured. Alert gets the font of the operating system. I will see if we can fix this in the next build.

 

Would it be possible to have updating without a reboot? On the server it can be pretty inconvenient to have to do a reboot as it will disrupt other users. I can schedule a reboot for when people have gone home but i'd rather that the updates could happen during the day if there was a vulnerability for instance.

 

On a server, Alert will not automatically check for updates. This because the update procedure is triggered while using a web browser.

On servers you can schedule as task specifying the following command line:

"C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /update

This will initiate the update procedure. In the Event Log there will be an entry indicating whether a reboot is needed to complete the update procedure.

 

Have current beta running in sandboxie with flyout. Everything seems to be working well on firefox current build on win 8.1 64 bit. Haven't tried chrome yet.