HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    Is Alert alone your defence or do you have other real time software?
     
  2. miguelgrado

    miguelgrado Registered Member

    Joined:
    May 25, 2014
    Posts:
    35
    Location:
    Asturias-España

    I have Malwarebytes premium and Panda free....

    These programs already had them before and also have in exclusion of all others...

    I tried to uninstall antivirus... etc and still the same
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.5 Build 528 Private Beta

    WipeGuard.png DllHijack.png ImportSettings.png

    Changelog (compared to 373)
    • Added WipeGuard mitigation (currently part of CryptoGuard).
      Protects against bootkits and boot-time ransomware like Petya and Mischa.
    • Added DLL Hijack Mitigation (part of Process Protection).
      Protects against DLL hijacking (also known as a binary planting attack) by forcing all downloaded executables to load application extensions (DLLs) from system32. This mitigation prioritizes both statically and dynamically loaded system DLLs, on Windows XP up to Windows 10.
      For an example, see here: https://textslashplain.com/2015/12/18/dll-hijacking-just-wont-die/
    • Added Settings Import and Export.
      This feature can be accessed via the gear icon at top right of the GUI.
    • Improved CryptoGuard, world's first anti-ransomware since 2013, now in its 4th generation!
    • Added cloud-driven false positive handling, which allows fast response to correct detections without software upgrades.
    • Improved ROP mitigation.
    • Improved Application Lockdown.
    • Improved BadUSB mitigation.
    • Improved HollowProcess mitigation.
    • Updated Network filtering component.
    Download
    Send me a PM to receive the download link. Please report issues via PM as this build is still private.
     
    Last edited: Jun 10, 2016
  4. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    442
    Location:
    England
    First impressions show that 3.5 has no obvious issues.
     
  5. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    + 1, i was really impressed (light on resource, stable,...)


    :thumb:
     
  6. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    496
    Location:
    italy
    Can you give us some more info?

    User must point out a (probable) FP and wait for your fix on the cloud? (if you obviously evaluate it as such)...
     
  7. ohgood

    ohgood Registered Member

    Joined:
    Apr 3, 2015
    Posts:
    38
    Location:
    cold upper midwest
    Hi Erik and all,

    I really like HPA, so much so I am a paying customer :). (Wish I was wealthy enough to be a patron or serious investor!)

    All working well, version 3.1.10.373, with the exception of today, having trouble updating MS 7, 64, home premium. Update has run all day, with no results .... I don't know if there's any conflict or not, and haven't read thru the threads. Wondered if anyone else had any thoughts. MS 1st tech notes troubleshooting says to try turning off security software, but I am of course reluctant to do that.

    There's a few other things that could be the issue, but I thought I'd check here 1st. :cool:
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,365
    Location:
    Among the gum trees
    There's a whole thread about that problem.

    https://www.wilderssecurity.com/threads/windows-update-long-time-to-check-for-updates.379435/
     
  9. ohgood

    ohgood Registered Member

    Joined:
    Apr 3, 2015
    Posts:
    38
    Location:
    cold upper midwest
    Thanks! I searched/scanned HPA thread but not all of Wilders before posting ... I'm a bonehead tonight :)
     
    Last edited: Jun 10, 2016
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Q: Has "Why No Tamper/Self Protection" been asked and answered before...?
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We have something cooked up, but our colleagues at Sophos have something as well. We are still deciding which one to use for tamper protection.
     
  12. jd97

    jd97 Registered Member

    Joined:
    Apr 27, 2015
    Posts:
    28
    It may be their signatures. Using Emsisoft IS v11 and had same issue. Stuck on Black screen had to hard shutdown, drain power and reboot (Windows 10 Home 64-bit). Going back to ESET.


    Edit: I have noticed the interesting encryption/decryption issues with garbled text in browsers (when I type) lately as well. Has anything changed in the past 15-30d w/ Keystroke encryption?
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Nothing has changed towards keystroke encryption.

    We did make small changes to keystroke encryption in 3.5. Including you can now enable, disable keystroke encryption per browser.

    Note: Keystroke Encryption is currently no longer supported in Microsoft Edge on Windows 10 Redstone 1 (build 14291 or newer). We have no idea what MS has done but no other keystroke scrambling software is not working in Edge on 14291+ either.
     
    Last edited: Jun 11, 2016
  14. mirage22

    mirage22 Registered Member

    Joined:
    Apr 20, 2016
    Posts:
    51
    Hi, does boot time protection cause problems with bitlocker or veracrypt? if not, i wouldn't mind taking the latest release on one of my machines for a spin.
     
  15. mryoda

    mryoda Registered Member

    Joined:
    Jun 8, 2016
    Posts:
    7
    Location:
    Oldenzaal

    Erik

    Dit is een dubbele ontkenning, wat je bedoeld waarschijnlijk is dat keystroke scrambling ook bij alle andere scrambling software NIET werkt ?
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    If the bootrecord is written you need to disable WipeGuard first. But once VeraCrypt wrote the bootrecord you can enable it.
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Our WipeGuard technology protects the Master Boot Record (MBR) so when anything needs to write to this area on your disk, it is intercepted.
    BitLocker is not a problem, works seamlessly.
    But contrary to BitLocker, when you use VeraCrypt for the very first time to encrypt an entire disk, our WipeGuard will prevent VeraCrypt from putting its bootloader on the MBR (as designed).

    Mitigation WipeGuard

    Platform 6.1.7601/x86 06_4e*

    PID 3264
    Application C:\Program Files\VeraCrypt\VeraCrypt Format.exe
    Description VeraCrypt Format 1.17

    Master Boot Record (MBR)

    In this case, you temporarily need to disable WipeGuard's Master Boot Record protection before running VeraCrypt's encryption wizard. You can find it under CryptoGuard:
    1. Open HitmanPro.Alert
    2. Click on the gear icon in the top right corner of the window
    3. Select Advanced interface
    4. Click on the orange tile called Risk reduction
    5. Select CryptoGuard
    6. Uncheck Master Boot Record (MBR)
    You can now start the VeraCrypt wizard to encrypt the disk. When finished, re-enable Master Boot Record protection.

    Hope this helps!
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    In 3.1 nothing has changed.
    In 3.5 small changes were made, including that we had to disable on Edge Insider Preview. Other scambling tools also do not work on Edge Insider Preview.

    Hope this helps :)
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Cool to see that HMPA protects against stuff like DLL Hijacking and aggressive ransomware like Petya. I assume HMPA protects the MBR from modification?

    It's best to write in English on these forums, you can PM in Dutch. But yes, it seems that he meant that other anti-keyloggers also can't protect the latest Edge browser. But I just saw that Erik has already replied.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Sorry, I must have missed this reply, but sounds cool to me. :thumb:
     
  21. mryoda

    mryoda Registered Member

    Joined:
    Jun 8, 2016
    Posts:
    7
    Location:
    Oldenzaal
    Yes you're right about that ! ;)
     
  22. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,049
    Location:
    Baden Germany
    WipeGuard works.:oops:
    It blocked Rufus from creating a bootable usb drive.

    There should be an option to allow once, after UAC is confirmed.
    Default selection should be deny,
    and of course there should be a warning, what writing to the MBR can cause.
     
  23. guest

    guest Guest

    still no allow/deny function?
     
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
    Allow/Deny what exactly?
     
  25. guest

    guest Guest

    HMPA may block some legit process automatically without user consent.

    an "allow/deny" button would be convenient.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.