HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    371
    Location:
    united kingdom
    You can sign up for the beta here
    https://home.sophos.com/register/beta
    If you participate in the beta, when it goes live you get a free 1 year subscription. You can install the software on up to 10 devices.
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.7 build 704 CTP1 - PRIVATE

    Finally we have a build with major new features! Most new features are located on the orange tile but we have also improved existing mitigations. The executable is still less than 5MB.

    Please help us test how these new features fare alongside other security products (compatibility).

    New Features
    • Real-time Anti-Malware
      Works with the HitmanPro cloud.

    • Credential Theft Protection
      Preventing theft of authentication passwords and hash information from memory, registry and disk. Prevents Mimikatz-style attacks.

    • Local Privilege Guard
      Prevents exploits of the operating system kernel. Prevents an attacker from using the privilege information of another process.

    • Code Cave mitigation
      Stops backdoors in trusted code.

    • Sticky Keys mitigation
      Prevents misuse of the Microsoft sticky key feature. Usually used by attackers to gain persistence.

    • Asynchronous Procedure Call (APC) mitigation
      Stops code injection via APC (ex. Atom Bombing attack).

    • Application Verifier mitigation
      Prevents misuse of the Application Verifier feature of Windows (eg. Double Agent attack).

    • Malicious Process Migration
      Detects remote reflective DLL injection used to move laterally between processes.

    Improvements

    • Application Lockdown
      Now blocks CVE-2017-0199

    • Increased height of the user interface
      There are now three rows of applications under the tiles

    • 64-bit DLL is now compiled with Intel MPX instructions

    • Various minor improvements

    Participate
    Please PM me to participate in this (currently) PRIVATE program.
    We will open up the program to PUBLIC once we received enough confidence that the new features run fine alongside other security products :thumb:
     
    Last edited: May 4, 2017
  3. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    479
    Location:
    italy
    that's incredible, so you did not raise white flag as theorized on WS! :argh::D

    Seriously, keep up the good work :thumb: (i'll PM you ASAP)
     
  4. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,105
    This new version sounds so promising, really nice to see real time malware protection with the cloud and Local Privilege Guard pushs the exploit protection to another league.
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    As stated in our conversation: please report via PM!

    The CredGuard detection of HitmanPro is expected. Consider it a way to verify the mitigation is working. We will update HitmanPro in the near future to no longer violate the mitigation.
     
    Last edited: May 4, 2017
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    C000041D means STATUS_FATAL_USER_CALLBACK_EXCEPTION.

    Do you have a dump by any chance?
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Sophos is keeping our team very busy with additional products as HitmanPro and HitmanPro.Alert are being put into everything:

    Sophos Intercept X - Central Managed from Cloud
    https://www.sophos.com/en-us/press-office/press-releases/2016/09/sophos-launches-intercept-x.aspx

    Sophos Endpoint Protection (EXP) - Central Managed On-Premise with Enterprice Console (SEC)

    Sophos Server Protection - CryptoGuard for Servers
    https://www.sophos.com/en-us/press-...n-anti-ransomware-cryptoguard-technology.aspx

    Sophos Home Premium
    https://home.sophos.com/register/beta

    Sophos Clean
    https://www.sophos.com/en-us/press-...troduces-enterprise-malware-removal-tool.aspx

    Each of the above also come with specific additions/changes to HMP/HMPA to support each product environment (all these changes/additions are in the regular hmpalert.exe). And don't forget the above comes with many meetings and management overhead (it works a little bit different when working in a big company).
    Lastly, we have built a completely new scriptable tester to test/trigger the various mitigations in HMPA.

    The net result is SurfRight contributed to moving Sophos significantly in Gartner's Magic Quadrant for Endpoint Protection Platforms:
    https://www.sophos.com/en-us/press-...17/02/gartner-2017-magic-quadrant-report.aspx

    C3myhT-WEAEiFOt.jpg


    While we also try to maintain our existing HitmanPro/HitmanPro.Alert user base we work hard to improve the product. We finally found the time to work and finish the new features and improvements.

    We seek once again help from YOU, the Wilders members to iron out the (compatibility) problems before we can release.

    SurfRight is 7 engineers, 2 support ladies and 1 manager.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,286
    Erik

    This is a bit off topic, but a meeting is defined as the single biggest impediment to mankinds progress.
     
  9. Crystal_Lake_Camper

    Crystal_Lake_Camper Registered Member

    Joined:
    Mar 20, 2016
    Posts:
    88
    I have sent you PM , because I want to participate in the beta program. @erikloman
     
  10. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
    I have sent the PM and waiting my ticket
     
  11. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    157
    Sent PM
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    14,764
    What a surprise :thumb: (after 4-5 weeks of silence)
     
  13. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    24
    Location:
    Italy
    HitmanPro.Alert 3.7 build 704 CTP1 – PRIVATE

    I have sent you PM, because I want to participate in the beta program. @erikloman

    :):):thumb:
     
  14. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    73
    Location:
    Long Beach, WA
    I request the feature of a tray icon that changes when Silent Audit mode is enabled. It should visually indicate that
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,502
    Location:
    Under a bushel ...
    +1.

    Have requested to participate in build 704 CTP1 - should be a good test for compatibility on my primary machine :rolleyes:.
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We will put this on our TODO list!
     
  17. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    If I'm permitted I could post some screenshots from the changes but I'm unsure because it's closed beta test and it might get a change.
     
  18. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,765
    Location:
    Europe then Asia
    you can't post infos publicly, all observations has to be sent to the Loman's brothers via PM; private = closed :)

    @erikloman PM sent
     
    Last edited: May 5, 2017
  19. Duotone

    Duotone Registered Member

    Joined:
    Jul 9, 2016
    Posts:
    142
    Location:
    Philippines
    PM request sent
     
  20. Armadax

    Armadax Registered Member

    Joined:
    Sep 13, 2015
    Posts:
    19
    Location:
    Zuid-Holland
    I have also requested to participate. I will be testing the new software in conjunction with Kaspersky.
    Just in general, what is the view among participants in this thread on other anitvirus/malware software? I have been on and off using Kaspersky Internet Security Suite. Sometimes updates come by for KIS that hinder some of my other software and I revert back to the basic Defender software in Windows 10. As I still have a valid license for Kaspersky, I always come back installing it again within a few weeks, as I question whether I am actually 'safe' with Defender. Currently, I'm torn between renewing the license or just trust in the combination of HMPA and Defender to do the job. What are your views on this?
     
  21. plat1098

    plat1098 Guest

    After some really bad experiences with third party AV I won't name, I use the Windows Defender, along with HMPA, VoodooShield and browser extensions like uMatrix or uBlock Origin in Firefox. It's a good, trouble-free combination but I'm not a high risk user. . It's a different story, though, if you currently have an active subscription. My license is still active for the third party AV but I'll have to absorb it, I had to reinstall Windows more than once, even using stable feeds. My choice.
     
  22. XhenEd

    XhenEd Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    536
    Location:
    Philippines
    @Armadax There were compatibility issues reported. This is expected, anyway. The general recommendation is to exclude each other as soon as possible (e.g. HMP.A should be excluded in KIS, and KIS should be excluded in HMP.A).

    Any compatibility issues should be reported, also. :)
     
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,892
    Location:
    USA
    I use Windows Defender along with HMPA and MalwareBytes v3, plus various security extensions in Firefox and Chrome. This is a trouble free combination that I feel provides solid protection. :thumb: It may help to identify what types of threats you're primarily worried about.
     
  24. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    You not need MalwareBytes v3 when you use HitManPro.Alert. There is no benefit combining them. More isn't better except that you waste PC resources and bandwidth for nothing. Hitman communicates with Azure cloud while MalwareBytes does the same with their own cloud.

    Okay. ;)
     
  25. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,765
    Location:
    Europe then Asia
    In my opinion, AV (and their suites) are useless remnant of a past age (except for beginners and non-security geeks obviously)...Now we (aware security geeks that lurk on forums like here ^^ ) have better type of softwares at disposition (isolation/virtualization and SRPs/Anti-exe) more effective and lighter than any suites without the hassle of a real-time engine scanning every files you are opening and all the issues/instabilities they spawn (FPs, kernel hooking, heavy resources usage, etc...).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.