HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,152
    Location:
    Among the gum trees
    I had and reported something similar while creating recovery media for Macrium Reflect.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    Yes, it really needs to have a pause feature and perhaps even more important a whitelist. So if Veeam Agent is whitelisted, it should not block its child processes, for example.
     
  3. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    I have a question...Why is HMPA advertised and marketed as something it's not?

    It protects against exploits NOT conventional malware. It can prevent a lot of conventional malware from starting, but I've never seen a test of it where it completely prevented malware from doings its damage. Namely ransomware.

    But it seems to "intercept attacks" whenever I visit some websites with my adblocker turned off. So again I ask. Why it is advertised the way it iss?
     
  4. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    HMPA has been blocking one of the DLLs that's needed to start steam.

    I need to turn off DLL hijacking protection to start steam. One of the devs of HMPA DM'd me about it, never got a follow up about that.

    I should also say, I am able to use steam normally after turning the DLL hijacking protection back on.

    I play games every now and then and it's annoying that I have to turn off keystroke encryption to be able to play my games. It would be very much appreciated if I could add exceptions to the keystroke encryption and to also add a single DLL to the list of exceptions too.
     
    Last edited: Sep 17, 2020
  5. Izettso

    Izettso Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    55
    I'm using HMPA on a one month trial. When I right click on the icon on the Windows Taskbar I don't see any visual indication that the check was done. Is this the expected behavior?
     
  6. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    HMPA does not use malware signatures (blacklists) so it isn't a conventional anti-malware program.

    Can you provide a quote where you see it advertised as such? I've only seen HMPA promoted as anti-exploit and anti-ransomware protection. It detects and intercepts suspicious behavior. And that is the reason I use it.
     
    Last edited: Sep 16, 2020
  7. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    Care to provide links to those sites? I have never had that happen, and I use the web a lot.

    Perhaps they are hosting some bad stuff that you really don't want, and HMPA is working as intended?
     
  8. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    What "Other" category in Mitigations? I no longer see that available. Running 3.8.6-875.

    Although I do see "Add Exclusion".
     
  9. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,089
    Location:
    Hollow Earth - Telos
    Why are some people on version 3.7 and other people on version 3.8..
     
  10. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    Have no idea, unless they set their computer to not auto update. 3.8.6-875 is the current release, as far as I know...
     
  11. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,089
    Location:
    Hollow Earth - Telos
    Download
    HitmanPro.Alert 3.7.x Stable https://dl.surfright.nl/hmpalert3b797.exe
    HitmanPro.Alert 3.8.x Stable https://dl.surfright.nl/hmpalert3b875.exe
    RonnyT, Sep 2, 2020
     
    Last edited by a moderator: Sep 16, 2020
  12. acid king

    acid king Registered Member

    Joined:
    Jan 19, 2019
    Posts:
    47
    Location:
    europe
    Sophos Home still under HitmanPro.Alert 3.7.x
     
  13. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,089
    Location:
    Hollow Earth - Telos
  14. Izettso

    Izettso Registered Member

    Joined:
    Oct 1, 2007
    Posts:
    55
    A couple of questions from a new user. I'm trying out the program with the 30 days trial.
    Is there any documentation for HMPA?
    Is there a way to exclude an external drive from scanning?
     
  15. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    Yep! That's why I have to use an adblocker with some heavy filters. A lot of the ads on a lot of websites I visit have stuff hidden in that.
     
  16. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    https://www.hitmanpro.com/en-us.aspx

    "Stay protected with HitmanPro.ALERT"
    • Cleans first, then prevents new attacks
    • Adds multiple layers of security
    • No need to uninstall any other software
    And yes it does protect against "new attacks" exploits, not conventional malware.
    It does add multiple layers of security, but HMPA is only a layer to protect from exploits
    There isn't any need to uninstall any other software you already have, because that conventional AV and HMPA protect against totally different things.

    https://www.hitmanpro.com/en-us/alert.aspx

    Point number 3. "Protects against zero day ransomware" It doesn't protect against the kind of ransomware that most home-users would encounter.

    https://youtu.be/wVBPjxkhCHI The PC security channel

    https://youtu.be/r5LVmnm5cmc Malware geek

    https://youtu.be/P2h2zsrd9e8 Computer Solutions. They said it passed their test, but it actually failed.

    Point number 5. It disguises your device as a possible malware researching system.

    What exactly does it do to appear that way? Does it try to look like a VM? Because a lot of people use VMs for more than just malware research today.
     
    Last edited by a moderator: Sep 16, 2020
  17. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    That's what I was trying to say. So what was your point about misleading claims of being something it's not?
     
  18. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,164
    Location:
    Under a bushel ...
    HmP.A v 3.8.6 build 875, Settings>Advanced Interface
    Exploit Mitigation
    Running Applications
    If Not Protected>right-click, you will see 'Other' mitigations template ...

    I just used it to add portable WhatsApp v2.2033.7 (have to re-add WA each time version changes) ...
     
  20. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    No, I'm not. that's why I posted links to those videos of the anti-crypto component being tested and failing.

    Most people that find out about HMP that buy HMPA will think it's more like a conventional supplementary antivirus.

    So the people marketing it need to be totally clear and say that it's a second opinion scanner and anti-exploit protection. They could say it's something that will pick up the slack that a conventional antivirus will miss.
     
  21. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    315
    Location:
    VPN city
    I sometimes have to re-add things to the protected applications too. It might identify each application by their hash or something.

    It seems to auto-detect apps that are commonly used though, probably by their file name in that case.

    But if you have to manually add an application to the protected applications then you should expect that you'll need to add it again whenever it updates.
     
  22. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    Aha! Thanks! I was looking under "Applications" instead of "Running Applications". Since I hadn't yet set any as "Other" it wasn't showing up in the first list.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,413
    Location:
    Outer space
    Maybe it depends on file path. Some software has different subfolders for each version, so after every update, it runs from a different file path.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,413
    Location:
    Outer space
    Btw, lots of AV software that is 'stand-alone' instead of complementary still fails against ransomware. HMP.A does have real-time scanning as well. Though not any web/HTTP scanning. Imho on Windows 10 with Defender and HMP.A there is no need for a 3rd party AV.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    HMPA is constantly being improved to make sure it blocks as much ransomware as possible. It's based on behavior monitoring not on signatures, and it's always possible that ransomware will make use of some new technique.

    But yes, it's best to combine it with some AV, for multiple levels of protection. If AV fails, then hopefully HMPA will block it and vice versa. Also, it can block stuff like APC code injection and process hollowing which is used by lots of malware. If you block this, then malware will often not be able to perform any other malicious actions.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.