Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
I had and reported something similar while creating recovery media for Macrium Reflect.
Yes, it really needs to have a pause feature and perhaps even more important a whitelist. So if Veeam Agent is whitelisted, it should not block its child processes, for example.
I have a question...Why is HMPA advertised and marketed as something it's not?
It protects against exploits NOT conventional malware. It can prevent a lot of conventional malware from starting, but I've never seen a test of it where it completely prevented malware from doings its damage. Namely ransomware.
But it seems to "intercept attacks" whenever I visit some websites with my adblocker turned off. So again I ask. Why it is advertised the way it iss?
HMPA has been blocking one of the DLLs that's needed to start steam.
I need to turn off DLL hijacking protection to start steam. One of the devs of HMPA DM'd me about it, never got a follow up about that.
I should also say, I am able to use steam normally after turning the DLL hijacking protection back on.
I play games every now and then and it's annoying that I have to turn off keystroke encryption to be able to play my games. It would be very much appreciated if I could add exceptions to the keystroke encryption and to also add a single DLL to the list of exceptions too.
I'm using HMPA on a one month trial. When I right click on the icon on the Windows Taskbar I don't see any visual indication that the check was done. Is this the expected behavior?
HMPA does not use malware signatures (blacklists) so it isn't a conventional anti-malware program.
Can you provide a quote where you see it advertised as such? I've only seen HMPA promoted as anti-exploit and anti-ransomware protection. It detects and intercepts suspicious behavior. And that is the reason I use it.
Care to provide links to those sites? I have never had that happen, and I use the web a lot.
Perhaps they are hosting some bad stuff that you really don't want, and HMPA is working as intended?
What "Other" category in Mitigations? I no longer see that available. Running 3.8.6-875.
Although I do see "Add Exclusion".
Why are some people on version 3.7 and other people on version 3.8..
Have no idea, unless they set their computer to not auto update. 3.8.6-875 is the current release, as far as I know...
HitmanPro.Alert 3.7.x Stable https://dl.surfright.nl/hmpalert3b797.exe
HitmanPro.Alert 3.8.x Stable https://dl.surfright.nl/hmpalert3b875.exe
RonnyT, Sep 2, 2020
Sophos Home still under HitmanPro.Alert 3.7.x
A couple of questions from a new user. I'm trying out the program with the 30 days trial.
Is there any documentation for HMPA?
Is there a way to exclude an external drive from scanning?
Yep! That's why I have to use an adblocker with some heavy filters. A lot of the ads on a lot of websites I visit have stuff hidden in that.
"Stay protected with HitmanPro.ALERT"
Cleans first, then prevents new attacks
Adds multiple layers of security
No need to uninstall any other software
And yes it does protect against "new attacks" exploits, not conventional malware.
It does add multiple layers of security, but HMPA is only a layer to protect from exploits
There isn't any need to uninstall any other software you already have, because that conventional AV and HMPA protect against totally different things.
Point number 3. "Protects against zero day ransomware" It doesn't protect against the kind of ransomware that most home-users would encounter.
https://youtu.be/wVBPjxkhCHI The PC security channel
https://youtu.be/r5LVmnm5cmc Malware geek
https://youtu.be/P2h2zsrd9e8 Computer Solutions. They said it passed their test, but it actually failed.
Point number 5. It disguises your device as a possible malware researching system.
What exactly does it do to appear that way? Does it try to look like a VM? Because a lot of people use VMs for more than just malware research today.
That's what I was trying to say. So what was your point about misleading claims of being something it's not?
Clearly you are just trolling here...
HmP.A v 3.8.6 build 875, Settings>Advanced Interface
If Not Protected>right-click, you will see 'Other' mitigations template ...
I just used it to add portable WhatsApp v2.2033.7 (have to re-add WA each time version changes) ...
No, I'm not. that's why I posted links to those videos of the anti-crypto component being tested and failing.
Most people that find out about HMP that buy HMPA will think it's more like a conventional supplementary antivirus.
So the people marketing it need to be totally clear and say that it's a second opinion scanner and anti-exploit protection. They could say it's something that will pick up the slack that a conventional antivirus will miss.
I sometimes have to re-add things to the protected applications too. It might identify each application by their hash or something.
It seems to auto-detect apps that are commonly used though, probably by their file name in that case.
But if you have to manually add an application to the protected applications then you should expect that you'll need to add it again whenever it updates.
Aha! Thanks! I was looking under "Applications" instead of "Running Applications". Since I hadn't yet set any as "Other" it wasn't showing up in the first list.
Maybe it depends on file path. Some software has different subfolders for each version, so after every update, it runs from a different file path.
Btw, lots of AV software that is 'stand-alone' instead of complementary still fails against ransomware. HMP.A does have real-time scanning as well. Though not any web/HTTP scanning. Imho on Windows 10 with Defender and HMP.A there is no need for a 3rd party AV.
HMPA is constantly being improved to make sure it blocks as much ransomware as possible. It's based on behavior monitoring not on signatures, and it's always possible that ransomware will make use of some new technique.
But yes, it's best to combine it with some AV, for multiple levels of protection. If AV fails, then hopefully HMPA will block it and vice versa. Also, it can block stuff like APC code injection and process hollowing which is used by lots of malware. If you block this, then malware will often not be able to perform any other malicious actions.
Separate names with a comma.