HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    Probably some growing pains with new owners after Sophos being sold.
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    15,290
    Location:
    UK
    Look to the right of that Twitter page under Relevant People
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    I saw that and wondered who wrote it. Eric hasn't posted here in 3 years (in either the main HMPA thread or the beta thread), but Mark has....
     
  4. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,297
    I always dealt with Erik when he did some online debugging on my system.. I assumed he was the one that knew the inner workings. Never dealt with Mark. Maybe RonnyT can clarify who did what.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    Good question, I'm guessing they have quite a few developers including Mark Loman that can continue development, but let's hope that Sophos won't terminate HMPA like they did with Sandboxie.
     
  6. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    827
    Location:
    USA
    Why would they do that when they have this community to use as unpaid beta testers for Sophos Intercept X?
     
  7. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,234
    Well, Sophos didn't buy Sandboxie(it just happened to be part of Invinciea) but they did HMPA. So, it's more likely they will continue to support it.
     
  8. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,536
    Location:
    USA
    And possibly add a pause feature.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    Good points, but I remember that Invincea also bought Sandboxie to implement stuff into Invincea X, which was then bought by Sophos. Apparently Sandboxie didn't make enough money for them, so they decided to call it a day. Let's hope this isn't the case with HMPA.
     
  10. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    774
    Location:
    Oklahoma City
    Is anyone having a problem with the "check for update" and "scan computer" for HitmanPro Alert not working? I have been able to use both of them until this week.
     
  11. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    20
    Location:
    Finland
    Something is wrong, can't scan too, or check updates. What's going on?
     

    Attached Files:

  12. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,413
    Location:
    Outer space
    No problems here.
     
  13. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    889
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Well that might be the case, but in this case it shouldn't have been stopped in the first place so this bug has been fixed in the next release.
    Same goes for Macrium recovery/imaging.
     
    Last edited: Oct 6, 2020
  15. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    How come partially Erik?
    Can you send me the details via a PM here?
     
  16. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    There is whitelisting, it's just called "Suppress Similar" on the 8xx version under "Last event" -> Find the offending alert -> Action -> Suppress similar.
    Just in some corner cases this doesn't work and specific actions have to be taken.
     
  17. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    When that happens please click on the "Technical details" and send them in PM I'm really curious as to what might be triggered here.
    You can also find those details in the windows eventlog or in the new eventlog from the 8xx builds.
     
  18. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Yes, in the Alert interface there should be a status message about the last scan, not on the tray icon.
    Beware the "Scan computer" feature is using HitmanPro in the background, all other features of Alert reside in the HitmanPro.Alert product.
     
  19. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    That's one we haven't been able to reproduce doesn't happen on our machines, so if someone is willing to have a remote session or test a specific build send me a PM.
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Because we've made a completely new anti-ransomware module version 5, and we're still tweaking it. So if you download a fresh copy your on 3.8, or a user here and download/upgrade.
    All others are still on 797 until we switch on the auto-update.
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Hi,

    There is one though be it a bit dated, you can find the Getting started here:
    https://dl.surfright.nl/HitmanPro Alert Getting Started.pdf

    HitmanPro does the scanning here, and does only an intelligent scan so if nothing on the external drive has been used for a while it won't scan it.
    Only stuff that has a recent activity footprint is investigated.
     
  22. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    I'd like to pick up on a few things here, on install it runs a HitmanPro scan that's cleans first.
    After install HMPA prevents exploits, ransomware, banking trojans injecting in your browsers (safe browsing) and known malware from execution (anti-malware).
    So we do cover conventional malware, but as it's a light cloud lookup and not a heavy bloated full blown AV (with e.g. behavioral rules for example).

    Show me a product that has more layers then ours please, even under anti-exploit there is so many stuff going on that isn't even exploit but definitely are layers. (e.g. lockdown).
    So someone working with a PC no knowledge of security can open a phishing document, click on enable macro and we'll stop it before it has a chance to execute powershell or vbs or other stuff in the first place.

    Check out the tricks covered under Risk reduction Process protection and try to find that in other internet security suits.
    If you would like to run an other 3rd party internet security suite is all up to the user and his/her risk profile and technical knowledge.

    Next the ransomware claim, I'm sorry but those are video's from 2016/17 we've released tons of new versions and an occasional fix for cryptoguard not catching something.
    Yes there might be files lost, and or not deleted (e.g. the encrypted one's) but what's more important, having your files or paying the ransom and do some clean up.
    In version 4 of CG we protect business files (e.g. not mp3) but with version 5 we protect all files, big improvement, better rollback, more forms of attack detections.

    So please show me video's of version 797 or 875 that show bypass on our cryptoguard and we'll be happy to fix.

    Anti-vm is injecting stuff in your machine so it looks as a VM to the malware, nothing interferes with real VM software e.g. virtualbox or vmware.
    If malware checks if it runs in a VM it terminates that's the goal.

    Cheers.
    Ronny
     
  23. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Spot on, Whatsapp is a repeat offender and so is e.g. Discord.
     
  24. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    You might want to back that claim up with evidence and not from 2016 and 2 samples, cause this is a bold if not rude statement.
     
  25. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    HMPA isn't really scanning it's showing the scan progress from HitmanPro.
    So whenever you run a scan with HMP and open the Alert window you will see the progress bar there also.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.