Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
Probably some growing pains with new owners after Sophos being sold.
Look to the right of that Twitter page under Relevant People
I saw that and wondered who wrote it. Eric hasn't posted here in 3 years (in either the main HMPA thread or the beta thread), but Mark has....
I always dealt with Erik when he did some online debugging on my system.. I assumed he was the one that knew the inner workings. Never dealt with Mark. Maybe RonnyT can clarify who did what.
Good question, I'm guessing they have quite a few developers including Mark Loman that can continue development, but let's hope that Sophos won't terminate HMPA like they did with Sandboxie.
Why would they do that when they have this community to use as unpaid beta testers for Sophos Intercept X?
Well, Sophos didn't buy Sandboxie(it just happened to be part of Invinciea) but they did HMPA. So, it's more likely they will continue to support it.
And possibly add a pause feature.
Good points, but I remember that Invincea also bought Sandboxie to implement stuff into Invincea X, which was then bought by Sophos. Apparently Sandboxie didn't make enough money for them, so they decided to call it a day. Let's hope this isn't the case with HMPA.
Is anyone having a problem with the "check for update" and "scan computer" for HitmanPro Alert not working? I have been able to use both of them until this week.
Something is wrong, can't scan too, or check updates. What's going on?
No problems here.
Well that might be the case, but in this case it shouldn't have been stopped in the first place so this bug has been fixed in the next release.
Same goes for Macrium recovery/imaging.
How come partially Erik?
Can you send me the details via a PM here?
There is whitelisting, it's just called "Suppress Similar" on the 8xx version under "Last event" -> Find the offending alert -> Action -> Suppress similar.
Just in some corner cases this doesn't work and specific actions have to be taken.
When that happens please click on the "Technical details" and send them in PM I'm really curious as to what might be triggered here.
You can also find those details in the windows eventlog or in the new eventlog from the 8xx builds.
Yes, in the Alert interface there should be a status message about the last scan, not on the tray icon.
Beware the "Scan computer" feature is using HitmanPro in the background, all other features of Alert reside in the HitmanPro.Alert product.
That's one we haven't been able to reproduce doesn't happen on our machines, so if someone is willing to have a remote session or test a specific build send me a PM.
Because we've made a completely new anti-ransomware module version 5, and we're still tweaking it. So if you download a fresh copy your on 3.8, or a user here and download/upgrade.
All others are still on 797 until we switch on the auto-update.
There is one though be it a bit dated, you can find the Getting started here:
https://dl.surfright.nl/HitmanPro Alert Getting Started.pdf
HitmanPro does the scanning here, and does only an intelligent scan so if nothing on the external drive has been used for a while it won't scan it.
Only stuff that has a recent activity footprint is investigated.
I'd like to pick up on a few things here, on install it runs a HitmanPro scan that's cleans first.
After install HMPA prevents exploits, ransomware, banking trojans injecting in your browsers (safe browsing) and known malware from execution (anti-malware).
So we do cover conventional malware, but as it's a light cloud lookup and not a heavy bloated full blown AV (with e.g. behavioral rules for example).
Show me a product that has more layers then ours please, even under anti-exploit there is so many stuff going on that isn't even exploit but definitely are layers. (e.g. lockdown).
So someone working with a PC no knowledge of security can open a phishing document, click on enable macro and we'll stop it before it has a chance to execute powershell or vbs or other stuff in the first place.
Check out the tricks covered under Risk reduction Process protection and try to find that in other internet security suits.
If you would like to run an other 3rd party internet security suite is all up to the user and his/her risk profile and technical knowledge.
Next the ransomware claim, I'm sorry but those are video's from 2016/17 we've released tons of new versions and an occasional fix for cryptoguard not catching something.
Yes there might be files lost, and or not deleted (e.g. the encrypted one's) but what's more important, having your files or paying the ransom and do some clean up.
In version 4 of CG we protect business files (e.g. not mp3) but with version 5 we protect all files, big improvement, better rollback, more forms of attack detections.
So please show me video's of version 797 or 875 that show bypass on our cryptoguard and we'll be happy to fix.
Anti-vm is injecting stuff in your machine so it looks as a VM to the malware, nothing interferes with real VM software e.g. virtualbox or vmware.
If malware checks if it runs in a VM it terminates that's the goal.
Spot on, Whatsapp is a repeat offender and so is e.g. Discord.
You might want to back that claim up with evidence and not from 2016 and 2 samples, cause this is a bold if not rude statement.
HMPA isn't really scanning it's showing the scan progress from HitmanPro.
So whenever you run a scan with HMP and open the Alert window you will see the progress bar there also.
Separate names with a comma.