HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,494
    Location:
    Hollow Earth - Telos
    Just installed 2.5 but one time as the flyout came out MBAE 9.4.1000 showed a popup saying that it blocked The HPA.EXE... It just happened again after i came out of sleep mode and launched Chrome.
     
    Last edited: Nov 5, 2013
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This is an issue that MBAE is working on:
    https://forums.malwarebytes.org/index.php?showtopic=130079
     
  3. guest

    guest Guest

    I get a popup with an error when I try to install the new version

    Something like

    An error has happened during the installation of the app.
    Error32
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,910
    Location:
    Outer space
    Seems to be working fine so far :)

    Will the detailed info from Alert v1 be back in 2.5 or 3.0?
     
  5. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Using Win7 64 bit, Sandboxie and F-secure - working well here. Still getting double flyouts but no matter as it confirms I'm using Sandboxie. Hmpalert.dll showing up in Process Explorer. Good job -thank you.
     
  6. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,218
    Location:
    The Netherlands
    Version 2.5 Beta with CryptoGuard running great here on Windows 8.1 x64.
    Finally I get the flyout in Opera 17.
    The CryptoGuard feature is really cool and reassuring.
     
  7. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    994
    Once police ransomware is similar, in their installation process, to crypto ransomware (I'm not talking in personal files encryption process about), I would like to be enlightened on this question:

    ► Can 'HitmanPro.Alert' be able to neutralize installation process for police ransomware - like it does to avoid personal files encryption to crypto ransomware? My concern is about installation process, not what it does after.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Keeping malware out is the billion dollar question :)
    Alert is a real-time tool. It also provides HitmanPro on-demand clues which files performed malicious activity. They complement eachother.
     
  9. guest

    guest Guest

    @erikloman
    do you know why the installation fails?
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    3,000
    Location:
    the Netherlands
    Can you indicate what are the pros and cons of CryptoGuard compared to CryptoPrevent?
    CryptoPrevent is a utility with the same objective as CryptoGuard, but with another approach.
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    interesting question?
     
  12. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Wow, CryptoGuard! You guys are amazing! Working fine here, even working with Opera 17. Thanks.
     
    Last edited: Nov 5, 2013
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Error 32 means sharing violation. Did you uninstall an existing Alert installation?

    We have more reports with the Error 32 and have it investigation.
     
    Last edited: Nov 6, 2013
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    CryptoPrevent is a tool that writes 200+ group policy object rules into the registry in order to prevent executables in specific locations from running. Typical locations set by CryptoPrevent are %appdata% and %localappdata%. If you copy Notepad.exe to these folders you'd see it blocked when trying to execute it.

    But what when malware runs as an exploit in your browser or injects itself into running processes (e.g. explorer.exe, svchost.exe, etc.) or what when malware copies itself to the desktop or startup folder on your start menu? Ransomware will run and your personal files will be encrypted.

    Since we can't know from where ransomware will perform the encryption (might even be a script), we developed CryptoGuard.

    CryptoGuard looks for suspicious file operations at the file system level (CryptoGuard is a driver). When suspicious behavior is detected, the process's ability to rename, write or delete files is blocked and an Alert is presented to the user. So even while ransomware is active, it can't encrypt your files.

    Hope this helps.
     
    Last edited: Nov 6, 2013
  15. Asking again: does HMP alert injects itself into all processes?
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes, otherwise it cannot distinguish whether code hooks are placed by legitimate programs or by malware.
     
  17. Okay thx Erik

    Question: with HMP Alert being present in every process AND HMP Guard having a driver detecting file access, how far is HMP Alert away from:

    Preventing malicious changes of browsers in real time

    A) By preventing changes of locations where plug-ins, helper objects, extensions and toolbars are located on file level.

    B) By preventing processes to initiate changes of DLL's loaded into memory of the browser.

    I could imagine a "take snapshot" functionality combined with "freeze snapshot" and "allow updates" functonality to build up a and maintain a white list in HMP alert :cool:
     
    Last edited by a moderator: Nov 6, 2013
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This can all be done quite easily. But it would look like a HIPS. The average computer user can't handle HIPS prompts.

    CryptoGuard is implemented in such a way that it doesn't require user interaction.

    If we (that includes the Wilders members) can come up with doing the above without user interaction, we would do it ;)
     
  19. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    @erikloman
    OK..it's can be nice feature but I have a question connected with some words on your page
    Does it means that CG can protect not only system files but my privat documents also?...on other local disk or only on system disk?
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Private documents, files on USB sticks and on network drives. If you watch the video (at the bottom of our page) you'd see CryptoGuard protects both fixed and removable disks and also network shares.
     
  21. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,998
    Location:
    Poland - Cracow
    So in one word...now we have tool not only for browsing protection but also against encryption malwre and in our every disks areas...right?
     
  22. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    3,000
    Location:
    the Netherlands
    Erik replied,
    Thank you very much, Erik.
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes. And its free.
     
  24. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    Simply a great feature! :thumb:

    /E
     
  25. Well that is easy (no prompts). :cool:

    Provide a secure-browsing opt-in when navigating to https websites (auto-lock) and and opt-out (auto-release) when closing https websites.

    This 'secure browsing' feature has two options in HMP alert settings (simular to flyout)
    1. Disable (disables secured option completely)
    2. Enable (opt-in/opt-out) without user intervention when starting and closing https websites.

    Secured mode shows a fly-out as long as connection with https website. No questions to users, just a temporarily block as long as https session lasts.

    For public release this feature is disabled as default (v3.0), only after solid testing (Wilders Community) this option can be selected at install by user (V3.2), when large user base has proven it works without a quirk, set auto enable as default (V3.5).

    Regards Kees :D
     
    Last edited by a moderator: Nov 6, 2013
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.