D

Deleted member 65228

HMPA has no BB tho. it only has HMP's engines/signatures
HMP.A has exploit mitigation and ransomware protection.

HMP.A = HitmanPro.Alert
HMP = HitmanPro

The former has behavioural-based prevention implementations combined with anti-malware engine, the latter is what everyone is used to hearing about from the past (and current) which is just the on-demand scanner.

SOPHOS also bought out Surfright because of their HitmanPro.Alert niche.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Yeah, HMPA has a whole long list of mitigations and anti-exploit features.. My fingers will fall off if I write them all. The question is how good are they?
 
  • Like
Reactions: Sunshine-boy

mekelek

Level 28
HMP.A has exploit mitigation and ransomware protection.

HMP.A = HitmanPro.Alert
HMP = HitmanPro

The former has behavioural-based prevention implementations combined with anti-malware engine, the latter is what everyone is used to hearing about from the past (and current) which is just the on-demand scanner.

SOPHOS also bought out Surfright because of their HitmanPro.Alert niche.
wait i forgot about cryptoguard, that can be considered BB i guess, I just thought most of HMPA features don't belong to the BB category.
 
D

Deleted member 65228

wait i forgot about cryptoguard, that can be considered BB i guess, I just thought most of HMPA features don't belong to the BB category.
I guess it depends on what you think of by "BB". There's no real singular definition for it, it's just a title used by some vendors to emphasise interception of behavior of programs targeting "malicious behaviour" and accuracy to set a difference of a HIPS system.

So if you consider exploit mitigation and anti-ransomware combined as meeting the expectations of a "BB" then sure it's a BB, else it isn't to you.

I wouldn't say it's a "BB" in the sense of vendors like Emsisoft or with Kaspersky's Application Control but I'd say it is a "BB" in the sense that a "Behavior Blocker" will block malicious behavior... Since prevention of exploitation and ransomware activities is blocking malicious behavior, so to me yes it counts.

Case by case basis, opinionated. ;)
 

shmu26

Level 83
Verified
Trusted
Content Creator
I guess it depends on what you think of by "BB". There's no real singular definition for it, it's just a title used by some vendors to emphasise interception of behavior of programs targeting "malicious behaviour" and accuracy to set a difference of a HIPS system.

So if you consider exploit mitigation and anti-ransomware combined as meeting the expectations of a "BB" then sure it's a BB, else it isn't to you.

I wouldn't say it's a "BB" in the sense of vendors like Emsisoft or with Kaspersky's Application Control but I'd say it is a "BB" in the sense that a "Behavior Blocker" will block malicious behavior... Since prevention of exploitation and ransomware activities is blocking malicious behavior, so to me yes it counts.

Case by case basis, opinionated. ;)
To me, BB is all the other stuff these applications do, besides the signature-based protection.
 

Sunshine-boy

Level 27
Verified
I say HMPA is better because it encrypts my keystroke(for both browser and Telegram)+protect me from Password Stealer+back door protection(network lockdown)+procces protection!Kaspersky BB(or other AVS)cant do what HMPA do!although it problematic but worth it.
 

shmu26

Level 83
Verified
Trusted
Content Creator
I say HMPA is better because it encrypts my keystroke(for both browser and Telegram)+protect me from Password Stealer+back door protection(network lockdown)+procces protection!Kaspersky BB(or other AVS)cant do what HMPA do!although it problematic but worth it.
+1 for HMPA keystroke encryption.
KIS lets me down where I really need it: when I am filling in my Lastpass master password in the prompt.
 
  • Like
Reactions: Sunshine-boy
D

Deleted member 65228

+1 for HMPA keystroke encryption.
KIS lets me down where I really need it: when I am filling in my Lastpass master password in the prompt.
Yes however Kaspersky Internet Security already has a safe browser. Kaspersky safe browser prevents form-grabber and WebInject installation as the safe browser is virtualized via hyper visor and thus cannot just be accessed for RCE on the host and also with this it will prevent screen capture from seeing the safe browser window. Since it is isolated, global window hooks neither will affect the safe browser process.

HMP.A does identify patches for form-grabber/WebInject if I remember correctly however it won't be as full-proof as Kaspersky with the safe browser because Kaspersky actually isolate the browser which would be harder to bypass.

At the same time though, using a safe browser is not convenient all the time... I think the purpose is for sensitive things like online banking. I doubt many use it except for those situations. Because you will want to use the browser you love and with your extensions, etc.
 
D

Deleted member 65228

My impression as a user is that HMPA protections are much more aggressive than KIS protections. KIS is trying harder not to break things, and HMPA is trying harder to maximize the protection
That is also what I think. I know some who used to use HMP.A lot but stopped because of so many breakages with software they used after updates. Application Control in KIS is more mature in terms of preventing breakages because known reputable software can roam more freely, preventing effect on most mainstream good applications and mainly affecting really non-reputable/hardly used software or malicious software due to the KSN cloud.
 

ichito

Level 6
Verified
Content Creator
I guess it depends on what you think of by "BB". There's no real singular definition for it, it's just a title used by some vendors to emphasise interception of behavior of programs targeting "malicious behaviour" and accuracy to set a difference of a HIPS system.
BB is the app...I think it can be the good explanation...that monitors new process and its action (behaviour) and collects needed informations as long as such behaviour sticks to the inner rules that allow the action. In cirtic moment BB decides to stop the chain of actions, asks user about decision and when it's "block" BB can revert state befor unwanted changes.
 
  • Like
Reactions: harlan4096
D

Deleted member 65228

BB is the app...I think it can be the good explanation...that monitors new process and its action (behaviour) and collects needed informations as long as such behaviour sticks to the inner rules that allow the action. In cirtic moment BB decides to stop the chain of actions, asks user about decision and when it's "block" BB can revert state befor unwanted changes.
Yes but there's no "official" definition, it's not in a dictionary. It's a term that was made up one day, probably by Emsisoft actually... I do not know.

I consider a "BB" as a component which monitors code execution and differentiates behavior between good and bad (malicious) intent, but others may think of a "BB" as a component which is packed with controlling features to control a programs behavior, instead of it being applied to any component which intercepts activity and can prevent an action from carrying out in the first place if deemed bad. I also consider a "BB" component based on it's automation, but that's me.

To me, a "BB" should prevent an action from happening in the first place if it is deemed to be malicious intent, instead of allowing an action and reverting it afterwards. To me, a "BB" should also have more automation and focus on malicious activity, not on general things only... Combining intelligence through many other factors into the decision factor. Unlike a HIPS which will likely ask you for your decision and will tend to be based on a specific event instead of being triggered on many having occurred/occurring at once.
 
  • Like
Reactions: harlan4096

Azure

Level 24
Verified
Content Creator
Yeah, HMPA has a whole long list of mitigations and anti-exploit features.. My fingers will fall off if I write them all. The question is how good are they?
I would like to know that as well.

How good is the full security features of Hmp alert, not just cryptoguard and signatures. But I doubt the common youtube testers has the resources and knowledge to properly test it
 
  • Like
Reactions: ZeroDay and shmu26
D

Deleted member 178

HIPS: The advantages and disadvantages of a HIPS are clear - maximum control of the system for experienced users who can appropriately assess occurring messages. If you prefer concrete decisions and as few alarms as possible, you should opt for behavioral analysis.

BB: Behavioral analysis combines a set of detection patterns that only trigger alerts based on a probability calculation when it exceeds a certain limit that clearly indicates malware. This results in far fewer alerts compared to a HIPS at an extremely high security level, as the behavioral analysis is trained on real malware.
What is a HIPS? The technology behind Emsisoft Online Armor Firewall explained

old article but the explanation is still valid.

BBs monitor the system, comparing events with its algorithms until several criteria indicate a malware-like behavior.

HIPS/anti-exe : will block a process execution whatever it does.
BB: will let it do the process do its job until it does something it shouldn't.

HMPA is no way near a BB , it is just an anti-exploit.
KIS has more an HIPS than a BB.
 
Last edited by a moderator:

ichito

Level 6
Verified
Content Creator