App Review Hitman Pro.Alert - ransomware test | 12/01/2017

[Evjl's Rain]

Hi everyone,
I recorded this video before the ZAM video to check out how the video quality was. The testing method was not the best, or a bit n00bish because it was my first time of recording
In this video, I tested HMPA against some very old ransomware samples and some more recent ransomwares I found on the MT hub

In the end, HMPA did its job well. However, documents folder was attacked by 2 ransomwares: the first one encrypted 1 file before it got blocked by HMPA (newer sample). The second one successfully encrypted everything after a reboot (old sample)

It's not easy to test HMPA because it has no signature and I had to wait for minutes for ransomwares to work and for HMPA to analyze ransomwares' behaviors and block them

 

[aragornnnn]

Nice test, i always knew HMP.A was good. (ofcourse it needs a friend to team up with)

I'm using it alongside Kaspersky and i have to say they are doing very well together

 

[Evjl's Rain]

Nice test, i always knew HMP.A was good. (ofcourse it needs a friend to team up with)

I'm using it alongside Kaspersky and i have to say they are doing very well together

I still believe that KIS or EIS's behavior blockers alone are still better than HMPA but I can't confirm it
for ransomware protection, I think qihoo 360's light HIPS can block everything automatically

 

[_CyberGhosT_]

Thank You Rain, I love this test
I have not seen a W.A.R test in quite a while.
Sis did one a while back, there have been updates and changes.
Would you mind doing one ? Thanks brother.
PeAcE

 

[AtlBo]

Good test. HMPA did well and I like the way it remains silent until it has dealt with the threat.

Evjl's Rain, you seemed to leave the one encrypted file after the first attack. Curious if this could have thrown off HMPAs protection for the one that got all the files later. I don't think so, but with malware v security I guess strange things could happen so maybe.

 

[Evjl's Rain]

Thank You Rain, I love this test
I have not seen a W.A.R test in quite a while.
Sis did one a while back, there have been updates and changes.
Would you mind doing one ? Thanks brother.
PeAcE

I may try it when I have time. I have 1 question: does it work if I use the trial version? The trial was proven to be useless in some tests long ago
WAR will block everything I believe. Now it behaves like an anti-exe

 

[_CyberGhosT_]

I may try it when I have time. I have 1 question: does it work if I use the trial version? The trial was proven to be useless in some tests long ago
WAR will block everything I believe. Now it behaves like an anti-exe

I think it will work, if not just let WinPatrol know what your doing, they may issue you a testers key ?
Thanks brother.
I run W.A.R and HMPA combo as my config in Windows and it is lite and so fast.
Thanks for being willing, and no rush.
PeAcE

 

[Evjl's Rain]

Good test. HMPA did well and I like the way it remains silent until it has dealt with the threat.

Evjl's Rain, you seemed to leave the one encrypted file after the first attack. Curious if this could have thrown off HMPAs protection for the one that got all the files later. I don't think so, but with malware v security I guess strange things could happen so maybe.

I saw the first ransomware deleted itself completely after encrypting the files so I left it there. I tested it before when I tested ZAM. I don't think it affected the results of later samples, too because HMPA kept blocking after this happened

 

[Evjl's Rain]

I think it will work, if not just let WinPatrol know what your doing, they may issue you a testers key ?
Thanks brother.
I run W.A.R and HMPA combo as my config in Windows and it is lite and so fast.
Thanks for being willing, and no rush.
PeAcE

I will test the trial version
Now I have a lot a lot of free time cuz I just finished my first semester early. 1 month free to do everything I want

 

[_CyberGhosT_]

I saw the first ransomware deleted itself completely after encrypting the files so I left it there. I tested it before when I tested ZAM. I don't think it affected the results of later samples, too because HMPA kept blocking after this happened

No worries and as you go you will develop a testing style or pattern that's all your own.
Keep up the awesome work

 

[Parsh]

...can't confirm it
for ransomware protection, I think qihoo 360's light HIPS can block everything automatically

True. Yet, it is heavily user-based in case of Qihoo. I have tried it, also saw its review video uploaded by @cruelsister and I've to say that it helped blocking a lot of threat samples simply because of the user knowing that he's testing malware. If not the case, it becomes tough to make so many decisions on the many similar alerts shown both in case of safe and unsafe files.

 

[KGBagent47]

Who has been infected by ransomware on this site? I've never had the honor of becoming infected by ransomware.

other question, u had the oportunity with Malwarebytes AntiRamsonware? Evjl's Rain

This guy has. 2 years ago, didn't know anything about security.

 

[Der.Reisende]

Great review @Evjl's Rain, thank you for sharing!
It's important to see that even the big players (I count SurfRight as one) can fail against specific ransomwares, clearly showing the need for backups.
Nethertheless, signatureless HMP.A did a great job!

 

[KGBagent47]

I think the best thing about HMP.A is the seemingly low amount of FPs. We all know it's not perfect, but it's pretty effective against the majority of ransomware.

I think this would be a good supplement for Windows Defender users.

 

[Evjl's Rain]

Who has been infected by ransomware on this site? I've never had the honor of becoming infected by ransomware.

other question, u had the oportunity with Malwarebytes AntiRamsonware? Evjl's Rain

I may try MB3 only if it doesn't freeze my testing VM
I have collected a number of ransomwares and ready to throw into MB3
But the question is: shall I test MB3 with everything enabled or just solely test its antiransomware feature

 

[Evjl's Rain]

if u want with suite MB 3.0, But slows down LOL, in my opinion is very important u go to directly to MBAR to install without MBAM,
that's what i want you to do.

I think I will test MB3 because MBAR hasn't been updated since september
and according to previous reviews I watched, it was completely destroyed

 

[Solarquest]

I will test the trial version
Now I have a lot a lot of free time cuz I just finished my first semester early. 1 month free to do everything I want

Thanks @Evjl's Rain for testing HMP.alert and for posting your results!
About spora, did you try to open some documents or .jpg? This ransom doesn't change the file name and on my test system didn't encrypt .png files but .jpg and .rtf.

If memory serves from a Cruelsister video, WAR in free version doesn't protect.

 

[Evjl's Rain]

Thanks @Evjl's Rain for testing HMP.alert and for posting your results!
About spora, did you try to open some documents or .jpg? This ransom doesn't change the file name and on my test system didn't encrypt .png files but .jpg and .rtf.

If memory serves from a Cruelsister video, WAR in free version doesn't protect.

oh sorry, I missed it
If I have a chance I will confirm this

 

[Evjl's Rain]

Thanks @Evjl's Rain for testing HMP.alert and for posting your results!
About spora, did you try to open some documents or .jpg? This ransom doesn't change the file name and on my test system didn't encrypt .png files but .jpg and .rtf.

If memory serves from a Cruelsister video, WAR in free version doesn't protect.

Hi I just tested HMPA with spora again. HMPA intercepted the attack and .rtf + .jpg were openable
However, google chrome was destroyed and couldn't be opened anymore. The system was frequently refreshing itself

 

[Solarquest]

Thanks!
Interesting result!