Q&A HitmanPro.Alert Beta help needed

Techno Mama

Level 1
Oct 26, 2014
11
Having used Hitmanpro in the past as a second opinion, now that I have increased threats this HitmanPro Alert really intrigued me. So I added it to my computer. Was over at Wilders, and read about the Beta which offers CookieGuard which was exactly what I needed (My hacker loves XSS) . And they improved the heap heap protect. At this point in my life, its a matter of I want the Beta features and need to make this work. Their staff is at Wilders, but my old logon won't work and suspect my email address is one that I lost with a cable provider. So I registered again and they deleted all my well thought out posts, so I can't work with the Beta crew there. (Guess they want no new members)
  • New CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in Google Chrome and Microsoft Edge on Chromium.

So I have 2 options, live with it and see if anyone can help me here, or see if anyone can send the Hitmanpro folks here? Because I think they would be missing some serious product issues that can help make a better product. This is the thread name:

HHitmanPro.Alert BETA​


Here are some questions for anyone that can answer them.

1. Which is better, the Hitman Pro Heap Heap protect or the abbreviated version in Windows? Because it seems like I get to use one or the other and I want the most protection possible.
I have some information to share, about a protection that we've been working on over the last two years (and Wilder Security members have been enjoying it for that long too). It's about our Heap Heap Protect mitigation - called Dynamic Shellcode Protection in Sophos's flagship endpoint product Intercept X.
If you haven't read it yet and have 10 minutes, be sure to read my blog about it: Covert code faces a Heap of trouble in memory – Sophos News
Below a relatively short primer about why it's actually pretty bold.

Heap Heap Protect is unique in the world. It basically puts a hard limit on any application to what memory they can allocate. It impacts every process on the box, even Windows’ own processes.

How this works? Applications can ‘loan’ an extra memory region from the system for the purpose to run added code. But when the added code requests an additional ‘loan’ for the purpose to introduce and run even more code, we say NO.
  • Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
  • As part of the HeapHeapHooray mitigation, we now apply our proprietary SysCall mitigation system wide. This means when unknown malware employs, for example, the Heaven’s Gate defense evasion technique, it is now also blocked (this technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment).

It appears the Windows exploit protections etc added after Hitmanpro are not happy with my system so I disabled it. Slows it down and causes freezes etc. I imagine it's from the HMP Heap Heap protect features. Seems like this would be double of similar protection. I never used those features before on Windows because my computer missed Windows version changes since late 2019 and never told me. I was working myself to death and happily updating with security patches. Got an end of service notice the other day and was like what the heck? So I updated and that's when my system got unhappy. Shut off the Windows stuff and it's happy again.

2. HitmanPro Alert Beta keeps triggering with valid browser software downloads. One was an Edge browser download of the HitmanPro Alert beta to see if a fresh install would help, another was chrome browser update, and the last was a Java old version remover download from their site. A second attempt, works. Why is this happening?

3. The next issue is with the Keystroke Encryption, sometimes the text in everyday windows operations is scrambled. In just about every function or program. Even windows search. The cure is to close it and start over again and it always works.

(The reason I keep scanning my computer is I have a hacker after me and I had a whole directory of downloads that was deleted and didn't think I deleted it by accident. Would be difficult since the folder itself was still intact, just the contents were gone. But my system always comes up clean. But it's enough to make me want the HitmanPro Alert to work out) I'm in a new user too in case the old one was corrupted.
 
Last edited:

SecureKongo

Level 21
Verified
Malware Tester
Feb 25, 2017
1,082
So I have 2 options, live with it and see if anyone can help me here, or see if anyone can send the Hitmanpro folks here? Because I think they would be missing some serious product issues that can help make a better product. This is the thread name:
Or simply contact the support? 😄

1. Which is better, the Hitman Pro Heap Heap protect or the abbreviated version in Windows? Because it seems like I get to use one or the other and I want the most protection possible.
Can't answer that, but my system with Sophos Home Premium (v. 3.3.0) which has HMPA implemented and heapintegrity enabled in Windows exploit settings is running without any problems. As the HMPA modules are only partially implemented within Sophos Home I am not entirely sure if it's already added to Sophos Home. I would stick with Windows exploit settings until a stable HMPA release is published.

2. HitmanPro Alert Beta keeps triggering with valid browser software downloads. One was an Edge browser update, another was chrome browser update, and the last was a Java old version remover download from their site. A second attempt, works. Why is this happening?
Not happening on my system, can't help you with that...

3. The next issue is with the Keystroke Encryption, sometimes the text in everyday windows operations is scrambled. In just about every function or program. Even windows search. The cure is to close it and start over again and it always works.
Happens on my system too from time to time, but doesn't bother me too much as it at least shows that it's working. 😄

(The reason I keep scanning my computer is I have a hacker after me and I had a whole directory of downloads that was deleted and didn't think I deleted it by accident. Would be difficult since the folder itself was still intact, just the contents were gone. But my system always comes up clean. But it's enough to make me want the HitmanPro Alert to work out) I'm in a new user too in case the old one was corrupted.
A clean Windows install would be the better option if you are really thinking that you are/were infected.

Sorry for my not too helpful answers... :(
 

Techno Mama

Level 1
Oct 26, 2014
11
Or simply contact the support? 😄
Can you do this for a Beta?

A clean Windows install would be the better option if you are really thinking that you are/were infected.
I went up 3 versions (From 1909), wouldn't this be essentially the same? I wouldn't have any disks and my Windows cert is for Pro which my system wouldn't run. So I hotwired in Windows 10 home and it GAVE me a free cert after the expiration date. It's a valid cert whatever I did.

Can't answer that, but my system with Sophos Home Premium (v. 3.3.0) which has HMPA implemented and heapintegrity enabled in Windows exploit settings is running without any problems. As the HMPA modules are only partially implemented within Sophos Home I am not entirely sure if it's already added to Sophos Home. I would stick with Windows exploit settings until a stable HMPA release is published.

The beta newest heap heap and cookieguard stuff is not in Sophos, HMP is it's testing ground.

My computer is from 1994, but has 4 cores and 24 GB memory so it's pretty old, but VERY usable. ( Essentially it's a custom Alienware in a normal case.) So I imagine there could be a few things not up to 2021 standards. I recall one thing under Win 10 protection that mentioned my hardware and wouldn't even turn on.
 

SecureKongo

Level 21
Verified
Malware Tester
Feb 25, 2017
1,082
Can you do this for a Beta?
Why not? :unsure:

I went up 3 versions (From 1909), wouldn't this be essentially the same? I wouldn't have any disks and my Windows cert is for Pro which my system wouldn't run. So I hotwired in Windows 10 home and it GAVE me a free cert after the expiration date. It's a valid cert whatever I did.
Upgrading from older Windows versions doesn't do anything as the programs and files (malicious and not) still remain on your system and can do whatever they want. I don't quite get what you mean by not having any disks, but you can reset your PC which removes all the files and does a fresh Windows install without the need of a disk. If you don't know your product key, you can find it out with that tool: Windows Keyfinder | zebNet®
Don't forget to backup your data before doing that, as everything will be gone.

The beta newest heap heap and cookieguard stuff is not in Sophos, HMP is it's testing ground.
Thanks for the info, I knew that but wasn't sure about the module being added in the recent Sophos update.

My computer is from 1994, but has 4 cores and 24 GB memory so it's pretty old, but VERY usable. ( Essentially it's a custom Alienware in a normal case.) So I imagine there could be a few things not up to 2021 standards. I recall one thing under Win 10 protection that mentioned my hardware and wouldn't even turn on.
You probably mean the device protection in the Windows security center. Many of those functions need specific hardware which you most likely don't have as your PC is pretty old school (to put it in a friendly way). 😄
 

Techno Mama

Level 1
Oct 26, 2014
11
Hey SecureKongo some old things are better. ;) I was pretty much an Iphone gal for around 15 years. The computer wasn't used much, but right now, I feel more secure on it, so I'm spiffing it up.

My personal feelings are the hackers are getting better with Iphones, but Apple isn't allowing the appropriate firewall security apps. Also, they shouldn't release security update details with the updates, and maybe wait a week or 2. Because some hackers are just sitting and waiting for details of the next thing to exploit. If you miss an update by accident like I did due to no space, it should alert you. But if I had a decent security program, this wouldn't be an issue.

Right now, I know personally about 40-50 people that are around me that were hacked. More than 50% were apple. So they are hurting their customers.

I honestly can't remember, but maybe instead of backing up my downloaded files with a copy, I used a cut? Dunno if this warrants a full reinstall yet. I'll think about this. Plus, we did lose power a couple times on that logon. This was 6 months ago, but I am revisiting it now because a hacker said they put a keylogger on the old ladies computer. We don't know who they meant, but I call myself granny.
 
Last edited:

SecureKongo

Level 21
Verified
Malware Tester
Feb 25, 2017
1,082
This was 6 months ago, but I am revisiting it now because a hacker said they put a keylogger on the old ladies computer. We don't know who they meant, but I call myself granny.
When or where did he say that? Also, a keylogger doesn't magically delete or move files, it only captures your keystroke inputs, to steal passwords and other sensitive information. Why don't you let someone check your PC in the Malware Removal Help & Support just to make sure that your PC is clean? I personally think that you accidentally moved or deleted them or that you configured Windows or third party software to clean your download folder every 30 days for example. Many cleaning and tuning softwares offer such a function.
 

Techno Mama

Level 1
Oct 26, 2014
11
When or where did he say that? Also, a keylogger doesn't magically delete or move files, it only captures your keystroke inputs, to steal passwords and other sensitive information. Why don't you let someone check your PC in the Malware Removal Help & Support just to make sure that your PC is clean? I personally think that you accidentally moved or deleted them or that you configured Windows or third party software to clean your download folder every 30 days for example. Many cleaning and tuning softwares offer such a function.
Unnamed social media site. They are associated with assets, and my one friend had their email hacked by them and published by the MSM. They are looking for something they won't find on me and are going after all my friends too to get to me.

Well we know one thing leads to another with hackers. So a keylogger can lead to more. I will get it checked, thanks!

PS my sim is locked! Thank you!
 

Techno Mama

Level 1
Oct 26, 2014
11
And if you got that information by email, it is most likely a scam:
No I got the info from a friend who is aware of their doings like myself. We are more in the know of social media infiltration by international assets more than the DOJ and FBI. Long story....

Let's put it this way, I was also alerted that a major dangerous international security contractor was discussing me personally. My threats are real, and I need to be careful.
 
Last edited:
Top