I'm not sure what the best way to make the HMPA devs (SurfRight) aware of this, so I'll just post it here and hope one of them sees it or someone who knows how to contact them makes them aware of it. I checked their site for contact info and didn't see any, so between these issues and the fact they don't have any apparent support, I guess I'll pass on this software, which I was actually seriously considering before. Also, this clearly isn't a Q&A, but it wouldn't let me post without selecting a prefix and oddly there isn't one for reporting issues.
I've just spent quite a while testing HMPA 3.7.9 build 771, resetting the VM numerous times to try and narrow down exactly what's going on and make sure the problems are consistent (and actually many more times than I otherwise would have had to because I did numerous tests with build 759, assuming that was the latest one since it updated to it, only to find that after doing that update it did another update to 771, instead of just going straight to that version). And I've determined there are a couple issues with it which appear to be bugs, though the first could simply be by design, though, if that's the case, it's a poor design IMO.
The first issue is that if malware is run while internet access is down, once it's back, even after HMP does a scan and flags the malware, it will still allow it to run unchecked from that point on. Maybe it whitelists the malware due to it having already run, but that doesn't make sense both due to it flagging it on the scan and due to the fact it happens even if the malware isn't installed, simply that it's run. For example, I downloaded the known infected version of CCleaner (5.33.6162) from https:// downzen /en/windows/ccleaner/download/5336162/, installed HMPA, disabled the internet (this was done in VirtualBox, so I simply disabled the network access to the VM in its settings), ran the installer (required running through an elevated cmd prompt since Windows wouldn't allow it normally even with WD completely disabled), then closed it as soon as it opened. At that point, I reenabled the internet access and relaunched it, and HMPA didn't do anything to stop it. I also tried running a scan with HMP first after turning the network access back on, to make sure it flagged the installer and knew it was malware, and then ran it, and still, HMPA let it go unchallenged. If it is whitelisting it, that seems to be a poor decision, and I don't think it should be doing that. It should still pop-up a warning and offer the option to manually add an exception at least. However, it really seems more like a bug to me.
I also tried running a scan first, so it would be flagged by HMP, then disabling the network connection and launching the malware, and it again ran without intervention. Despite everything else, I had hoped that HMPA would at least block it at that point, having determined it a threat and hopefully remembering that, but apparently not. So not only is it useless when there's no internet access which, while not ideal, is to be expected since it's a cloud scanner (though I thought it was a BB, which clearly it isn't if it's reliant on the cloud), it seems it's also useless even *with* a connection once malware has been run, and also without a connection even after it's already identified the malware, which is truly disappointing. Hopefully these issues can and will be fixed.
The other issue I've noticed, which seems minor but is still worth mentioning, is that it often takes a while to reflect the status of the internet connection. For example, after disabling the connection, it still shows the protection as being active, even though it clearly is not. I see this as being the bigger problem, since it can lead to a false sense of security in the case of a loss of internet access. Interestingly, even though it says "Anti-Malware" on the button (advanced interface), indicating it's active, clicking it usually, but not always, shows that cloud protection is offline. Disabling then reenabling it causes the button to accurately indicate "Anti-Malware Offline" (again, usually but not always). The inverse is also true: when a connection is established, it sometimes continues to show that the protection is offline until disabling and reenabling it, at which point it changes to say "Anti-Malware" and the "Cloud Protection Offline" warning goes away (actually, that warning goes away sometimes, if not always, on its own, so it seems the issue when regaining connection is solely with the main button text). This, at least, doesn't seem to present an actual issue, since as far as I can tell protection is active despite it indicating otherwise, so this aspect of the bug appears to merely be a confusing factor, but not a risk. Still, it warrants further investigation, just in case protection might not always be active at that point. Regardless, there's clearly an issue with it maintaining awareness of the state of the connection and modifying its display of the status accordingly.
Another thing I've noticed which, while not an issue necessarily, is rather curious, is that once the scan gets to 99% it sits there for a bit then drops back down to ~90% and then continues to climb again, once again pausing for a bit on 99% before finishing. It does this regularly.
Finally, another thing I don't like is that once the scan results window is closed, there doesn't appear to be a way to get it back without rerunning the scan. There should be a button to access scan results, and preferably a history within those results to view previous scans as well.
I've just spent quite a while testing HMPA 3.7.9 build 771, resetting the VM numerous times to try and narrow down exactly what's going on and make sure the problems are consistent (and actually many more times than I otherwise would have had to because I did numerous tests with build 759, assuming that was the latest one since it updated to it, only to find that after doing that update it did another update to 771, instead of just going straight to that version). And I've determined there are a couple issues with it which appear to be bugs, though the first could simply be by design, though, if that's the case, it's a poor design IMO.
The first issue is that if malware is run while internet access is down, once it's back, even after HMP does a scan and flags the malware, it will still allow it to run unchecked from that point on. Maybe it whitelists the malware due to it having already run, but that doesn't make sense both due to it flagging it on the scan and due to the fact it happens even if the malware isn't installed, simply that it's run. For example, I downloaded the known infected version of CCleaner (5.33.6162) from https:// downzen /en/windows/ccleaner/download/5336162/, installed HMPA, disabled the internet (this was done in VirtualBox, so I simply disabled the network access to the VM in its settings), ran the installer (required running through an elevated cmd prompt since Windows wouldn't allow it normally even with WD completely disabled), then closed it as soon as it opened. At that point, I reenabled the internet access and relaunched it, and HMPA didn't do anything to stop it. I also tried running a scan with HMP first after turning the network access back on, to make sure it flagged the installer and knew it was malware, and then ran it, and still, HMPA let it go unchallenged. If it is whitelisting it, that seems to be a poor decision, and I don't think it should be doing that. It should still pop-up a warning and offer the option to manually add an exception at least. However, it really seems more like a bug to me.
I also tried running a scan first, so it would be flagged by HMP, then disabling the network connection and launching the malware, and it again ran without intervention. Despite everything else, I had hoped that HMPA would at least block it at that point, having determined it a threat and hopefully remembering that, but apparently not. So not only is it useless when there's no internet access which, while not ideal, is to be expected since it's a cloud scanner (though I thought it was a BB, which clearly it isn't if it's reliant on the cloud), it seems it's also useless even *with* a connection once malware has been run, and also without a connection even after it's already identified the malware, which is truly disappointing. Hopefully these issues can and will be fixed.
The other issue I've noticed, which seems minor but is still worth mentioning, is that it often takes a while to reflect the status of the internet connection. For example, after disabling the connection, it still shows the protection as being active, even though it clearly is not. I see this as being the bigger problem, since it can lead to a false sense of security in the case of a loss of internet access. Interestingly, even though it says "Anti-Malware" on the button (advanced interface), indicating it's active, clicking it usually, but not always, shows that cloud protection is offline. Disabling then reenabling it causes the button to accurately indicate "Anti-Malware Offline" (again, usually but not always). The inverse is also true: when a connection is established, it sometimes continues to show that the protection is offline until disabling and reenabling it, at which point it changes to say "Anti-Malware" and the "Cloud Protection Offline" warning goes away (actually, that warning goes away sometimes, if not always, on its own, so it seems the issue when regaining connection is solely with the main button text). This, at least, doesn't seem to present an actual issue, since as far as I can tell protection is active despite it indicating otherwise, so this aspect of the bug appears to merely be a confusing factor, but not a risk. Still, it warrants further investigation, just in case protection might not always be active at that point. Regardless, there's clearly an issue with it maintaining awareness of the state of the connection and modifying its display of the status accordingly.
Another thing I've noticed which, while not an issue necessarily, is rather curious, is that once the scan gets to 99% it sits there for a bit then drops back down to ~90% and then continues to climb again, once again pausing for a bit on 99% before finishing. It does this regularly.
Finally, another thing I don't like is that once the scan results window is closed, there doesn't appear to be a way to get it back without rerunning the scan. There should be a button to access scan results, and preferably a history within those results to view previous scans as well.
