Advice Request HitmanPro.Alert Bugs?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

vertigo

Level 2
Thread author
Verified
Mar 18, 2018
75
I'm not sure what the best way to make the HMPA devs (SurfRight) aware of this, so I'll just post it here and hope one of them sees it or someone who knows how to contact them makes them aware of it. I checked their site for contact info and didn't see any, so between these issues and the fact they don't have any apparent support, I guess I'll pass on this software, which I was actually seriously considering before. Also, this clearly isn't a Q&A, but it wouldn't let me post without selecting a prefix and oddly there isn't one for reporting issues.

I've just spent quite a while testing HMPA 3.7.9 build 771, resetting the VM numerous times to try and narrow down exactly what's going on and make sure the problems are consistent (and actually many more times than I otherwise would have had to because I did numerous tests with build 759, assuming that was the latest one since it updated to it, only to find that after doing that update it did another update to 771, instead of just going straight to that version). And I've determined there are a couple issues with it which appear to be bugs, though the first could simply be by design, though, if that's the case, it's a poor design IMO.

The first issue is that if malware is run while internet access is down, once it's back, even after HMP does a scan and flags the malware, it will still allow it to run unchecked from that point on. Maybe it whitelists the malware due to it having already run, but that doesn't make sense both due to it flagging it on the scan and due to the fact it happens even if the malware isn't installed, simply that it's run. For example, I downloaded the known infected version of CCleaner (5.33.6162) from https:// downzen /en/windows/ccleaner/download/5336162/, installed HMPA, disabled the internet (this was done in VirtualBox, so I simply disabled the network access to the VM in its settings), ran the installer (required running through an elevated cmd prompt since Windows wouldn't allow it normally even with WD completely disabled), then closed it as soon as it opened. At that point, I reenabled the internet access and relaunched it, and HMPA didn't do anything to stop it. I also tried running a scan with HMP first after turning the network access back on, to make sure it flagged the installer and knew it was malware, and then ran it, and still, HMPA let it go unchallenged. If it is whitelisting it, that seems to be a poor decision, and I don't think it should be doing that. It should still pop-up a warning and offer the option to manually add an exception at least. However, it really seems more like a bug to me.

I also tried running a scan first, so it would be flagged by HMP, then disabling the network connection and launching the malware, and it again ran without intervention. Despite everything else, I had hoped that HMPA would at least block it at that point, having determined it a threat and hopefully remembering that, but apparently not. So not only is it useless when there's no internet access which, while not ideal, is to be expected since it's a cloud scanner (though I thought it was a BB, which clearly it isn't if it's reliant on the cloud), it seems it's also useless even *with* a connection once malware has been run, and also without a connection even after it's already identified the malware, which is truly disappointing. Hopefully these issues can and will be fixed.

The other issue I've noticed, which seems minor but is still worth mentioning, is that it often takes a while to reflect the status of the internet connection. For example, after disabling the connection, it still shows the protection as being active, even though it clearly is not. I see this as being the bigger problem, since it can lead to a false sense of security in the case of a loss of internet access. Interestingly, even though it says "Anti-Malware" on the button (advanced interface), indicating it's active, clicking it usually, but not always, shows that cloud protection is offline. Disabling then reenabling it causes the button to accurately indicate "Anti-Malware Offline" (again, usually but not always). The inverse is also true: when a connection is established, it sometimes continues to show that the protection is offline until disabling and reenabling it, at which point it changes to say "Anti-Malware" and the "Cloud Protection Offline" warning goes away (actually, that warning goes away sometimes, if not always, on its own, so it seems the issue when regaining connection is solely with the main button text). This, at least, doesn't seem to present an actual issue, since as far as I can tell protection is active despite it indicating otherwise, so this aspect of the bug appears to merely be a confusing factor, but not a risk. Still, it warrants further investigation, just in case protection might not always be active at that point. Regardless, there's clearly an issue with it maintaining awareness of the state of the connection and modifying its display of the status accordingly.

Another thing I've noticed which, while not an issue necessarily, is rather curious, is that once the scan gets to 99% it sits there for a bit then drops back down to ~90% and then continues to climb again, once again pausing for a bit on 99% before finishing. It does this regularly.

Finally, another thing I don't like is that once the scan results window is closed, there doesn't appear to be a way to get it back without rerunning the scan. There should be a button to access scan results, and preferably a history within those results to view previous scans as well.
 
5

509322

I'm not sure what the best way to make the HMPA devs (SurfRight) aware of this, so I'll just post it here and hope one of them sees it or someone who knows how to contact them makes them aware of it. I checked their site for contact info and didn't see any, so between these issues and the fact they don't have any apparent support, I guess I'll pass on this software, which I was actually seriously considering before. Also, this clearly isn't a Q&A, but it wouldn't let me post without selecting a prefix and oddly there isn't one for reporting issues.

I've just spent quite a while testing HMPA 3.7.9 build 771, resetting the VM numerous times to try and narrow down exactly what's going on and make sure the problems are consistent (and actually many more times than I otherwise would have had to because I did numerous tests with build 759, assuming that was the latest one since it updated to it, only to find that after doing that update it did another update to 771, instead of just going straight to that version). And I've determined there are a couple issues with it which appear to be bugs, though the first could simply be by design, though, if that's the case, it's a poor design IMO.

The first issue is that if malware is run while internet access is down, once it's back, even after HMP does a scan and flags the malware, it will still allow it to run unchecked from that point on. Maybe it whitelists the malware due to it having already run, but that doesn't make sense both due to it flagging it on the scan and due to the fact it happens even if the malware isn't installed, simply that it's run. For example, I downloaded the known infected version of CCleaner (5.33.6162) from https:// downzen /en/windows/ccleaner/download/5336162/, installed HMPA, disabled the internet (this was done in VirtualBox, so I simply disabled the network access to the VM in its settings), ran the installer (required running through an elevated cmd prompt since Windows wouldn't allow it normally even with WD completely disabled), then closed it as soon as it opened. At that point, I reenabled the internet access and relaunched it, and HMPA didn't do anything to stop it. I also tried running a scan with HMP first after turning the network access back on, to make sure it flagged the installer and knew it was malware, and then ran it, and still, HMPA let it go unchallenged. If it is whitelisting it, that seems to be a poor decision, and I don't think it should be doing that. It should still pop-up a warning and offer the option to manually add an exception at least. However, it really seems more like a bug to me.

I also tried running a scan first, so it would be flagged by HMP, then disabling the network connection and launching the malware, and it again ran without intervention. Despite everything else, I had hoped that HMPA would at least block it at that point, having determined it a threat and hopefully remembering that, but apparently not. So not only is it useless when there's no internet access which, while not ideal, is to be expected since it's a cloud scanner (though I thought it was a BB, which clearly it isn't if it's reliant on the cloud), it seems it's also useless even *with* a connection once malware has been run, and also without a connection even after it's already identified the malware, which is truly disappointing. Hopefully these issues can and will be fixed.

The other issue I've noticed, which seems minor but is still worth mentioning, is that it often takes a while to reflect the status of the internet connection. For example, after disabling the connection, it still shows the protection as being active, even though it clearly is not. I see this as being the bigger problem, since it can lead to a false sense of security in the case of a loss of internet access. Interestingly, even though it says "Anti-Malware" on the button (advanced interface), indicating it's active, clicking it usually, but not always, shows that cloud protection is offline. Disabling then reenabling it causes the button to accurately indicate "Anti-Malware Offline" (again, usually but not always). The inverse is also true: when a connection is established, it sometimes continues to show that the protection is offline until disabling and reenabling it, at which point it changes to say "Anti-Malware" and the "Cloud Protection Offline" warning goes away (actually, that warning goes away sometimes, if not always, on its own, so it seems the issue when regaining connection is solely with the main button text). This, at least, doesn't seem to present an actual issue, since as far as I can tell protection is active despite it indicating otherwise, so this aspect of the bug appears to merely be a confusing factor, but not a risk. Still, it warrants further investigation, just in case protection might not always be active at that point. Regardless, there's clearly an issue with it maintaining awareness of the state of the connection and modifying its display of the status accordingly.

Another thing I've noticed which, while not an issue necessarily, is rather curious, is that once the scan gets to 99% it sits there for a bit then drops back down to ~90% and then continues to climb again, once again pausing for a bit on 99% before finishing. It does this regularly.

Finally, another thing I don't like is that once the scan results window is closed, there doesn't appear to be a way to get it back without rerunning the scan. There should be a button to access scan results, and preferably a history within those results to view previous scans as well.

The developers are over at Wilders Security. Report it there. They don't come here very often. I have not seen one in over a year here at MT.

Also, you can just report it to their support.
 
Last edited by a moderator:

vertigo

Level 2
Thread author
Verified
Mar 18, 2018
75
Hmm, I thought that might be the case. Unfortunately, Wilders apparently has something against letting me post there, so I've given up on that "forum." And can't report it to their support if they don't provide a way to do so (no email or contact form). I could report it to Sophos, but it seems it would be better to report it to SurfRight and, frankly, I shouldn't have to, as they should provide a contact method on the HMP site. It should be easy to report issues, and it irritates me that I have to jump through hoops to do so. Oh well, like I said, I guess I'll skip on their software since they clearly don't care to hear from customers, potential or otherwise. Besides, I'd hate to see what it would be like if I actually needed post-sales support.
 
5

509322

Hmm, I thought that might be the case. Unfortunately, Wilders apparently has something against letting me post there, so I've given up on that "forum." And can't report it to their support if they don't provide a way to do so (no email or contact form). I could report it to Sophos, but it seems it would be better to report it to SurfRight and, frankly, I shouldn't have to, as they should provide a contact method on the HMP site. It should be easy to report issues, and it irritates me that I have to jump through hoops to do so. Oh well, like I said, I guess I'll skip on their software since they clearly don't care to hear from customers, potential or otherwise. Besides, I'd hate to see what it would be like if I actually needed post-sales support.

Their official support thread over at Wiilders. If you want to create an account there, then you have to contact one of the staff to sort out whatever problem you are having.

HitmanPro.ALERT Support and Discussion Thread

Jumping through hoops, problems, and more problems and frustrations... welcome to the world of Windows and Windows security.
 
  • Like
Reactions: harlan4096

vertigo

Level 2
Thread author
Verified
Mar 18, 2018
75
I already have an account there, have for a while. Tried posting in a thread the other day, then tried again when it hadn't posted after several hours. When that one also didn't post, I sent a message to support, which has gone unanswered. So to be as nice as I care to be about the situation, f*** them. Anyways, thanks for trying to point me in the right direction, it's just too bad I can't act on it. But again, if they're going to have such crappy "support" (i.e. no support on the webpage and only offering support on one (crappy) forum), I'd rather not bother anyways.
 

vertigo

Level 2
Thread author
Verified
Mar 18, 2018
75
Thanks :) I'll watch it a bit but hopefully they'll have the sense to follow-up on it here knowing I can't post there. I still can't see myself buying it knowing that getting support would be extremely difficult to obtain, but hopefully at least they can use my findings to improve it for those that do use it.
 
  • Like
Reactions: erreale
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top