HitmanPro.Alert or Sandboxie

[Tony Cole]

Hi

I'm currently using Emsisoft 9 and the tech guys said I can use Sandboxie or HitmanPro.Alert, but not both. Which one would you go for, and why?

Tony

 

[Dani Santos]

Hi

I'm currently using Emsisoft 9 and the tech guys said I can use Sandboxie or HitmanPro.Alert, but not both. Which one would you go for, and why?

Tony

Sandboxie. Just run there every file that you dont know.

 

[scot]

My choice would be Sandboxie without any doubt.
It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.

 

[FireShootSK]

For me Sandboxie. Is simple and little better.

 

[ahsanfreedom]

I use Sanboxie, run every unknown files virtually without any doubt it will ruin my system

 

[Moose]

Salutations,

Use both Hitman Pro Alert and Sandboxie combination just incase it fail.

> Sandboxie is high maintenance like you girlfriends.
> Fail from time to time.
> Conflicts with other security software's.
> Only work with certain AV's
> Use boths and add Shadow Defender.

May, I suggest Shadow Defender with no conflicts! Again a layering effect
of security software.

 

[hjlbx]

Hi

I'm currently using Emsisoft 9 and the tech guys said I can use Sandboxie or HitmanPro.Alert, but not both. Which one would you go for, and why?

Tony

Right now HitmanPro.Alert 3 beta is not compatible with Sandboxie on some systems. HMPA 2.x is compatible and remains freeware, so you still can use HMPA with Sandboxie...just not the current beta Release Candidate.

HMPA is mainly an anti-exploit/crypto whereas Sandboxie is light virtualization.

Light virtualization will generally protect your physical system from being permanently infected.

Sandboxie provides little protection during the entire virtual session beyond blocking the install of drivers and a user option to run apps in the sandbox with lowered permissions.

Sandboxie is more utilitarian/generic whereas HMPA provides a specific set of protections.

 

[Exterminator]

SBIE allows you to run your browsers,programs,installers,files,etc. within the sandbox which can be deleted without making any changes to your PC
HMP Alert is basically a tool to check the browser and alert you when a secure connection to online banking,shopping,etc. is no longer guaranteed or to a banking trojan intrusion,ransomware,etc.
I dont know why you cannot use both ?? HMP Alert works (or did when I used it) while running browsers in SBIE.

I would use SBIE & HMP Alert or just SBIE

 

[Deleted member 21043]

Hi,

I recommend Sandboxie. While, I do like HitmanPro.Alert, Sandboxie will have the programs executed in a virtual environment (if you open them in Sandboxie). This means the actions taken by the virtualized program will not affect your system. (this is if you have to choose between either one, otherwise I would recommend using both - since you asked which one out of the two).

If you download a lot of new stuff and are not sure if something if malicious or not (maybe you thought a program was a bit suspicious) you could execute it in Sandboxie. This would then allow you to see what happens whilst it's running in Sandboxie. Please be aware, some malware is "Anti-Virtualization", meaning if it detects itself being virtualized it may then do nothing malicious.

"Anti-Virtualization"/"Anti-Debugging"/"Anti-Sandbox" techniques are done to trick the user into thinking the program is safe (do nothing malicious until they detect themselves not being virtualized (including running on a VM) or in a sandbox. Then, the user believes the program is safe and decides to execute it on his real system (non-virtualized). The malware sample will then see it is not being virtualized and it will then start the attack of the user. For example: download more malware, start services (these services can be used to try to protect the malware processes), terminate other programs such as Antivirus software (if it can) or even recovery logging software like FRST, drop files into System32 or other Windows folders areas, or even encrypt files. The list can go on.

Another suggestion from me is to use HitmanPro.Alert and when you have a suspicious program (or a program you are unsure of), you can go to one of the following links and submit the sample for sandboxing. The online service will then return the results from what happened on the system (behavioural monitoring results for the sample) whilst it was being executed. This can help you distinguish whether the sample was malicious or not without actually running it on your system.

• malwr.com
• anubis.iseclab.org

However, nothing is full proof. If malware does manage to escape a Sandbox, then... Whereas, if you used a online service and it happened, for you there is no issue since it was being executed on the service server/systems and not yours.

Cheers.

 

[LabZero]

For me Sandboxie allows you to surf in safety, but does not guarantee 100% protection from malware.

 

[Cch123]

Sandboxie is better for general security needs. In my opinion the main feature of HitmanPro Alert is its anti exploit. You can easily use the free EMET to do the same job.

However, depending on your setup, you may not need both. If you use chrome for browsing, you do not need sandboxie as it does not give any additional benefits. Both their sandboxing techniques are similar.

 

[Atlas147]

Hitmanpro Alert 2 was extremely buggy for me, it was crashing my microsoft programmes, slow startup, slow shutdowns, causing the computer to slowdown from time to time. the GUI was also glitched for me and it kept giving me alerts that my firefox had been compromised by some unwanted extension, even after removing all my extensions and repeated scans of hitmanpro, malwarebytes and herd protect that showed results that everything was in order and no malware had taken over my computer. Overall it was a bad experience for me, and I didn't even know it was Himanpro Alert causing all that until I decided to give MBAE a try and uninstalled hitmanpro alert.

My opinion would be stay with sandboxie and use malwarebytes anti exploit if you are afraid that you are going to run into trouble. If you really want to use hitmanpro alert you should wait till hitmanpro alert 3 launches before going back to try it because 2 was so bad for me.

 

[Azure]

My opinion would be stay with sandboxie and use malwarebytes anti exploit if you are afraid that you are going to run into trouble. If you really want to use hitmanpro alert you should wait till hitmanpro alert 3 launches before going back to try it because 2 was so bad for me.

I would recommend Malwarebytes Anti Exploit, unfortunately it isn't compatible with sandboxie.

 

[juhful]

I use both, running the most currrent Sandboxie and HMP Alert 3 and haven't seen any conflicts at all.

 

[hjlbx]

The conflict is not widely reported... just by some users on their specific systems.

Few even report issues between HMPA 2.x and SBIE.

HMPA 3 Release Candidate has issues on my W8.1 / AMD system.

Check out MT and Wilders Security HMPA sub-forum for conflict infos.

 

[cLcL]

they're two different kind of program. shouldnt be compared

anw.. i agree with kram7750. and i've read in some (shady ) forum which show that as long as the sandbox is connected to the internet, a hacker still can get your data or something. a vm is better (or harder). and beside, you use emsi which is a good antimalware and with its good behavior blocker. just make sure the app you'll run is safe (you can use virustotal for this) and from legit web too.

imo, sandboxie is great to see how a program is behaving (for testing, both legit and not legit (eg: bad) program), for example: what files it's gonna produce and so on, which you'll put it in your real system eventually (for compatibility and suchs), and for run multiple instance of a program that cant be run multiple way

for malware, imo, it's better to you use your av/malware, updated programs (eg: chrome, java, etc), and your common sense. a second opinion is always good, so i prefer hitman pro (or other second opinion scanners)

cmiiw

 

[hjlbx]

a hacker still can get your data or something. a vm is better (or harder)
cmiiw

Issue is not a hacker trying to actively penetrate your system because in 99.9999% of the cases user will do all the work.

Real issue is malware that is downloaded, installed and allowed to run - usually without restriction whether deliberately or not... and then captures and transmits data with outbound connection. In that case VM will be of no help... same with any virtualization software. An infected virtual session permits data theft.

That's why it is important to run AV and have outbound connect monitoring while running virtualized... VM or otherwise.

 

[cLcL]

what i meant was with sandbox the malware/hacker can mess your real system easier than when using vm. atleast that's what i've read in that forum

then again, if a program (malware) is allowed to installed and run by the user, that user will allow outbound connection for that program too right? so i think it's better to user your av/malware, common sense and updated programs to prevent malware rather than using sandbox.

still cmiiw

 

[hjlbx]

what i meant was with sandbox the malware/hacker can mess your real system easier than when using vm. atleast that's what i've read in that forum

then again, if a program (malware) is allowed to installed and run by the user, that user will allow outbound connection for that program too right? so i think it's better to user your av/malware, common sense and updated programs to prevent malware rather than using sandbox.

still cmiiw

I agree.

 

[jamescv7]

Its a different aspect of their concept, but since virtualization is really an effective way to prevent viruses attacks upon isolating, then Sandboxie as example of a program is already a full proof concept with minimal imperfections against vulnerabilities, caused even though its highly maintainable task but there's a confident in testing a program without worries and reset the data from sandbox without fuss.

The concept isn't easy due to the fact, program development (like Sandboxie) will undergone all software and hardware to be virtualized and a mistake from developing may cause serious risk of leakage of infection when not properly virtualized.