HitmanPro.Alert or Sandboxie

Status
Not open for further replies.

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Hi

I'm currently using Emsisoft 9 and the tech guys said I can use Sandboxie or HitmanPro.Alert, but not both. Which one would you go for, and why?

Tony :)
Sandboxie. Just run there every file that you dont know.
 
  • Like
Reactions: LabZero

scot

Level 9
Verified
Dec 5, 2014
405
My choice would be Sandboxie without any doubt.
It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive.
 
Last edited:
  • Like
Reactions: LabZero

Moose

Level 22
Jun 14, 2011
2,271
Salutations,

Use both Hitman Pro Alert and Sandboxie combination just incase it fail.

> Sandboxie is high maintenance like you girlfriends.
> Fail from time to time.
> Conflicts with other security software's.
> Only work with certain AV's
> Use boths and add Shadow Defender.


May, I suggest Shadow Defender with no conflicts! Again a layering effect
of security software.


 
H

hjlbx

Hi

I'm currently using Emsisoft 9 and the tech guys said I can use Sandboxie or HitmanPro.Alert, but not both. Which one would you go for, and why?

Tony :)

Right now HitmanPro.Alert 3 beta is not compatible with Sandboxie on some systems. HMPA 2.x is compatible and remains freeware, so you still can use HMPA with Sandboxie...just not the current beta Release Candidate.

HMPA is mainly an anti-exploit/crypto whereas Sandboxie is light virtualization.

Light virtualization will generally protect your physical system from being permanently infected.

Sandboxie provides little protection during the entire virtual session beyond blocking the install of drivers and a user option to run apps in the sandbox with lowered permissions.

Sandboxie is more utilitarian/generic whereas HMPA provides a specific set of protections.
 
  • Like
Reactions: LabZero

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
SBIE allows you to run your browsers,programs,installers,files,etc. within the sandbox which can be deleted without making any changes to your PC
HMP Alert is basically a tool to check the browser and alert you when a secure connection to online banking,shopping,etc. is no longer guaranteed or to a banking trojan intrusion,ransomware,etc.
I dont know why you cannot use both ?? HMP Alert works (or did when I used it) while running browsers in SBIE.

I would use SBIE & HMP Alert or just SBIE
 
D

Deleted member 21043

Hi,

I recommend Sandboxie. While, I do like HitmanPro.Alert, Sandboxie will have the programs executed in a virtual environment (if you open them in Sandboxie). This means the actions taken by the virtualized program will not affect your system. (this is if you have to choose between either one, otherwise I would recommend using both - since you asked which one out of the two).

If you download a lot of new stuff and are not sure if something if malicious or not (maybe you thought a program was a bit suspicious) you could execute it in Sandboxie. This would then allow you to see what happens whilst it's running in Sandboxie. Please be aware, some malware is "Anti-Virtualization", meaning if it detects itself being virtualized it may then do nothing malicious.

"Anti-Virtualization"/"Anti-Debugging"/"Anti-Sandbox" techniques are done to trick the user into thinking the program is safe (do nothing malicious until they detect themselves not being virtualized (including running on a VM) or in a sandbox. Then, the user believes the program is safe and decides to execute it on his real system (non-virtualized). The malware sample will then see it is not being virtualized and it will then start the attack of the user. For example: download more malware, start services (these services can be used to try to protect the malware processes), terminate other programs such as Antivirus software (if it can) or even recovery logging software like FRST, drop files into System32 or other Windows folders areas, or even encrypt files. The list can go on.

Another suggestion from me is to use HitmanPro.Alert and when you have a suspicious program (or a program you are unsure of), you can go to one of the following links and submit the sample for sandboxing. The online service will then return the results from what happened on the system (behavioural monitoring results for the sample) whilst it was being executed. This can help you distinguish whether the sample was malicious or not without actually running it on your system.

  • malwr.com
  • anubis.iseclab.org
However, nothing is full proof. If malware does manage to escape a Sandbox, then... Whereas, if you used a online service and it happened, for you there is no issue since it was being executed on the service server/systems and not yours.

Cheers. ;)
 
Last edited by a moderator:
L

LabZero

For me Sandboxie allows you to surf in safety, but does not guarantee 100% protection from malware.
 

Cch123

Level 7
Verified
May 6, 2014
335
Sandboxie is better for general security needs. In my opinion the main feature of HitmanPro Alert is its anti exploit. You can easily use the free EMET to do the same job.

However, depending on your setup, you may not need both. If you use chrome for browsing, you do not need sandboxie as it does not give any additional benefits. Both their sandboxing techniques are similar.
 
  • Like
Reactions: LabZero

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Hitmanpro Alert 2 was extremely buggy for me, it was crashing my microsoft programmes, slow startup, slow shutdowns, causing the computer to slowdown from time to time. the GUI was also glitched for me and it kept giving me alerts that my firefox had been compromised by some unwanted extension, even after removing all my extensions and repeated scans of hitmanpro, malwarebytes and herd protect that showed results that everything was in order and no malware had taken over my computer. Overall it was a bad experience for me, and I didn't even know it was Himanpro Alert causing all that until I decided to give MBAE a try and uninstalled hitmanpro alert.

My opinion would be stay with sandboxie and use malwarebytes anti exploit if you are afraid that you are going to run into trouble. If you really want to use hitmanpro alert you should wait till hitmanpro alert 3 launches before going back to try it because 2 was so bad for me.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
My opinion would be stay with sandboxie and use malwarebytes anti exploit if you are afraid that you are going to run into trouble. If you really want to use hitmanpro alert you should wait till hitmanpro alert 3 launches before going back to try it because 2 was so bad for me.
I would recommend Malwarebytes Anti Exploit, unfortunately it isn't compatible with sandboxie.
 
  • Like
Reactions: silversurfer
H

hjlbx

The conflict is not widely reported... just by some users on their specific systems.

Few even report issues between HMPA 2.x and SBIE.

HMPA 3 Release Candidate has issues on my W8.1 / AMD system.

Check out MT and Wilders Security HMPA sub-forum for conflict infos.
 

cLcL

Level 1
Verified
Jan 6, 2015
31
they're two different kind of program. shouldnt be compared :D

anw.. i agree with kram7750. and i've read in some (shady :D ) forum which show that as long as the sandbox is connected to the internet, a hacker still can get your data or something. a vm is better (or harder). and beside, you use emsi which is a good antimalware and with its good behavior blocker. just make sure the app you'll run is safe (you can use virustotal for this) and from legit web too.

imo, sandboxie is great to see how a program is behaving (for testing, both legit and not legit (eg: bad) program), for example: what files it's gonna produce and so on, which you'll put it in your real system eventually (for compatibility and suchs), and for run multiple instance of a program that cant be run multiple way :D

for malware, imo, it's better to you use your av/malware, updated programs (eg: chrome, java, etc), and your common sense. a second opinion is always good, so i prefer hitman pro (or other second opinion scanners)

cmiiw :)
 
H

hjlbx

a hacker still can get your data or something. a vm is better (or harder)
cmiiw :)

Issue is not a hacker trying to actively penetrate your system because in 99.9999% of the cases user will do all the work.

Real issue is malware that is downloaded, installed and allowed to run - usually without restriction whether deliberately or not... and then captures and transmits data with outbound connection. In that case VM will be of no help... same with any virtualization software. An infected virtual session permits data theft.

That's why it is important to run AV and have outbound connect monitoring while running virtualized... VM or otherwise.
 

cLcL

Level 1
Verified
Jan 6, 2015
31
what i meant was with sandbox the malware/hacker can mess your real system easier than when using vm. atleast that's what i've read in that forum :D

then again, if a program (malware) is allowed to installed and run by the user, that user will allow outbound connection for that program too right? so i think it's better to user your av/malware, common sense and updated programs to prevent malware rather than using sandbox.

still cmiiw :)
 
H

hjlbx

what i meant was with sandbox the malware/hacker can mess your real system easier than when using vm. atleast that's what i've read in that forum :D

then again, if a program (malware) is allowed to installed and run by the user, that user will allow outbound connection for that program too right? so i think it's better to user your av/malware, common sense and updated programs to prevent malware rather than using sandbox.

still cmiiw :)

I agree.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its a different aspect of their concept, but since virtualization is really an effective way to prevent viruses attacks upon isolating, then Sandboxie as example of a program is already a full proof concept with minimal imperfections against vulnerabilities, caused even though its highly maintainable task but there's a confident in testing a program without worries and reset the data from sandbox without fuss.

The concept isn't easy due to the fact, program development (like Sandboxie) will undergone all software and hardware to be virtualized and a mistake from developing may cause serious risk of leakage of infection when not properly virtualized.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top