How to setup HitmanPro.Alert for Maximum Protection (Guide)

Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    1.jpg
  2. Next, in the Settings menu, select the "Advanced interface".
    2.jpg

    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    3.jpg
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination"
    5.jpg
    setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    4.jpg
  2. In the Risk reduction section, click on the "CryptoGuard"
    7.jpg
    setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    8.jpg

  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    BADUSB.jpg

  4. In the Risk reduction section, click on the "Block Untrusted Fonts"
    10.jpg
    setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    11.jpg

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
Reset.jpg

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
 
  • Like
Reactions: ItsReallyMe, Nevi, JM Safe and 23 others
H

hjlbx

Here is little-known fact about HMP.A...

Writes to C:\Windows\CryptoGuard should never be blocked. This is where HMP.A will place copied files in case of encryption; HMP.A recovers files from this directory.

See what @FleischmannTV says below...

Not really related to HMP.A settings - but instead just a useful factoid.
 
Last edited by a moderator:
  • Like
Reactions: Nevi, SHvFl, JB007 and 7 others
H

hjlbx

Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
 
  • Like
Reactions: ItsReallyMe, SHvFl, JB007 and 3 others
FleischmannTV

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
hjlbx said:
In AppGuard, exclude C:\Windows\CryptoGuard from User Space.
Click to expand...

C:\Windows\CryptoGuard is not in user space, so you cannot exclude this from user space. But since it is in system space, writes to this destination are blocked, which in the case of HMPA, we do not want. Hence it is should be set as an exception folder (read/write) in AppGuard. To stop malicious payloads from executing from this origination, C:\Windows\CryptoGuard should be included in user space launch protection.

You can add all W10 Apps to HMP.A mitigations.
Click to expand...

Maybe, though it's hardly necessary. My money is on that we won't see AppContainer app exploits against home users at all. You will only achieve false alerts from adding unnecessary apps manually to Alert's protection.

Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.
Click to expand...

Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
 
Last edited:
  • Like
Reactions: SHvFl, JB007, askmark and 4 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
hjlbx said:
Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
Click to expand...
how do you add an app to protections?
where is this template?
 
  • Like
Reactions: SHvFl, JB007 and _CyberGhosT_
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
FleischmannTV said:
Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
Click to expand...
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
 
Last edited:
  • Like
Reactions: SHvFl, JB007 and _CyberGhosT_
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
shmu26 said:
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
Click to expand...
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
 
  • Like
Reactions: JB007
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SHvFl said:
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
Click to expand...
I meant to say like this: I am on a beta version, after all, and maybe it simply doesn't protect the app at all, and that is why it works so well...
 
  • Like
Reactions: SHvFl and JB007
T

tomdy2k

Level 1
Jul 26, 2014
14
Jack said:
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    View attachment 101080
  2. Next, in the Settings menu, select the "Advanced interface".
    View attachment 101081
    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    View attachment 101083
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination" View attachment 101086 setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    View attachment 101087
  2. In the Risk reduction section, click on the "CryptoGuard" View attachment 101088 setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    View attachment 101089
  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    View attachment 101090
  4. In the Risk reduction section, click on the "Block Untrusted Fonts" View attachment 101091 setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    View attachment 101092

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
View attachment 101093

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
Click to expand...
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
 
  • Like
Reactions: _CyberGhosT_
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
tomdy2k said:
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
Click to expand...
Don't use Bitdefender IS. Most others should work. I have run it in combo with Kaspersky IS, Avast, Comodo firewall, and other security softs (not all at the same time, obviously!!).

I didn't understand the problem with Bullguard. EICAR is supposed to force a prompt from your AV. Why does that show there is a problem with HMPA?
 
  • Like
Reactions: _CyberGhosT_
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
tomdy2k said:
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
Click to expand...
In my experience I know EmsiSoft products will run alongside it nicely, as well as
MalwareBytes, F-Secure, and Windows Defender.
 
  • Like
Reactions: Sunshine-boy
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
tomdy2k said:
I wasnt sure why bullguard asked for permission every time..
Click to expand...
If it's just EICAR that makes trouble, don't worry about it. On the contrary, it's a sign that your AV is working right.
 

Similar threads

Brahman
    • Like
Guide | How To How to enable desktop priority notifications in new outlook App in windows 11 23H2
Replies
2
Views
1,047
Programming Guides & Questions
Marko :)
Marko :)
Gandalf_The_Grey
    • Like
    • Hundred Points
    • Applause
Top private web browsers and how to set them up for maximum protection: AdGuard guide
Replies
1
Views
605
AdGuard
enaph
enaph
lokamoka820
    • Like
    • Thanks
Hot Take Firefox’s New Tab Weather Widget: How to Try it Now
Replies
1
Views
377
Firefox
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top