How to setup HitmanPro.Alert for Maximum Protection (Guide)

Discussion in 'HitmanPro (Sophos)' started by Jack, May 18, 2016.

  1. Jack

    Jack Administrator
    Staff Member

    Jan 24, 2011
    8,653
    14,798
    Bucharest
    Windows 10
    Default-Deny
    Official Website:
    http://www.surfright.nl/en/alert
    Build version:
    HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

    To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
    1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
      1.jpg
    2. Next, in the Settings menu, select the "Advanced interface".
      2.jpg
      You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
      3.jpg
    Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
    1. In the Risk reduction section, click on the "Vaccination" 5.jpg setting, and then select "Active vaccination".
      Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
      4.jpg
    2. In the Risk reduction section, click on the "CryptoGuard" 7.jpg setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
      8.jpg
    3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
      BADUSB.jpg
    4. In the Risk reduction section, click on the "Block Untrusted Fonts" 10.jpg setting, and then click on "Enable (Recommended)".
      Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
      11.jpg

    That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
    Reset.jpg

    If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
     
    XhenEd, plat1098, kev216 and 20 others like this.
  2. Captain Awesome

    Captain Awesome Level 19

    May 7, 2016
    901
    7,054
    Student
    India
    Windows 10
    Emsisoft
  3. hjlbx

    hjlbx Guest

    Test template should never be used to protect an application; it is only to be applied to the HMP.A Exploit Test Utility.
     
    SHvFl, JB007, Cats-4_Owners-2 and 3 others like this.
  4. hjlbx

    hjlbx Guest

    #4 hjlbx, May 18, 2016
    Last edited by a moderator: May 18, 2016
    Here is little-known fact about HMP.A...

    Writes to C:\Windows\CryptoGuard should never be blocked. This is where HMP.A will place copied files in case of encryption; HMP.A recovers files from this directory.

    See what @FleischmannTV says below...

    Not really related to HMP.A settings - but instead just a useful factoid.
     
    SHvFl, JB007, askmark and 6 others like this.
  5. hjlbx

    hjlbx Guest

    Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

    If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
     
    SHvFl, JB007, Cats-4_Owners-2 and 2 others like this.
  6. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,155
    4,918
    Null Island
    Windows 10
    Default-Deny
    #6 pablozi, May 18, 2016
    Last edited by a moderator: May 19, 2016
    I always set to on option of showing live keystroke encryption.
    iOIQT89.png
     
    kev216, SHvFl, JB007 and 5 others like this.
  7. hjlbx

    hjlbx Guest

    You can add all W10 Apps to HMP.A mitigations.
     
    SHvFl, JB007 and Cats-4_Owners-2 like this.
  8. FleischmannTV

    FleischmannTV Level 7
    Trusted

    Jun 12, 2014
    316
    1,160
    Windows 10
    #8 FleischmannTV, May 18, 2016
    Last edited: May 18, 2016
    C:\Windows\CryptoGuard is not in user space, so you cannot exclude this from user space. But since it is in system space, writes to this destination are blocked, which in the case of HMPA, we do not want. Hence it is should be set as an exception folder (read/write) in AppGuard. To stop malicious payloads from executing from this origination, C:\Windows\CryptoGuard should be included in user space launch protection.

    Maybe, though it's hardly necessary. My money is on that we won't see AppContainer app exploits against home users at all. You will only achieve false alerts from adding unnecessary apps manually to Alert's protection.

    Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
     
    SHvFl, JB007, askmark and 4 others like this.
  9. Jack

    Jack Administrator
    Staff Member

    Jan 24, 2011
    8,653
    14,798
    Bucharest
    Windows 10
    Default-Deny
    #9 Jack, May 19, 2016
    Last edited: May 19, 2016
    Same here. While it's only a cosmetic change, it gives you a certain peace of mind to see that each key you press is encrypted.
     
    SHvFl, JB007, _CyberGhosT_ and 2 others like this.
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    how do you add an app to protections?
    where is this template?
     
    SHvFl, JB007 and _CyberGhosT_ like this.
  11. Duotone

    Duotone Level 9

    Mar 17, 2016
    407
    2,518
    GEODETIC ENGINEER
    Philippines
    Windows 7
    Default-Deny
    When you start an application, click the HMP.A icon > click Exploit mitigation(blue) > click running application, and add your application on the proper templates..
     
    SHvFl, JB007, _CyberGhosT_ and 2 others like this.
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    perfect!
     
    SHvFl and JB007 like this.
  13. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    #13 shmu26, Aug 29, 2016
    Last edited: Aug 29, 2016
    In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

    EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
    It worked. I don't know if this is good or bad...
    HMPA 3.5.1 build 553 beta
     
    SHvFl, JB007 and _CyberGhosT_ like this.
  14. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
     
    JB007 likes this.
  15. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    I meant to say like this: I am on a beta version, after all, and maybe it simply doesn't protect the app at all, and that is why it works so well...
     
    SHvFl and JB007 like this.
  16. tomdy2k

    tomdy2k Level 1

    Jul 26, 2014
    8
    6
    I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

    Any suggestion what I can run alongside it without interference?
     
    _CyberGhosT_ likes this.
  17. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Don't use Bitdefender IS. Most others should work. I have run it in combo with Kaspersky IS, Avast, Comodo firewall, and other security softs (not all at the same time, obviously!!).

    I didn't understand the problem with Bullguard. EICAR is supposed to force a prompt from your AV. Why does that show there is a problem with HMPA?
     
    _CyberGhosT_ likes this.
  18. tomdy2k

    tomdy2k Level 1

    Jul 26, 2014
    8
    6
    I wasnt sure why bullguard asked for permission every time..
     
    shmu26 likes this.
  19. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,489
    Retired
    Central US
    Linux Mint
    Default-Deny
    In my experience I know EmsiSoft products will run alongside it nicely, as well as
    MalwareBytes, F-Secure, and Windows Defender.
     
    Sunshine-boy likes this.
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    If it's just EICAR that makes trouble, don't worry about it. On the contrary, it's a sign that your AV is working right.
     
Loading...
Similar Threads Forum Date
SECURE 2018 pablozi light security setup PC Security Configuration Jan 1, 2018
Android TrinitronMSDOS's Mobile Security Setup Mobile Security Configuration Dec 27, 2017
How to setup windows to save files, folders, and office documents previous versions¨? Office and Communications Dec 22, 2017