How to setup HitmanPro.Alert for Maximum Protection (Guide)

Jack

Administrator
MalwareTips Staff
Verified
Joined
Jan 24, 2011
Messages
8,749
OS
Windows 10
Antivirus
Default-Deny
#1
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    1.jpg
  2. Next, in the Settings menu, select the "Advanced interface".
    2.jpg

    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    3.jpg
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination"
    5.jpg
    setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    4.jpg
  2. In the Risk reduction section, click on the "CryptoGuard"
    7.jpg
    setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    8.jpg

  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    BADUSB.jpg

  4. In the Risk reduction section, click on the "Block Untrusted Fonts"
    10.jpg
    setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    11.jpg

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
Reset.jpg

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
 
H

hjlbx

Guest
#4
Here is little-known fact about HMP.A...

Writes to C:\Windows\CryptoGuard should never be blocked. This is where HMP.A will place copied files in case of encryption; HMP.A recovers files from this directory.

See what @FleischmannTV says below...

Not really related to HMP.A settings - but instead just a useful factoid.
 
Last edited by a moderator:
H

hjlbx

Guest
#5
Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
 

FleischmannTV

Level 7
Verified
Joined
Jun 12, 2014
Messages
319
OS
Windows 10
#8
In AppGuard, exclude C:\Windows\CryptoGuard from User Space.
C:\Windows\CryptoGuard is not in user space, so you cannot exclude this from user space. But since it is in system space, writes to this destination are blocked, which in the case of HMPA, we do not want. Hence it is should be set as an exception folder (read/write) in AppGuard. To stop malicious payloads from executing from this origination, C:\Windows\CryptoGuard should be included in user space launch protection.

You can add all W10 Apps to HMP.A mitigations.
Maybe, though it's hardly necessary. My money is on that we won't see AppContainer app exploits against home users at all. You will only achieve false alerts from adding unnecessary apps manually to Alert's protection.

Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.
Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
 
Last edited:

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,636
OS
Windows 10
#10
Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
how do you add an app to protections?
where is this template?
 

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,636
OS
Windows 10
#13
Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
 
Last edited:

SHvFl

Level 34
Content Creator
Verified
Joined
Nov 19, 2014
Messages
2,311
OS
Windows 10
Antivirus
Emsisoft
#14
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
 
Likes: JB007

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,636
OS
Windows 10
#15
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
I meant to say like this: I am on a beta version, after all, and maybe it simply doesn't protect the app at all, and that is why it works so well...
 
Joined
Jul 26, 2014
Messages
12
#16
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    View attachment 101080
  2. Next, in the Settings menu, select the "Advanced interface".
    View attachment 101081
    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    View attachment 101083
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination" View attachment 101086 setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    View attachment 101087
  2. In the Risk reduction section, click on the "CryptoGuard" View attachment 101088 setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    View attachment 101089
  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    View attachment 101090
  4. In the Risk reduction section, click on the "Block Untrusted Fonts" View attachment 101091 setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    View attachment 101092

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
View attachment 101093

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
 
Likes: _CyberGhosT_

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,636
OS
Windows 10
#17
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
Don't use Bitdefender IS. Most others should work. I have run it in combo with Kaspersky IS, Avast, Comodo firewall, and other security softs (not all at the same time, obviously!!).

I didn't understand the problem with Bullguard. EICAR is supposed to force a prompt from your AV. Why does that show there is a problem with HMPA?
 
Likes: _CyberGhosT_

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#19
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
In my experience I know EmsiSoft products will run alongside it nicely, as well as
MalwareBytes, F-Secure, and Windows Defender.
 
Likes: Sunshine-boy

shmu26

Level 67
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,636
OS
Windows 10
#20
I wasnt sure why bullguard asked for permission every time..
If it's just EICAR that makes trouble, don't worry about it. On the contrary, it's a sign that your AV is working right.
 

Similar Threads

Similar Threads