How to setup HitmanPro.Alert for Maximum Protection (Guide)

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    1.jpg
  2. Next, in the Settings menu, select the "Advanced interface".
    2.jpg

    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    3.jpg
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination"
    5.jpg
    setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    4.jpg
  2. In the Risk reduction section, click on the "CryptoGuard"
    7.jpg
    setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    8.jpg

  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    BADUSB.jpg

  4. In the Risk reduction section, click on the "Block Untrusted Fonts"
    10.jpg
    setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    11.jpg

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
Reset.jpg

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
 
H

hjlbx

Here is little-known fact about HMP.A...

Writes to C:\Windows\CryptoGuard should never be blocked. This is where HMP.A will place copied files in case of encryption; HMP.A recovers files from this directory.

See what @FleischmannTV says below...

Not really related to HMP.A settings - but instead just a useful factoid.
 
Last edited by a moderator:
H

hjlbx

Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
 

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
In AppGuard, exclude C:\Windows\CryptoGuard from User Space.

C:\Windows\CryptoGuard is not in user space, so you cannot exclude this from user space. But since it is in system space, writes to this destination are blocked, which in the case of HMPA, we do not want. Hence it is should be set as an exception folder (read/write) in AppGuard. To stop malicious payloads from executing from this origination, C:\Windows\CryptoGuard should be included in user space launch protection.

You can add all W10 Apps to HMP.A mitigations.

Maybe, though it's hardly necessary. My money is on that we won't see AppContainer app exploits against home users at all. You will only achieve false alerts from adding unnecessary apps manually to Alert's protection.

Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Archivers - such as 7Zip, PeaZip, WinRAR, etc - should be added to HMP.A protections. Use template "Other" and disable Application Lockdown.

If you don't disable Application Lockdown, then when you attempt to execute an extracted file it will be blocked by HMP.A.
how do you add an app to protections?
where is this template?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Though lockdown would be the only mitigation that would offer any protection regarding these programs. Memory corruption is not a thing here AFAIK.
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
 
Last edited:

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
In the present version of HMPA, for the archivers, you can leave lockdown enabled, and just disable control-flow integrity. I learned this trick from hjlbx, if I remember right...

EDIT: I just tried extracting a compressed file with winrar, with ALL mitigations enabled.
It worked. I don't know if this is good or bad...
HMPA 3.5.1 build 553 beta
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
 
  • Like
Reactions: JB007

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Why would you want it not to work. If that was the case i would call it a flaw in the program. The less issues a product creates while protecting you the better. No?
I meant to say like this: I am on a beta version, after all, and maybe it simply doesn't protect the app at all, and that is why it works so well...
 
  • Like
Reactions: SHvFl and JB007

tomdy2k

Level 1
Jul 26, 2014
14
HitmanPro.Alert offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by HitmanPro.Alert.

To start, we will need to change the user interface from the "Standard Interface" to the "Advanced Interface".
  1. Open the "Settings" menu by clicking on the gear icon in the top right corner.
    View attachment 101080
  2. Next, in the Settings menu, select the "Advanced interface".
    View attachment 101081
    You will notice that HitmanPro.Alert is have a different layout, which will allow us to tweak this product settings.
    View attachment 101083
Now, lets configure HitmanPro.Alert to offer the maximum level of protection:
  1. In the Risk reduction section, click on the "Vaccination" View attachment 101086 setting, and then select "Active vaccination".
    Vaccination - Disguises the computer as that of a virus researcher, making sandbox-aware malware self-terminate.
    View attachment 101087
  2. In the Risk reduction section, click on the "CryptoGuard" View attachment 101088 setting, and then check the "Windows File Sharing (SMB)/Protect shared folders".
    View attachment 101089
  3. In the Risk reduction section, click on the "BADUSB" setting, and then click on "Enable (Recommended)".
    View attachment 101090
  4. In the Risk reduction section, click on the "Block Untrusted Fonts" View attachment 101091 setting, and then click on "Enable (Recommended)".
    Block untrusted fonts - Stops elevation of privilege (EOP) attacks via untrusted fonts. Windows 10 only.
    View attachment 101092

That's it. If at any point you wish to revert to the default HitmanPro.Alert settings, open the "Settings" menu by clicking on the gear icon in the top right corner. Next, click on "Reset settings" button.
View attachment 101093

If you know other settings which will increase the level of security offered by HitmanPro.Alert, please post them in this thread.
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
 
  • Like
Reactions: _CyberGhosT_

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
Don't use Bitdefender IS. Most others should work. I have run it in combo with Kaspersky IS, Avast, Comodo firewall, and other security softs (not all at the same time, obviously!!).

I didn't understand the problem with Bullguard. EICAR is supposed to force a prompt from your AV. Why does that show there is a problem with HMPA?
 
  • Like
Reactions: _CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I'm wondering what av runs best alongside Hitman Pro Alert....Hell I bought Bullguard Is and it asked for permission to let Hitman Pro Alert access the internet when I tried to download theEICAR test file even though I put allow in Firewall rules so I dumped Bullguard.

Any suggestion what I can run alongside it without interference?
In my experience I know EmsiSoft products will run alongside it nicely, as well as
MalwareBytes, F-Secure, and Windows Defender.
 
  • Like
Reactions: Sunshine-boy

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I wasnt sure why bullguard asked for permission every time..
If it's just EICAR that makes trouble, don't worry about it. On the contrary, it's a sign that your AV is working right.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top