FrFc1908

Level 19
Hey FrFc1908, I'm in charge of the operation of Huorong Internet Security. I noticed that you're encountering the issue constantly when trying to perform scans with HIS. Sorry about noticing this thread this late.

Would you mind providing the following information for us in order to try locating the issue please?

1. The OS version information.
2. The basic environment information, like CPU, memory, etc.
3. Does the environment has any 3rd party security software installed alongside with Huorong?
4. Check if there's any dump files in Huorong components folder (should be %programfiles%\Huorong\Sysdiag\bin\*.dmp for a default installation).
5. The screenshot when the hang occurs.
6. Notice if Hipsdaemon.exe still alive when the hang occurs. If yes, please checkout it's CPU usage (this will give us some clue that the scan is actually running or not).

Look forward to hearing from you.
Thanks for you feedback. Have a good one :).
Hi thanks tot your answer , but I am sorry to say that I do not use huorong anymore , I now have qihoo 360 ts running. But when I had huorong running I did run of all gsidw wisevector. I have the latest Windows 10 x64 , Intel core i5 4th gen , 4gb ram and Intel pro ssd
 

vardyh

New Member
Hi thanks tot your answer , but I am sorry to say that I do not use huorong anymore , I now have qihoo 360 ts running. But when I had huorong running I did run of all gsidw wisevector. I have the latest Windows 10 x64 , Intel core i5 4th gen , 4gb ram and Intel pro ssd
It's OK man, thanks anyway :). I'll let my team try to reproduce the issue, and I'll let you know if we're able to locate the cause.
Should you have any further questions regarding Huorong, please feel free to let me know.
Have a nice one!
 

Jerry.Lin

Level 1
Verified
Share the hips rules I wrote

AntiAttackRules 4.04
Block and intercept malicious behaviors in 4 part:
ExploitBehaviorBlock: Detect and Block common exploits using MSOffice.
TrojanBehaviorBlock: Detect and Block trojan behaviors, such as loading from suspicious locations.
RansomBehaviorBlock: Detect and Block encrypting behavior
SysProcessAbuseBehaviorBlock: Detect and Block malicious use of system process/file, such as fileless attack.

Rules Name:
[Recommend Action]ProtectionName.Pattern.Number
ex. [TERMINATE]RansomBehavior.A.00

Tips when import:
1. remember to import verdict cache rules(auto) in advanced->custom rules->verdict cache, otherwise there will be a lot of pop up.
2. remember to turn on the button of custom rules in Protection Center.


Test Demo:
1. MaMo434376 Ransomware
Code:
Process: C:\Users\shadow_test\Desktop\2019-12-08 071815.exe
Command line: "C:\Users\shadow_test\Desktop\2019-12-08 071815.exe"
Detection: [TERMINATE]RansomBehavior.A.00
Target: [Create] C:\Users\shadow_test\Documents\RM_Q&A (1).docx.MaMo434376
Result: Terminate
2. CVE-2017-8570
Code:
Process: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Command line: "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\shadow_test\Desktop\255ceceb040c1c47fe9c03b20c9e1563.DOC"
Detection: [DENY]ExploitBehavior.A.02
Target: [Execute] C:\Windows\SysWOW64\rEGsVr32.exE
Result: Blocked
3. FTCode Ransomware
Code:
Process: C:\Users\shadow_test\Desktop\新建文件夹\2019-12-09 143534.vbs
Command line: "C:\Windows\System32\WScript.exe" "C:\Users\shadow_test\Desktop\新建文件夹\2019-12-09 143534.vbs"
Detection: [TERMINATE]SysProcessAbuseBehavior.B.00
Target: [Execute] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Result: Terminate
4. NjRat
Code:
Process: C:\Users\shadow_test\Desktop\2019-12-14 023041.vbs
Command line: "C:\Windows\System32\WScript.exe" "C:\Users\shadow_test\Desktop\2019-12-14 023041.vbs"
Detection: [TERMINATE]TrojanBehavior.B.01
Target: [Write] HKEY_USERS\S-1-5-21-3031392358-1812384500-2242827858-1001\Software\Microsoft\Windows\CurrentVersion\Run\r.vbs
Result: Terminate
Annotation 2019-12-14 185801.jpgAnnotation 2019-12-14 191746.jpgAnnotation 2019-12-14 191215.jpgAnnotation 2019-12-14 190319.jpgAnnotation 2019-12-14 190147.jpg
 
Last edited:

Jerry.Lin

Level 1
Verified
Release Note 5.0.34.0 (12/17/19)
Dear Tinder users,


Hello! Thank you all for using Tinder Security Software 5.0.

Here are today's updates:

New requirements:
1. [Import / Export window] Add directory tree, add history path list, support paste path.


Program optimization:
1. Optimize IP blacklist and IP protocol control security logging.


Program defect repair:
1. Fixed the problem that the function of "Automatic shutdown after completion of repair" fails when the bug fix is repaired in the background.
2. Fixed the issue that the number of shortcut items displayed in the garbage cleanup is incorrect.
3. Fixed the issue where the main interface of Tinder and the tray version number and the date of the virus database were not refreshed.
4. Fixed the problem that the traditional interface description of the process of ending the traffic monitoring is incorrect.
5. Fixed the problem that "Add failed" is not displayed when adding files to the root directory of the file shred.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
December 17, 2019
 

Jerry.Lin

Level 1
Verified
Release Note for 5.0.35.0 (01/02/20)
Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimize the content described in startup item management.

Program defect repair:
1. Fixed the problem that the names of some functions in the protection center are displayed incorrectly in the security log.
2. Fixed the problem that the IP rule that the IP protocol control input invalid format can still be saved successfully.
3. Fixed an issue where the selection process by keyword search would cause the settings interface to crash when adding rules to network control.
4. Fixed the problem that after deleting the startup item in the startup item management, the startup item management would be restored after reopening the startup item management.
5. Fixed the problem of killing shared files when the "Backup to quarantine area during virus removal" is turned on, but failed, the virus files are backed up to the quarantine area.
6. Fixed the problem that the desktop shortcut to modify the Hosts file is not run as the default administrator, which results in that the Hosts file cannot be saved directly after modification.
7. Fixed the problem that when multiple U disks are inserted, click the eject button of the U disk floating frame. After the first U disk is ejected, the other U disk eject buttons are grayed out and cannot be used. You need to restart the Tinder client to use it.

With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
January 2, 2020
 

Jerry.Lin

Level 1
Verified
Release Note for 5.0.36.0 (01/14/20)
Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimized popup interception library.

Program defect repair:
1. Fixed the problem that there is no popup window of [Export Complete] after exporting all the rules of Tinder.
2. Fixed the bug that the pop-up window interception-window record interface position text display error (when the language is traditional).
3. Fixed the problem that when popup window pops up, it will capture the focus of the current window and affect the operation of the current window.
4. Fixed an issue where two rules appeared when custom rules blocked the same popup.
5. Fixed the problem of quarantine failure of shared files after real-time file monitoring and virus reporting.
6. Fixed the issue that pop-up window will pop up periodically when custom scan is not processed for a long time.
7. Fixed the problem that the copyright information location is not updated.

With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
January 14, 2020