New Update Huorong Internet Security (Updates)

[FrFc1908]

Hey FrFc1908, I'm in charge of the operation of Huorong Internet Security. I noticed that you're encountering the issue constantly when trying to perform scans with HIS. Sorry about noticing this thread this late.

Would you mind providing the following information for us in order to try locating the issue please?

1. The OS version information.
2. The basic environment information, like CPU, memory, etc.
3. Does the environment has any 3rd party security software installed alongside with Huorong?
4. Check if there's any dump files in Huorong components folder (should be %programfiles%\Huorong\Sysdiag\bin\*.dmp for a default installation).
5. The screenshot when the hang occurs.
6. Notice if Hipsdaemon.exe still alive when the hang occurs. If yes, please checkout it's CPU usage (this will give us some clue that the scan is actually running or not).

Look forward to hearing from you.
Thanks for you feedback. Have a good one .

Hi thanks tot your answer , but I am sorry to say that I do not use huorong anymore , I now have qihoo 360 ts running. But when I had huorong running I did run of all gsidw wisevector. I have the latest win 10 x64 , Intel core i5 4th gen , 4gb ram and Intel pro ssd

 

[vardyh]

Hi thanks tot your answer , but I am sorry to say that I do not use huorong anymore , I now have qihoo 360 ts running. But when I had huorong running I did run of all gsidw wisevector. I have the latest Windows 10 x64 , Intel core i5 4th gen , 4gb ram and Intel pro ssd

It's OK man, thanks anyway . I'll let my team try to reproduce the issue, and I'll let you know if we're able to locate the cause.
Should you have any further questions regarding Huorong, please feel free to let me know.
Have a nice one!

 

[harlan4096]

Hum... thinking soon to give a try to Huorong IS

 

[Jerry.Lin]

Share the hips rules I wrote

MEGA

MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now

mega.nz

AntiAttackRules 4.04
Block and intercept malicious behaviors in 4 part:
ExploitBehaviorBlock: Detect and Block common exploits using MSOffice.
TrojanBehaviorBlock: Detect and Block trojan behaviors, such as loading from suspicious locations.
RansomBehaviorBlock: Detect and Block encrypting behavior
SysProcessAbuseBehaviorBlock: Detect and Block malicious use of system process/file, such as fileless attack.

Rules Name:
[Recommend Action]ProtectionName.Pattern.Number
ex. [TERMINATE]RansomBehavior.A.00

Tips when import:
1. remember to import verdict cache rules(auto) in advanced->custom rules->verdict cache, otherwise there will be a lot of pop up.
2. remember to turn on the button of custom rules in Protection Center.


Test Demo:
1. MaMo434376 Ransomware

VirusTotal

VirusTotal

www.virustotal.com

Process: C:\Users\shadow_test\Desktop\2019-12-08 071815.exe
Command line: "C:\Users\shadow_test\Desktop\2019-12-08 071815.exe"
Detection: [TERMINATE]RansomBehavior.A.00
Target: [Create] C:\Users\shadow_test\Documents\RM_Q&A (1).docx.MaMo434376
Result: Terminate

2. CVE-2017-8570

VirusTotal

VirusTotal

www.virustotal.com

Process: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Command line: "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\shadow_test\Desktop\255ceceb040c1c47fe9c03b20c9e1563.DOC"
Detection: [DENY]ExploitBehavior.A.02
Target: [Execute] C:\Windows\SysWOW64\rEGsVr32.exE
Result: Blocked

3. FTCode Ransomware

VirusTotal

VirusTotal

www.virustotal.com

Process: C:\Users\shadow_test\Desktop\新建文件夹\2019-12-09 143534.vbs
Command line: "C:\Windows\System32\WScript.exe" "C:\Users\shadow_test\Desktop\新建文件夹\2019-12-09 143534.vbs"
Detection: [TERMINATE]SysProcessAbuseBehavior.B.00
Target: [Execute] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Result: Terminate

4. NjRat

VirusTotal

VirusTotal

www.virustotal.com

Process: C:\Users\shadow_test\Desktop\2019-12-14 023041.vbs
Command line: "C:\Windows\System32\WScript.exe" "C:\Users\shadow_test\Desktop\2019-12-14 023041.vbs"
Detection: [TERMINATE]TrojanBehavior.B.01
Target: [Write] HKEY_USERS\S-1-5-21-3031392358-1812384500-2242827858-1001\Software\Microsoft\Windows\CurrentVersion\Run\r.vbs
Result: Terminate

 

[Jerry.Lin]

Release Note 5.0.34.0 (12/17/19)

5.0.34.0版本升级公告【12月17日】 - 火绒产品公告 - 火绒安全软件

5.0.34.0版本升级公告【12月17日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,


Hello! Thank you all for using Tinder Security Software 5.0.

Here are today's updates:

New requirements:
1. [Import / Export window] Add directory tree, add history path list, support paste path.


Program optimization:
1. Optimize IP blacklist and IP protocol control security logging.


Program defect repair:
1. Fixed the problem that the function of "Automatic shutdown after completion of repair" fails when the bug fix is repaired in the background.
2. Fixed the issue that the number of shortcut items displayed in the garbage cleanup is incorrect.
3. Fixed the issue where the main interface of Tinder and the tray version number and the date of the virus database were not refreshed.
4. Fixed the problem that the traditional interface description of the process of ending the traffic monitoring is incorrect.
5. Fixed the problem that "Add failed" is not displayed when adding files to the root directory of the file shred.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
December 17, 2019

 

[Nagisa]

Huge praises to the developers. I liked this software so much. It's so configurable, useful, simple and light. Even though its signatures weak, It's better than none.

 

[Jerry.Lin]

Official Website was upgraded.
Main Site: 火绒安全
Personal Version 5.0 : 个人版5.0
Enterprise Version 1.0: 企业产品
Technology Whitepaper: 理念技术
Security Report: 最新资讯

 

[Jerry.Lin]

Release Note for 5.0.35.0 (01/02/20)

5.0.35.0版本升级公告【1月2日】 - 火绒产品公告 - 火绒安全软件

5.0.35.0版本升级公告【1月2日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimize the content described in startup item management.

Program defect repair:
1. Fixed the problem that the names of some functions in the protection center are displayed incorrectly in the security log.
2. Fixed the problem that the IP rule that the IP protocol control input invalid format can still be saved successfully.
3. Fixed an issue where the selection process by keyword search would cause the settings interface to crash when adding rules to network control.
4. Fixed the problem that after deleting the startup item in the startup item management, the startup item management would be restored after reopening the startup item management.
5. Fixed the problem of killing shared files when the "Backup to quarantine area during virus removal" is turned on, but failed, the virus files are backed up to the quarantine area.
6. Fixed the problem that the desktop shortcut to modify the Hosts file is not run as the default administrator, which results in that the Hosts file cannot be saved directly after modification.
7. Fixed the problem that when multiple U disks are inserted, click the eject button of the U disk floating frame. After the first U disk is ejected, the other U disk eject buttons are grayed out and cannot be used. You need to restart the Tinder client to use it.

With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
January 2, 2020

 

[Jerry.Lin]

Release Note for 5.0.36.0 (01/14/20)

5.0.36.0版本升级公告【1月14日】 - 火绒产品公告 - 火绒安全软件

5.0.36.0版本升级公告【1月14日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimized popup interception library.

Program defect repair:
1. Fixed the problem that there is no popup window of [Export Complete] after exporting all the rules of Tinder.
2. Fixed the bug that the pop-up window interception-window record interface position text display error (when the language is traditional).
3. Fixed the problem that when popup window pops up, it will capture the focus of the current window and affect the operation of the current window.
4. Fixed an issue where two rules appeared when custom rules blocked the same popup.
5. Fixed the problem of quarantine failure of shared files after real-time file monitoring and virus reporting.
6. Fixed the issue that pop-up window will pop up periodically when custom scan is not processed for a long time.
7. Fixed the problem that the copyright information location is not updated.

With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
January 14, 2020

 

[Jerry.Lin]

Release Note for 5.0.37.0 (02/11/20)

5.0.37.0版本升级公告【2月11日】 - 火绒产品公告 - 火绒安全软件

5.0.37.0版本升级公告【2月11日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:


Program optimization:
1. Optimize the add rule page under the control of IP protocol.
2. Optimized Tinder language switching interface.


Program defect repair:
1. Fixed the problem that the script written by the user would violate the rules of system immunity when running.
2. Fixed an issue where the system repair scans to repairable items and ignores them after restarting the computer
3. Fixed the problem that the system UAC was turned on under the network mapping disk, and hipsmain.exe was run as an administrator to recover the file of the network mapping disk in the quarantine area.
4. Fixed the problem that the USB disk tray program quits automatically when switching languages.
5. Fixed the issue that system restore did not close after using the bug fix.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
February 11, 2020

 

[Jerry.Lin]

Release Note for 5.0.38.0 (02/25/20)

5.0.38.0版本升级公告【2月25日】 - 火绒产品公告 - 火绒安全软件

5.0.38.0版本升级公告【2月25日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimized popup interception library.
2. Optimized Tinder English interface.


Program defect repair:
1. Fixed the problem that there is no "promise" software in right-click management.
2. Fixed the problem that Acronis True Image's right-click menu items are not seen in right-click management.
3. Fixed the problem that the right-click management of the file is missing the Symantec-Symantec Encryption Desktop item.
4. Fixed the issue that the log file size did not change after the security log was cleaned up.
5. Fixed the issue that the floating window of the latest version of firefox full-view video streaming will not be hidden automatically.
6. Fixed the problem that the garbage cleanup service would incorrectly clean up the dandelion VPN service, making the software unusable.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
February 25, 2020

 

[blueblackwow65]

Hi how does this compare with wisevector?

 

[roger_m]

Hi how does this compare with wisevector?

ViseVector is significantly better and has consistently being doing exceptionally well when tested against recent malware in the Malware Hub here. Huorong on the other hand has terrible detection rates. The only good thing in my opinion, is that you can add custom HIPS rules to increase its behavioural detection.

 

[harlan4096]

Where can I send undetected malware threats to Hourong?

 

[Jerry.Lin]

Where can I send undetected malware threats to Hourong?

关于【病毒样本上报】途径说明 - 火绒产品公告 - 火绒安全软件

关于【病毒样本上报】途径说明 ,火绒安全软件

bbs.huorong.cn

Just send to seclab@huorong.cn

 

[Jerry.Lin]

Release Note for 5.0.39.0 (03/11/20)

5.0.39.0版本升级公告【3月11日】 - 火绒产品公告 - 火绒安全软件

5.0.39.0版本升级公告【3月11日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0. Download address: Click to download

Here are today's updates:

Program optimization:
1. Optimized popup interception library.
2. Optimize the missing scan rule base.
3. Optimize the garbage cleaning logic.
4. Optimize the translation and description of the velvet interface.

Program defect repair:
1. Fixed the issue that download protection does not support EagleGet.
2. Fixed the problem that custom protection-registry rule key interception was unsuccessful.
3. Fixed the problem that garbled characters will be displayed when the quarantine file does not exist.
4. Fixed the problem that custom protection-registry rule value interception was unsuccessful.
5. Fixed the problem that files can be copied to the Tinder installation directory through soft links.
6. Fixed the problem that file shredding and smashing soft links will also delete the linked files.
7. Fixed the problem that custom rules did not prevent external actions on shared folders.
8. Fixed the problem that subst and move commands can be used to replace files that are not running in the velvet installation directory.
9. Fixed the problem that the "Unoccupy" icon in the "Use Tinder Safely Shred Files" column in the context menu of XP under the XP system is missing.
10. Fixed the problem that if you open any interface and click the back to desktop button after installing upupoo, Tinder will enter Do Not Disturb mode.
11. Fixed the problem that files in the shared directory can be copied or cut to the velvet installation directory by sharing files.
12. Fixed the problem that the pop-up blocker in the XP environment would not be able to uncheck the "Automatic startup" setting (and the pop-up blocker task does not exist).
13. Fixed an issue where Process lasso could not create a startup item when there was Tinder under windows xp professional x64 Editiaon environment.

Thanks to Kafan user kfne12 for fixing the following bugs:
1. Fixed the problem that any file can be copied into the installation directory of Tinder through the shared directory.
2. Fixed the problem that the use of the quarantine extraction permission can replace the malicious dll to the tinder directory to achieve the purpose of hijacking.
3. Fixed the problem that other non-tinder dll files can replace the tinder dll files to elevate rights through hard links.
4. Fixed the problem that if the velvet isolated file is not the same file as the virus file, it needs to be checked.
5. Fixed the problem that after the drivers directory is mapped to a new drive letter with subst under the standard account, file shredding can shred the velvet driver file.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
March 11, 2020

 

[I3rYcE]

关于【病毒样本上报】途径说明 - 火绒产品公告 - 火绒安全软件

关于【病毒样本上报】途径说明 ,火绒安全软件

bbs.huorong.cn

Just send to seclab@huorong.cn

Do we get any response about the result?

 

[harlan4096]

For every email with undetected samples I sent them, get this:

 

[roger_m]

For every email with undetected samples I sent them, get this:

View attachment 234712

Which says that the samples will be detected in the next version.

 

[Jerry.Lin]

Release Note for 5.0.40.0 (03/18/20)

5.0.40.0版本升级公告【3月18日】 - 火绒产品公告 - 火绒安全软件

5.0.40.0版本升级公告【3月18日】 ,火绒安全软件

bbs.huorong.cn

Dear Tinder users,

Hello! Thank you all for using Tinder Security Software 5.0.


Here are today's updates:
CVE-2020-0796 vulnerability interception is supported.


With your help, Tinder is improving every day, thank you for your support!
Tinder Operation Team
March 18, 2020