Question Is there value/benefit in using HitmanPro.Alert?

[ryanh]

If I already use a solution like Bitdefender Total Security, is there an added advantage of using HitmanPro.Alert?

If yes, what additional benefits/features does it have over products like Bitdefender? For example, does it have broader coverage as it's using multiple databases/sources?

If not, is the only real value of HitmanPro as a second opinion scanner as well as removing missed malware?

And in either case, how effective is it against known and unknown threats?

 

[Zero Knowledge]

No. No benefit in using it with BD. BD is enough. That's the short answer. Long answer is that HMPAlert started off good with the Lowman brothers driving development but ever since it's been sold to Sophos it's stagnated at least the desktop version has in my opinion. Mobile/Enterprise is different, but I've never used it on those platforms. I've had a license for a few years in the past and to be honest it didn't do much or catch much that's why I ditched it, in the end it was a waste of money and I never renewed because I never saw any benefits except for false positives.

 

[Shadowra]

Useless with Bitdefender

 

[Trident]

You shouldn’t be running multiple security products (the HMPA counts as such) as you risk getting reduced performance, reduced protection and system instability. Bitdefender has already provided all the modules and technologies you need.

If you are looking to add value to your setup, I suggest you explore @Andy Ful tools, specifically the Hard_Configurator which can assist Bitdefender in closing some “holes” malware writers use.

Edit:
I didn’t find Hitman Pro highly effective in cleaning infected systems in my recent encounters with it. You may wanna just leave it and focus your attention on Norton Power Eraser, which is a small, definition-less tool and Kaspersky Virus Removal Tool, which provides memory/fileless scanning as well and has very high detection rate.

 

[ryanh]

Useless with Bitdefender

Useless in that Bitdefender has the same or more features than HitmanPro.Alert or that HitmanPro.Alert performs poorly or both?

No. No benefit in using it with BD. BD is enough. That's the short answer. Long answer is that HMPAlert started off good with the Lowman brothers driving development but ever since it's been sold to Sophos it's stagnated at least the desktop version has in my opinion. Mobile/Enterprise is different, but I've never used it on those platforms. I've had a license for a few years in the past and to be honest it didn't do much or catch much that's why I ditched it, in the end it was a waste of money and I never renewed because I never saw any benefits except for false positives.

Thanks. That's useful to know. Has feature development stagnated or has its capabilities diminished? For example, it doesn't have all the features that Bitdefender may have but in on-par from a detection and protection standpoint?

 

[Trident]

Thanks. That's useful to know. Has feature development stagnated or has its capabilities diminished? For example, it doesn't have all the features that Bitdefender may have but in on-par from a detection and protection standpoint?

HMPA is not on par with Bitdefender in any way. HMPA also known as Sophos InterceptX constitutes for behavioural blocking/attack interception in Sophos products. Whilst you can’t say it is mediocre and doesn’t do the job, Bitdefender’s behavioural blocking and machine learning have been developed to a slightly higher standard and are more effective. You don’t need 2 guys doing the same.

Other than behavioural blocking, attack interception and malware “immunisation” via adding malware artefacts that “fool” them you are already infected, it features malware scanner which is now kinda obsolete, as it doesn’t scan the memory contents, it just gets the modules path and scans them on disk (unlike Bitdefender and Kaspersky). Such scanning doesn’t work against fileless attacks.

You can compare Sophos Home with Bitdefender but not HMPA.

Sophos Home | Cybersecurity for Home Users

The same malware that attacks Fortune 500 companies attacks private users, too. Sophos Home uses the same award-winning security features that keep those companies safe.

home.sophos.com

 

[Ink]

I would instead consider tweaking Bitdefender to increase its default security, harden the OS user accounts and browser to prevent unauthorised software from accidentally bypassing your defences.

If you want, you can share your current security set-up at PC Setup Configuration Help & Showcase

 

[Shadowra]

Useless in that Bitdefender has the same or more features than HitmanPro.Alert or that HitmanPro.Alert performs poorly or both?

You have the same with Bitdefender, only better.
And you shouldn't armor your computer with shields that do the same, too much protection kills protection.
A good Bitdefender and a scan from time to time with Malwarebytes Free and Norton Power Eraser will suffice.

 

[ForgottenSeer 97327]

Thanks. That's useful to know. Has feature development stagnated or has its capabilities diminished? For example, it doesn't have all the features that Bitdefender may have but in on-par from a detection and protection standpoint?

The first HitmanPro.alert came out just before the release of Windows 7. Vista had introduced different integrity levels and UAC, but Vista was not a market succes. The introduction of Windows7 made it harder for malware to gain admin rights and/or survice re-boot because of the extra integrity levels and UAC.

Creative as malware writers are, they started to use bugs in software to elavate rights. because of the low market success of Vista and the high succes of Windows 7, a lot of software was hastily update to comply with the (new) integrity levels. So there were a lot of bugs to misuse by malware writers.

HMPAlert was a behavioral blocker which looked specifically at the weakspots of often abused programs (contrary to earlier behavioral blockers like Mamutu or Mumato who looked at suspicious patterns of all programs). This made them as useful and succesful like having an extra body guard and a rapid response team assiting your AV. When a new intrusion method was discovered, the guys from HMPA coded a catcher/interceptor for it. HPMAlert's block rate agianst new intrusion methods was also much higher than traditional AV's.

This focussed approach of HPMA turned out also very powerful for staged attacks. Staged attacks are succesful because they make a series of minor or low profile intrusions (enough to be not detected by behavioral mechanism of the AV's). The third wave on which HMPAlert surfed was the outbreak of ransomware (which often used LOLbins and vulnabilities in staged attacks).

So the answer your question: NO HMPAlert has not become weaker, the operating system itself has got a lot of mechanisms to prevent/protect against exploits and the premium AV's developed Behavioral Monitors in combination with Machine Learning/Artificial Intelligence and Reputation (origin) validation mechanisms, which kind of makes the added value questionable when you use a paid premium paid Antivirus like Bitdefender, (but I would certainly also mention Kaspersky with systemwatcher and F-secure with deepguard)

 

[Zero Knowledge]

So the answer your question: NO HMPAlert has not become weaker,

Maybe not weaker per say but it's kind of irrelevant now, even tests done here show that. The security industry has moved on to NDR, A.I., ML & Whitelisting. HMPAlert had it's time but is now just a blip. People pay for VoodooSheild, AppGuard or AV/AM or use H_C but there is not much else worth buying in the consumer/home market.at the moment.

 

[ForgottenSeer 97327]

Maybe not weaker per say but it's kind of irrelevant now, even tests done here show that. The security industry has moved on to NDR, A.I., ML & Whitelisting. HMPAlert had it's time but is now just a blip. People pay for VoodooSheild, AppGuard or AV/AM or use H_C but there is not much else worth buying in the consumer/home market.at the moment.

short answer version

 

[Trident]

Apart from intercepting highly-fragmented attacks which certain behavioural blockers (mainly non-graph-based) won’t pick up, HMPA/Sophos Intercept X blocks exploits (as @Max90 already mentioned), and provides features such as Crypto Guard, WipeGuard, CookieGuard, SysCall, HollowProcess, keyboard encryption, and others which have now become the heart of Sophos products.

Many of these features have been highly praised by some, but if you dig around the web, they’ve been criticised by others.

I personally haven’t got much experience with the Sophos products. They seem a bit over-complicated to me. Sophos also offer variety of APIs such as the SAVI (cloud anti-malware) but not many vendors find them desirable for one reason or another.

 

[Zartarra]

HMPA is a waste of money and system resources if you have a good AV-solution. The license cost is steep compared to compete AV-products.

You can use the free version for the browser protection and keystroke encryption.

 

[Templarware]

Just use what your heart desires.

 

[plat]

All the mainstream browsers are patched for zero days very quickly now. So it depends on your threat model. If you're seriously risky, on a non-supported operating system like Windows 7 and get infected repeatedly, then consider Alert. If you have been targeted by a state actor before, then maybe it's something to mull over.

But for many who are on a modern, fully patched system with a decent antivirus, patched modern browser with content blocker and two or more brain cells can do without it. Plus it ain't cheap. (35 USD)

 

[franz]

Useless with Bitdefender

What about with f-secure or Norton?

 

[Azure]

Seeing as HMP.A is design to be used as a complimentary protection.

What AV do each of you think can be use with it?

 

[plat]

I was a fan of Defender with EMET back in the days of Windows 8.1. I mean: nowadays, Windows Security has exploit protections but it's not convenient to configure them and sometimes it leads to conflicts and then frustration. I know this first-hand already.

So, I guess Alert + Defender--just for convenience's sake (without the native exploit protections enabled). But this is theoretical, in response to Azure's question in post #18. I don't know about third party antivirus. I think with Kaspersky, Alert is not compatible.

 

[franz]

You have the same with Bitdefender, only better.
And you shouldn't armor your computer with shields that do the same, too much protection kills protection.
A good Bitdefender and a scan from time to time with Malwarebytes Free and Norton Power Eraser will suffice.

Compared to Bitdefender and Malwarebytes Free and Norton Power, would you say that f-secure is a better choice with Malwarebytes Free and Norton Power, or is it just fine with f-secure alone?

 

[ryanh]

HMPA is not on par with Bitdefender in any way. HMPA also known as Sophos InterceptX constitutes for behavioural blocking/attack interception in Sophos products. Whilst you can’t say it is mediocre and doesn’t do the job, Bitdefender’s behavioural blocking and machine learning have been developed to a slightly higher standard and are more effective. You don’t need 2 guys doing the same.

Other than behavioural blocking, attack interception and malware “immunisation” via adding malware artefacts that “fool” them you are already infected, it features malware scanner which is now kinda obsolete, as it doesn’t scan the memory contents, it just gets the modules path and scans them on disk (unlike Bitdefender and Kaspersky). Such scanning doesn’t work against fileless attacks.

Thanks. My understanding is that Sophos InterceptX is an EDR/XDR. If yes, I wasn't aware that Bitdefender Total Security was in the same space. If so, that's great to know.

A good Bitdefender and a scan from time to time with Malwarebytes Free and Norton Power Eraser will suffice.

Is Norton Power Eraser portable or does it require a full installation?

The first HitmanPro.alert came out just before the release of Windows 7. Vista had introduced different integrity levels and UAC, but Vista was not a market succes. The introduction of Windows7 made it harder for malware to gain admin rights and/or survice re-boot because of the extra integrity levels and UAC.

Creative as malware writers are, they started to use bugs in software to elavate rights. because of the low market success of Vista and the high succes of Windows 7, a lot of software was hastily update to comply with the (new) integrity levels. So there were a lot of bugs to misuse by malware writers.

HMPAlert was a behavioral blocker which looked specifically at the weakspots of often abused programs (contrary to earlier behavioral blockers like Mamutu or Mumato who looked at suspicious patterns of all programs). This made them as useful and succesful like having an extra body guard and a rapid response team assiting your AV. When a new intrusion method was discovered, the guys from HMPA coded a catcher/interceptor for it. HPMAlert's block rate agianst new intrusion methods was also much higher than traditional AV's.

This focussed approach of HPMA turned out also very powerful for staged attacks. Staged attacks are succesful because they make a series of minor or low profile intrusions (enough to be not detected by behavioral mechanism of the AV's). The third wave on which HMPAlert surfed was the outbreak of ransomware (which often used LOLbins and vulnabilities in staged attacks).

So the answer your question: NO HMPAlert has not become weaker, the operating system itself has got a lot of mechanisms to prevent/protect against exploits and the premium AV's developed Behavioral Monitors in combination with Machine Learning/Artificial Intelligence and Reputation (origin) validation mechanisms, which kind of makes the added value questionable when you use a paid premium paid Antivirus like Bitdefender, (but I would certainly also mention Kaspersky with systemwatcher and F-secure with deepguard)

Thanks for the super detailed background.

Apart from intercepting highly-fragmented attacks which certain behavioural blockers (mainly non-graph-based) won’t pick up, HMPA/Sophos Intercept X blocks exploits (as @Max90 already mentioned), and provides features such as Crypto Guard, WipeGuard, CookieGuard, SysCall, HollowProcess, keyboard encryption, and others which have now become the heart of Sophos products.

Many of these features have been highly praised by some, but if you dig around the web, they’ve been criticised by others.

I personally haven’t got much experience with the Sophos products. They seem a bit over-complicated to me. Sophos also offer variety of APIs such as the SAVI (cloud anti-malware) but not many vendors find them desirable for one reason or another.

Assuming I haven't misunderstood, it suggests that HitmanPro.Alert does provide added value if it's detecting behavioral patterns other solutions won't?