App Review Thoughts on HitManPro

[cruelsister]

Content source

https://www.youtube.com/watch?v=MdV8bczSApE&feature=youtu.be

(note: the result is identical even with early Warning Scoring is enabled).

 

[Khushal]

(note: the result is identical even with early Warning Scoring is enabled).

After NPE discontinuation only KVRT is a decent scanner left. Does it still struggle against swollen files?

 

[Parkinsond]

Is Sophos considered as a top AV at the first place to consider using an on-demand scanner using its engine?
I cannot recall Sophos mentioned on MT to be used frequently; K, B, ESET, Avast, Norton, AVG, and McAfee are.

 

[Khushal]

Is Sophos considered as a top AV at the first place to consider using an on-demand scanner using its engine?
I cannot recall Sophos mentioned on MT to be used frequently; K, B, ESET, Avast, Norton, AVG, and McAfee are.

yeah sophos is no way top tier. Also hitman pro was stronger when it had also B and K engines integrated.

 

[Parkinsond]

yeah sophos is no way top tier. Also hitman pro was stronger when it had also B and K engines integrated.

But currently it has not, so it is not comparable to K on-deman scanner.

 

[TairikuOkami]

I cannot recall Sophos mentioned on MT to be used frequently

The problem is, that it can be used to detect, but not to remove malware after 30 days. It seems, that it still applies.
Otherwise it is a good fast scanner (1 min), like NPE, along with VT uploads, it can provide some useful insights.

 

[Parkinsond]

The problem is, that it can be used to detect, but not to remove malware after 30 days. Not sure, if it still applies.
Otherwise it is a good fast scanner (1 min), like NPE, along with VT uploads, it can provide some useful insights.

I do not believe on-demand scanners can do better job than full AV.
If I suspect I have got infected with my current AV, in case of MD I will just install another AV, while if using a 3rd party AV, I will uninstall and install another AV, then examine all the drives.

 

[Sampei.Nihira]

After NPE discontinuation only KVRT is a decent scanner left. Does it still struggle against swollen files?

NPE finds an obvious FP on my PC.
It is a Google Chrome vbs file, obviously created by me, which allows me to exceed the character limit that can be entered as Chromium Command Line Switches:




HP, on the other hand, finds a modification to my Hosts file, also made by me, to block CCleaner telemetry/updates:

 

[TairikuOkami]

while if using a 3rd party AV, I will uninstall and install another AV, then examine all the drives.

That is not a good idea, AV might prevent further infection, but between uninstallation and installation of another AV, malware can spread and even block installation of AV.

In case a serious infection or when looking for an alternative scan, it is better to use a bootable AV then.

10 Best Free Bootable Antivirus Rescue Disks for Windows - PCInsider

Bootable Antivirus Rescue Disk A Bootable Antivirus Rescue Disk or USB Rescue Disk is the most efficient way of detecting and deleting malware from an infected computer. A Rescue Disk scans Windows files and User files outside of Windows. So, all those malware that start along with Windows, and...

www.thepcinsider.com

P.S.: This is why I like Dr.WEB CureIt! It uses a randomized unsigned exe, so it can not be easily blocked.

 

[ErzCrz]

With NPE being discontinued, will have to check out the link @TairikuOkami posted for some alternatives or just KVRT / Emsisoft

 

[Parkinsond]

In case a serious infection or when looking for an alternative scan, it is better to use a bootable AV then.

Actually in case if I suspect I have got infected PC (by the way, never happened before, and pray to God not to happen), I would not do either, I will simple reinstall Windows in less than 10 minutes.

 

[Sampei.Nihira]

Actually in case if I suspect I have got infected PC (by the way, never happened before, and pray to God not to happen), I would not do either, I will simple reinstall Windows in less than 10 minutes.

However, performing an on-demand scan every now and then does no harm.

 

[TairikuOkami]

I will simple reinstall Windows in less than 10 minutes.

That will not make sure that backups are clean nor that BIOS was not compromised. It is still better to scan beforehand to know what you are dealing with, then reinstall.

 

[Parkinsond]

However, performing an on-demand scan every now and then does no harm.

And does not provide a "real" benefit.

 

[harlan4096]

P.S.: This is why I like Dr.WEB CureIt! It uses a randomized unsigned exe, so it can not be easily blocked.

KVRT does the same...

 

[Parkinsond]

That will not make sure that backups are clean nor that BIOS was not compromised

I do not back up frequently, only if a new file is added or a file is changed, let's say every few months.
And If I suspect infection, I do not do backup.

Can you tell me how frequent you or one of your acquaintance had BIOS malware before?

 

[likeastar20]

HitmanPro is only good for PE files (EXE, DLL etc.). It won’t detect malicious scripts like .bat or .ps1. Pure script-based attacks go undetected.

 

[cruelsister]

HitmanPro is only good for PE files (EXE, DLL etc.). It won’t detect malicious scripts like .bat or .ps1. Pure script-based attacks go undetected.

Although 2 of the files were indeed Scriptors, the 2 Stealers were exe's.

 

[likeastar20]

Although 2 of the files were indeed Scriptors, the 2 Stealers were exe's.

No no I was just speaking in general for people who aren’t aware. That’s why I dislike HitmanPro.

 

[Sampei.Nihira]

So, out of curiosity, I tried the quick scan feature of ESET Online Scanner, which I have no idea how effective it is.
No false positives: