HitmanPro.Alert CryptoGuard prevents files from being taken hostage

That was easy enough...it only created a service.

That was easy enough...it only created a service.

 

There should also be a hmpalert.sys (in system32\drivers) and two hmpalert.dll files (one in system32 and one in SysWow64).

 

CryptoGuard (if you've installed Alert 2.5) also creates this folder: C:\Windows\CryptoGuard .

 

Thats it.

I installed CryptoGuard on several machines and noted in some cases it creates an entry in Add/Remove for easy removal...in other cases it did not. Is this a common or fluke behavior not to add an entry there?

just wondering what kind of behaviour is monitored? If cryptolocker change its behaviour, i doubt the program can prevent it. For example, it encrypt the file slowly, one after another with an interval in between.

just wondering what kind of behaviour is monitored? If cryptolocker change its behaviour, i doubt the program can prevent it.

The algorithm is fairly robust against various current and older crypto malware families. This is our first build (still in beta) and testing it against various other families.

If malware wants to get around *any* kind of protection, it will. How many systems got infected with CryptoLocker despite existing security measures? Just look in the CryptoLocker thread and you know the answer.

See CryptoGuard as a free additional security layer geared specifically against crypto malware.

HitmanPro.Alert 2.5.1 Build 56 BETA

 

Last week we've released the first BETA of Alert 2.5 with the new CryptoGuard feature protecting documents, images and other personal files files against crypto ransomware like CryptoLocker and Dorifel (aka XDocCrypt).

 

Today we release a new BETA containing improvements and various fixes.

 

Changelog

• IMPROVED: Fine-tuned CryptoGuard algorithm.

• IMPROVED: Switching CryptoGuard off under Settings now works immediately, no reboot required.

• IMPROVED: Support for processes running in an AppContainer.

• IMPROVED: Installation and upgrade procedure.

• FIXED: Application startup performance. On some systems the Alert Broker Service failed to process new completion port I/O requests causing a slowdown during application startup.

• FIXED: False positive Intruder alert when Free Download Manager or Bing Toolbar was installed. 

• FIXED: Media Player Classic caused high CPU load in the Alert Broker Service.

• FIXED: CCleaner set to Secure Delete caused CryptoGuard alert.

• FIXED: ACDSee 6 (or newer) caused CryptoGuard alert.

• FIXED: On some systems the installer crashed when NVIDIA D3D shim DLLs are installed.

• FIXED: On some systems the installer failed with Error 32.

• FIXED: Memory leak in Alert Broker Service.

 

Known issues in Alert 2.5.1 (or older)

• ISSUE: Alert is currently not yet compatible with Norton 360 and Norton Internet Security on 64-bit Windows versions. We've already identified the cause and are working on a solution.

 

Download

http://dl.surfright.nl/hmpalert25.exe

 

 

Installation

You do not need to uninstall Alert 2.0 or 2.5.0. This version will prompt to upgrade the existing install during installation.

 

Existing users are not yet automatically updated. You need to manually install this version.

 

 

Note: This version is still labeled BETA. This means you should not yet run this version in a production environment.

Hi, apologies if I missed this on the site, are there hashes for the download files?

 

Thx!

Hi, apologies if I missed this on the site, are there hashes for the download files?

 

Thx!

 

The binary is digitally signed with an Authenticode certificate. That tells whether the binary is authentic (not a single bytes has changed since publishing).

Does Surfright offer update notifications when this program is updated. 

HitmanPro.Alert 2.5.6 Build 61 BETA

 

One more BETA build before stable release.

 

CryptoGuard for Windows File Sharing (SMB)

Major new feature in this build is CryptoGuard support for Windows File Sharing (SMB). This means that you can now protect documents and files shared on the network against remote crypto-ransomware attacks. No need to install software or deploy group policies on every endpoint, just install Alert on the server and your shared documents are protected against network based CryptoLocker attacks.

 

When an attack has been detected, the infected client(s) can no longer open shared documents for writing on the server. Of course other users in the network are not affected by this mitigation.

 

This new CryptoGuard for Windows File Sharing feature is supported on Windows Server 2008 R2 or newer.

 

Note: 64-bit versions of Windows 7 and Windows 8 share the same technology as Windows Server 2008 R2 so these support the new feature as well.

 

 

User Interface

As you can see in the screenshot below we gave the user interface an update so that it reflects the features in Alert.

 

 

 

Windows Event Log

Installs, updates and alerts are now logged to the Windows Event Log. This allows system administrators to remotely view which computers in the network tried to encrypt shared documents and files. This so they can take appropriate actions.

 

The event data contains remote client IP, share name and the documents under attack:

 

 

 

Finally we've added compatibility with Norton 360 and Norton Internet Security (a restart might be needed after installing Alert).

 

Checkout the full list of changes in the changelog below:

 

Changelog

 

• ADDED: CryptoGuard for Windows File Sharing (SMB).
  Protect your file shares against rogue endpoints by simply installing Alert on the file server. Requires Windows Server 2008 R2 or newer.
   

• ADDED: Alert writes remote crypto-ransomware attacks to Windows Event Log. The event data contains remote IP, local share name and the filenames under attack.
   

• ADDED: CryptoGuard minifilter driver now supports oplocks (64-bit only).
   

• ADDED: CryptoGuard minifilter driver now supports process and IP clustering (64-bit only).
   

• ADDED: Command line switch /flyout to configure flyout during command line based installations.
   

• IMPROVED: Fine-tuned CryptoGuard algorithm.
   

• IMPROVED: Installer and updater write to the Windows Event Log.
   
• IMPROVED: User interface now shows tiles representing Alert’s features.
   
• FIXED: CryptoGuard handling JPG files.
   
• FIXED: CryptoGuard working folder is cleaned up when computer shuts down.
   

• FIXED: Small kernel memory leak.
   

• FIXED: Alert is now compatible with Norton 360 and Norton Internet Security.

 

Download

http://dl.surfright.nl/hmpalert25.exe

 

 

is this for browsers only?  Its it protecting/checking when browsers are not open?

if the person gets an email and launches the malware, will the alert stop it?

 

 

See this Alert settings dialog for a brief overview:

is this for browsers only?  Its it protecting/checking when browsers are not open?

if the person gets an email and launches the malware, will the alert stop it?

 

 

See this Alert settings dialog for a brief overview:

 

Alert blocks crypto-ransomware attacks on your documents. In addition Alert warns when malware has intruded your browser. Alert will not block malware. It is not an antivirus.

^^^ you didn't really answer his question.

got "Application failed to install. Error 0."  Also running Norton360 and CryptoPrevent....

^^^ you didn't really answer his question.

 

Which of his three questions?

 

1. is this for browsers only?

The Intruder feature is only for web browsers.

The CryptoGuard feature protects all documents and files on the computer.

 

2. Its it protecting/checking when browsers are not open?

The Intruder only works when the browser is open. Intrusions happening while browser is open, will be detected and an alert will be displayed. Intrusion is not blocked.

3. if the person gets an email and launches the malware, will the alert stop it?

No. Alert  will not blocked the infection. But Alert will block crypto attacks on the documents and files on the computer. 

Edited by erikloman, 22 November 2013 - 09:37 AM.