HitmanPro.Alert CryptoGuard prevents files from being taken hostage

wow - guess i should have waited some before posting.  This is a game changer the blocking of network shared drives on servers.

Is the event id always going to be 301?  We use kaseya and we could then monitor the event logs on the server for this id to notify us of an issue.

is anything be posted in the event logs on a workstation with this alert?

got "Application failed to install. Error 0."  Also running Norton360 and CryptoPrevent....

What error is listed in the event log?

wow - guess i should have waited some before posting.  This is a game changer the blocking of network shared drives on servers.

 

Is the event id always going to be 301?  We use kaseya and we could then monitor the event logs on the server for this id to notify us of an issue.

is anything be posted in the event logs on a workstation with this alert?

Yes. The CryptoGuard Alert will always be 301.

Alert running on the server will only post and event on the server. It will not post anything in the event log of the infected workstation.

Edited by erikloman, 22 November 2013 - 09:31 AM.

so if alert is running on a workstation it will not post anything to the event log when an attack is happening?  If this is true it would be nice if you could get something to post to the event log so people could monitor it.  Some users are not always forth coming in contacting us when there is a problem.

When the alert gets release (no more beta) will there be more info on how to install silently and how to install with no start menu program list?  Since we use kaseya, i would create a script to install it silently on peoples pc.

Thanks for posting and the updates  

so if alert is running on a workstation it will not post anything to the event log when an attack is happening?  If this is true it would be nice if you could get something to post to the event log so people could monitor it.  Some users are not always forth coming in contacting us when there is a problem.

 

When the alert gets release (no more beta) will there be more info on how to install silently and how to install with no start menu program list?  Since we use kaseya, i would create a script to install it silently on peoples pc.

 

Thanks for posting and the updates  

Alert will post an event to the computer it is running on. Imagine a network with hundreds of endpoints and a file server. Just install Alert on the file server and Alert will report in the Event Log of the server which endpoint is infected.

There are command line switches. Typical switches are:
 

hmpalert.exe /install /quiet

Or for uninstall:

hmpalert.exe /uninstall

 

^^^ you didn't really answer his question.

 

Which of his three questions?

 

1. is this for browsers only?

The Intruder feature is only for web browsers.

The CryptoGuard feature protects all documents and files on the computer.

 

2. Its it protecting/checking when browsers are not open?

The Intruder only works when the browser is open. Intrusions happening while browser is open, will be detected and an alert will be displayed. Intrusion is not blocked.

 

3. if the person gets an email and launches the malware, will the alert stop it?

No. Alert  will not blocked the infection. But Alert will block crypto attacks on the documents and files on the computer. 

 

So, if the user has Alert installed but has no browsers open and then opens an infected attachment in outlook, Alert will not stop encryption of files?

So, if the user has Alert installed but has no browsers open and then opens an infected attachment in outlook, Alert will not stop encryption of files?

 

Alert's CryptoGuard is a system-wide real-time feature that will block encryption of files. Even when no browsers are open. In fact, browsers are totally unrelated to CryptoGuard.

Edited by erikloman, 22 November 2013 - 10:28 AM.

 

So, if the user has Alert installed but has no browsers open and then opens an infected attachment in outlook, Alert will not stop encryption of files?

 

 

Alert's CryptoGuard is a system-wide real-time feature that will block encryption of files. Even when no browsers are open. In fact, browsers are totally unrelated to CryptoGuard.

 

Perfect.  Thanks!

Edited by Joe_BubbA, 22 November 2013 - 10:33 AM.

 

got "Application failed to install. Error 0."  Also running Norton360 and CryptoPrevent....

 

What error is listed in the event log?

 

Event 201:  Application failed to install

Event 7009:  A timeout was reached (30000 milliseconds) while waiting for the HitmanPro.Alert Service service to connect.

Event 7000:  The HitmanPro.Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion

Edit:  After a reboot, seems to be working...At least I got the banner message...

Edited by Joe_BubbA, 22 November 2013 - 10:43 AM.

 

 

got "Application failed to install. Error 0."  Also running Norton360 and CryptoPrevent....

 

What error is listed in the event log?

 

Event 201:  Application failed to install

Event 7009:  A timeout was reached (30000 milliseconds) while waiting for the HitmanPro.Alert Service service to connect.

Event 7000:  The HitmanPro.Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion

 

Do you have a tool installed that is blocking the installation?

 

 

 

got "Application failed to install. Error 0."  Also running Norton360 and CryptoPrevent....

 

What error is listed in the event log?

 

Event 201:  Application failed to install

Event 7009:  A timeout was reached (30000 milliseconds) while waiting for the HitmanPro.Alert Service service to connect.

Event 7000:  The HitmanPro.Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion

 

 

Do you have a tool installed that is blocking the installation?

 

Just CryptoPrevent, but that would create an event in event log...

Edited by Joe_BubbA, 22 November 2013 - 10:48 AM.

Sweet tool thanks! 

thanks for this tool, I just tried it out, installs fine on local machines but when intsllating it on my Windows 2008R2 file server it caused a BSOD within 5 minutes (no reboot) so i had to uninstall it, will try some further testing later - do you have any details on how this actually works ? what defines a file as being 'encrypted'? what at the performance impacts of this on a file server?

thanks for this tool, I just tried it out, installs fine on local machines but when intsllating it on my Windows 2008R2 file server it caused a BSOD within 5 minutes (no reboot) so i had to uninstall it, will try some further testing later - do you have any details on how this actually works ? what defines a file as being 'encrypted'? what at the performance impacts of this on a file server?