Solved

It seems I am getting FALSE positive for HITMAN PRO 3.7 as a rootkit.

  • 6 December 2013
  • 38 replies
  • 233 views


Show first post

38 replies

Userlevel 7
Hi tempnexus
 
Intrigued by your issue (and by the CryptoLocker malware) I have tried to reproduce what you have highlighted.  The only difference is that I did not have HitmanPro Alert 2.0 installed already when I installed v2.5 beta, and as such I did not get a prompt to reboot after installation (in fact installation was very, very snappy).
 
Ran a full scan just after installation and...nothing...so I can only assume that either the issue was specific to your system or (more likely) the Support Ticket has resulted in the review & whitelisting of HitmanPro Alert v2.5 beta components.
 
Looks like an interesting piece of functionality so i am going to keep in installed and see how it plays with WSA & KIS.
 
Please post back with your experiences as it will be useful for other Forum users...including me! ;)
 
Cheers
 
 
Baldrick
 
 
Userlevel 7
I am also getting a false positive but not for Hitman Pro, for Norton Internet Security. Webroot is giving me the same results as you marking the registry entries as rootkits and I've sent a support ticket. I'm sure they can get it sorted out for both of us :D
 
 
Shran
Userlevel 7
Hi Daniel,

Yes I have my heuristics (had past tense, I'm now back onto a system image that was made before I put Webroot on). I can't speak regarding to Hitman Pro as I don't use it though.

Shran
Userlevel 7
Okay, I'll go ahead and restore my system to the image with Norton and Webroot and tell you what happens. That will take about 20 to 30 minutes, so I'll log into the forums on my tablet while that's running.

Talk again soon!

Shran
Userlevel 7
Hi Daniel
 
If it is of any help my heuristics are set to "Enhanced..." and I am not experiencing an issue withthe software.  I will try chaning the setting to 'Maximum' and see what that gives.
 
Regards
 
 
Baldrick
 
UPDATE:  Nothing detected with heuristics set to 'Maximum'. 😠
Userlevel 7
Badge +56
Hi Solly,
 
Same here no detection and the OP it's a Registry Key being detected and could of been whitelist on it's own in the Cloud.
 
Daniel
Userlevel 7
Badge +56
@ wrote:
Pushing it to 'Enhanced' or even 'Maximum' is what I would recommend only if there is a suspicion of infection...for the very reason that these higher settings are more likely to give what is generally termed False Positive...but what I call, in WSA's case, Overly Sensitive...;) 
Regards
 
 
Solly
Correct buddy right on the nose!

  And I always run at Max and never seen a (FP) Overly Sensitive because of it!
 
Daniel
Userlevel 7
Hi Baldrick,

I went into the advanced settings > heuristics and clicked "reset to defaults" and it set it to "Enhanced based on age, origin, etc.". No over sensitive detections with that :D

Shran
Userlevel 7
I live in the United States and here it's 21!

Shran
Userlevel 7
18...here in the UK...but like Daniel...I am well, well past that...;)
Userlevel 7
Hey when you did get Tranya and didn't share with the rest of us?
;)

Shran 😃
Userlevel 7
Hi tempnexus
 
Completely agree with the sentiment in your last paragraph.  Very wise.
 
Glad to hear that the issue is sorted for you, in whatever way.  I have beein running v2.5 beta for a week now and have had no mishaps or points of contention...get the notification on protection with IE but not with Maxthon (secondary browser) despite the site saying it is supported...will have to check into that.
 
Regards
 
 
Baldrick
I am yet to test the HMP against an MIM attack and see if it's actually worth it's salt.
 
have you tried taht yet?

Reply