On the alert there is a blue link "Technical Details" if you have that available clicking on it will show more details as to which module got triggered and why.
Possible options are, but not limited to, MalwareBlocked, StackPivot, ROP, CodeCave, CookieGuard, APC Violation, LockDown, KernelTrap, CryptoGuard.
Should you want to save the technical details from this screen you have to click in to the details and use CTRL-A + CTRL+C to copy, close the alert and paste the details in a notepad. An other way is to retrieve this information via the HitmanPro.Alert eventlog, Open HitmanPro.Alert from the tray icon and click on the "Last event" button.
The Eventlog will show you the alerts that have been triggered with an "Action" option on the right, you can make the following choices:
- View alert details, this will show the same details as in the alert discussed before.
- View process tree, this will show a graphical representation of the processes involved in the attack.
- View file on virustotal, this will open a browser window to Virustotal for the hash of the file that caused the attack to trigger.
- Suppress alert, in case you are sure the alert is a false-positive you can use this to effectively whitelist it and be able to continue your work.
- Unsuppress alert, in case the alert was suppressed in the past you can undo the whitelisting here. (only shown on suppressed alerts).
Now if you click on "View alert details" this will have a small description of what type of attack was intercepted. When available MITRE ATT&CK ID's are shown also. If support asks you to provide "Technical details" you can click in the alert details here and use CTRL+A and CTRL+C to copy and use CTRL+P to paste it in the ticket that you can send to support@hitmanpro.com
Comments
0 comments
Article is closed for comments.