This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can someone enlighten me why did HitmanPro aka Intercept X fail so miserably?

https://www.youtube.com/watch?v=Z4RDR7kJUWM#action=share

 

 

Thank you



This thread was automatically locked due to age.
  • Unfortunately that video doesn't really provide any useful information to answer that. There are no details as to what malware they actually run on the machine (a detection name from another AV doesn't confirm what was run). If they provided hashes of the files that were run and exactly what they did with these files we would have a better understanding of the results.

    Also to clarify Intercept X was not tested here. Intercept X does include HitmanPro technology but it is a completly different product. It is important to understand that HitmanPro as a standalone is not designed to prevent a new attack (that is HitmanPro.Alert), much like other scanners in the video, it is a scanner that can be used to cleanup anything malicious it finds on a machine when you run a scan, which by definition means whatever it finds was on your machine before the scan was run. Intercept X is completely different, it is designed to prevent attacks from happening in the first place. It does this with anti exploit technology (available in HitmanPro.Alert), as well as ransomware protection (also in HitmanPro.Alert) and Machine Learning (technically a more advanced version called Deep Learning) which is only available in Intercept X. The only real comparison Intercept X has to the HitmanPro (standalone not HitmanPro.Alert) is that is uses the similar technology to clean up threats, but that is not the same as detection.

  • I agree with PeterM

    a) Hitman Pro is NOT Intercept X

    b) Intercept X is not a standalone product  but a addon/enhancement to a classic Sophos or 3rd party AV scanner to cover those parts as anti exploit, anti ransomware, root cause analytics  and since short ML assisted malware detection on PE (executables)....the parts where classic AV the past years failed/did not provide reliable protection..

    c) HitmanPro(.Alert) or Intercept X is no "second opinion scanner".Intercept contains Sophos Clean, which can be considered a cleanup tool (second opinion scanner) to clean up infections and it's remnants.

    I higly assume the recent InterceptX beefed up with the ML engine would have catched all or at least most of those malicious attempts.

  • Understood.

     

    So if at home I am running HitmanPro.Alert then do I have the same protection as Intercept X?  Does HPA include the ML engine?

     

     

    Sidenote:  I have a 2 year paid lic for HPA so if HPA is not equivalent of Intercept X then is there a way to swap them?

  • No they aren't the same products, no ML engine in HMP.A, although HMP.A does have a few features that haven't made it to intercept X yet, like web cam monitoring, hardware key logger detection and a few other things. 

    HMP.A and Intercept X are designed to be additional security layers (nextgen if you want to use the buzz word) that work alongside the more traditional AV layers. Neither HMP.A or Intercept X should be run without the traditional AV though, they are additional security not all of your security. This is why you can install them alongside other AV products. Of course you get additional benefits when you run Intercept X alongside Sophos Endpoint Protection (add in the Sophos XG Firewall and you can do some really cool stuff too). 

    However if you wanted a low cost Home product then I would suggest looking at Sophos Home Premium (https://home.sophos.com/) it includes all the best bits from Sophos Endpoint Protection and Intercept X (no ML engine) as well as lots of other bits from HMP.A.

  • Great thank you.

     

    Are there any future plans to include ML engine into HMP.A?  Basically currently there are pro's and con's to both.  I personally love the keylogger encryption in HMP.A (it encrypts beyond detection right?) and what's stopping me from using Intercept X is the lack of that feature.  Then again I would love to have the ML capability in HMP.A

     

    I am currently using XG 17 home but I don't know if Intercept-X integrates with the home solution or does it require the enterprise solution (i.e. like home has no Sandstorm capability).

     

    Personally I think that including ML engine into HMP.A would benefit many users in the future...mainly in the threat detection arena....the home users who use HMP.A are encroaching onto different threat space / net space than corporate users...mainly because majority of home users of HMP.A are not using deep packet inspection of traffic and web blocking....thus allowing them to visit sites that normal corporations would block as non-productive.   Hence, the everyday user might encounter malware injection ads, cryptojacking ads and regular drive by malware content more frequently then your avg corporation which will most likely be a target of a spearphising or a waterhole attack rather then a net wide spreading epidemic.

     

  • Generally we are adding additional protection to the Central Endpoint/Server and Intercept X products, which includes parts of HMP.A being moved over. HMP.A itself is generally considered a separate product, it is still being developed with new anti-exploit and anti-ransomware features being added, however I don't know of any plans to put ML in it.