Doesn't Direct Disk Access in Hitman Pro ruin CTM?

Hello, every one! :slight_smile:

I use CTM 2.9 and Hitman Pro 3.5. There is an option in Hitman Pro - Disk Access Mode: Direct Disk Access (recommended). Is this recommended option safe for Comodo Time Machine?

Thank you.

Hi, “Hitman Pro” is a pretty good supplementary malware detector, I use it sometimes.

It should have no conflicts with CTM.

Hmmm… Is this direct disk access done within Windows or by outside (i.e., without the CTM driver loaded). From outside, before the driver loads, you can mess all the snapshots and lose data!

Yes, I’m afraid of exactly this!
So who knows about Hitman Pro’s direct disk access?

It could be ok if it is “only” the new disk access mode used to detect and remove TDL3 rootkits, for instance. It runs within Windows and not by outside (like a Linux Live CD, for instance).

Hitman Pro’s “Direct Disk Access” mode (by default) is actually very low-level disk scanning run inside Windows, sometimes strange names are given to attract eyeballs !

Better still, starting with Hitman Pro 3.5.8 build 121, TDL4 rootkit detection is possible !

That’s great! So CTM is safe! :slight_smile:

That’s even better!

Thank you!

I’ve finally found the answer to the topic question: Yes, Hitman Pro can ruin the CTM!!!.
Today I let the Hitman Pro to “fix” the problem with the MBR and CTM 2.8 got ruined - it returned to one of the earlier snapshots and said it couldn’t launch.

Direct Disk Access mode in Hitman Pro won’t ruin or have any conflict with CTM.

But when Hitman Pro says CTM’s presence in the MBR is a “threat” (which is a false alarm) and you believe it and set Hitman Pro to fix it, then this act of yours will ruin CTM !

What Hitman Pro does is equivalent to rebuilding the MBR in this case ! I thought you had read this thread :-TD

Your words are false as Hitman Pro says nothing about CTM.

No, not in a direct manner. It would just be flagged up as Win32\MBR Bootkit or something like that. (I hardly use Hitman Pro thesedays)

Anything that touches/rebuilds the MBR when CTM’s installed would ruin (disable) CTM !

I too had mentioned this here. As James mentioned HitmanPro identify it as Bootkit or something. In my case on XP 32 Bits & CTM 2.9 Beta whenever I tried to fix the detection CTM was completely removed i.e after restart CTM was not there in the system.

Yes, it reported as Win32/Bootkit. I several times reported it to the HitmanPro as a false alarm, but of no avail. I have now Win-7, CTM 2.8.

[attachment deleted by admin]

It’s the same thing as rebuilding the MBR. It’s not much harm when 2.9beta’s installed as you would be left with your current system, but if 2.8’s installed your system would be back to “Baseline” !!