Hello colleagues from TweakBytes!! I would like to present the review of this so interesting security product: HEIMDAL PRO!!!!!! I hope You enjoy with its features and Their conception of security!! There We go!! HEIMDAL PRO REVIEW Links to Heimdal PRO Resources, Guides and FAQ. General info of the product and links to resources at Heimdal PRO Website. System Requirements: You can install Heimdal FREE or Heimdal PRO on computers running the following operating systems: Windows 7 (32 and 64 bit) Windows 8 (32 and 64 bit) Windows 8.1 (32 and 64 bit) Windows 10 (32 and 64 bit) Windows Server 2008 R2 Windows Server 2012/2012 R2 Heimdal has the following system requirements: Microsoft .NET Framework 4.6.1 Takes 100 MB disk space Takes 250 MB RAM Takes 3% of CPU usage Local administrator or domain administrator (if in domain) rights during installations User rights during execution Internet access *If .NET Framework 4.6.1 is not already installed, Heimdal will automatically download and install it. This does not apply to the MSI based installation. Product Guides: https://support.heimdalsecurity.com/hc/en-us/categories/200818649-Product-Guides Heimdal Technology at a Glance: https://heimdalsecurity.com/en/whyheimdal How does Heimdal Pro works: https://support.heimdalsecurity.com/hc/en-us/sections/201687605-How-does-Heimdal-work- Heimdal FAQ: https://support.heimdalsecurity.com/hc/en-us/categories/200843235-FAQ Heimddal Products: https://heimdalsecurity.com/en/products Buy Heimdal Pro: https://heimdalsecurity.com/en/buy/register Heimdal HowTo: https://support.heimdalsecurity.com/hc/en-us/sections/201632359-Heimdal-PRO Heimdal Support: https://heimdalsecurity.com/en/support Installation and 2 steps Wizard Configuration. Installation was fast, easy and plain. We have to choose language of the product, type our license code and email address: The product offers an easy wizard to configure main security settings and notifications in 2 steps: In first one We can setup the silent security updates, We have 2 options: AutoPilot: recommended for highest level of online safety. Software already installed will be detected, monitored and auto updated if necessary.It is recommended for highest level of online safety. Custom: We can decide what software want to Monitor or to Monitor and AutoUpdate. In second one We can configure the notifications from the different security modules, new updates and the status of the application. Each notification has two help buttons: Pressing the blue small button, We will see a description of the notification. This button is in every configuration setting of Heimdal Pro. Pressing the small green eye button, We will see how the notification will be shown in our screen. After you finish with this settings, press the [Got It] button and the customization is over. ____________________________________________________________________________________ Next, We will make a small trip through the different options of the main GUI and screens of the product: OverView. This is the main product GUI (graphic user interface) window and here We get the status of the system, when were the last scan and updates performed, as well as how many applications have been patched, malware cleaned, malicious websites blocked, days left of Your subscription/license and version product. There are 3 colours depending on the overall status of the system: Green (Your computer is healthy): your system is safe. Yellow (Your computer must be updated): Heimdal Pro has detected some outdated applications and is currently patching them. Red (Your computer is at risk!): credentials have been compromised. We can click over the hexagonal button with a tick and a new Scan of the system will start with an animation: Information of Software Patches, Malware Cleaned and Websites Blocked are shown and constantly rotating every 2 seconds approximately : Traffic Scanning. If We disable “Traffic Scanning” the others 3 settings below will be disabled. On the other hand if “Traffic Filtering” is disabled then “Automatically disable Traffic Filtering” feature will be also disabled. The setting “Automatically disable Traffic Filtering” allows disconnect Traffic Filtering module automatically when Heimdal Pro can’t connect to the cloud servers from our location (Traffic Filtering won’t work properly). This situation may disconnect the system from Internet. To avoid this, you can choose to automatically disable “Traffic Filtering” and Heimdal will re-enable the feature when it can reconnect to the cloud servers. With “Proxy” button, a proxy can be set to create an additional protection layer for the system. On the right side We also see the count of last scans and blocks in the last 7 days. Malware Engine. In this section We can turn on/off this module as well as check on the right side the count of scan and cleans in the last 7 days. I contacted to Heimdal Support to ask some doubts and more detailed information about its working, and I want to thank Adrian Manolache who friendly clarify and answered my questions. So, to better understand how Heimdal “Malware Engine” works, here are some of his words: “Heimdal is not an antivirus and its focus is not reactive protection. As a result, Heimdal PRO cannot be compared to a fully-fledged antivirus, because it focuses on proactive protection. Heimdal is a supplement to antivirus and We always recommend Internet users to adopt a multi-layered approach to cyber security as no single solution can block all threats. This means that Heimdal focuses on blocking attacks by blocking the connection between malicious websites, servers and C&Cs and the targeted devices, based on incoming and outgoing Internet traffic. This is what you saw in the Websites Blocked section in Activity Reports. What’s more, this also means that Heimdal cannot block ransomware types that use encryption keys generated locally or offline. Cerber has such variants, which is why Heimdal PRO couldn’t block it. In Heimdal PRO, the malware engine uses a limited number of antivirus definitions, which we use to perform a quick scan. Again, I have to emphasize that Heimdal PRO is not an antivirus and should not be treated as such”. Patching System. Heimdal monitors and automatically updates a wide variety of applications. The new updates are downloaded directly from the official servers and Heimdal automatically installs them. A running application will never closed or automatically reboot the PC after the updates have been installed, also will never ask permission or User Account Control (UAC) notification, even if the UAC is enabled. In this tab We can choose to turn off this module, but is not recommended because will decrease our system protection There are 2 sections/features in this module: Software Patching: monitors and updates applications already installed in our system and are found in the list of the engine. There are 5 columns which give us information such as: Software Name, Version, Status, Monitor and AutoUpdate of every installed and monitored program in our system. A green tick in Status column means this application is up to date, a red ! exclamation mark the application couldn’t be patched and a line of 3 orange dynamic dots ... the application is being updated. In the Monitor column, a tick in the check button means Heimdal will start monitoring that application. Once a new version of that application appears, you will be notified to update (only notify but not update). A tick on AutoUpdate column will automatically update the application checked to the new version when available. If We don’t want to patch automatically some applications of the list can just disable unticking them. Recommended Software: offers us a list of applications to be installed directly from Heimdal. Once a new program of that list is installed, it will be automatically added to the Software Patching list where it will be monitored and auto-updated. On the right side, We can check the number of applications monitored and updates (patches) have been applied in the last 7 days. Activity Reports. This window give us the general statistics and reports of the security status of our system: General tab: shows reports of “Traffic Filter”, “Malware Engine” and “Patching System” modules scans, blocks and patched applications in the last 7 days, also the number of monitored applications. RSS Feed tab: get security warnings directly from the Heimdal Security blog, to keep safe your system. Software Patches tab: shows which updates have been installed, for which application, which version and on which date. Infections Detected tab: shows infections have been found and blocked. You can see when these infections were detected, the malware name and their status. Websites blocked tab: shows a list of infected or potentially dangerous websites blocked and the date They were blocked. Settings Tab. To access Heimdal Settings there is a gearwheel button at the top right conner of the Heimdal GUI (graphical user interface). Inside Settings Tab We can change the behaviour of some Heimdal features: Turn the Malware Scanning module on/off. Set the interval of how often Heimdal will perform a malware scan. Minimum interval is 60 minutes. Increasing interval will low your security against cyber threats. Default settings are recommended. Turn the Traffic Scanning module on/off. Automatically disable Traffic Filtering: if our system has not access to a network, after 5 minutes Traffic Filtering protection module will be disabled. Proxy settings: will add an additional protection layer. Turn the Patching System module on/off. Set the interval of how often Heimdal will scan for updates of monitored applications. Minimum interval is 120 minutes. Increasing interval will low your security against cyber threats. Default settings are recommended. Balloon Notifications: Turn on/off balloons notifications. Notification intervals can be set. Security News Alerts Notifications: receive notifications from the Heimdal Security blog. Keep up to date getting news about latest online threats. Language: change the language application. Choose to update to beta: give us the option to try beta versions of Heimdal and their improvements. Keeping turned off this setting We always have the latest stable version. Notification Center. In this section We setup whether to receive or not notifications (turn on/off) from the different protection modules, when malicious site is blocked, for every weekly activity report or when a new security news alert is published in Heinmdal Blog or when a new monitored application update is ready or it’s being installed. Also We can test how They will be shown, clicking over the small green eye in every setting. License. Here We can: Check the details of our active license. Type a new license code if We bought a renewal with different email address. On the right side: check product type (Free or Pro) and when the current license will expire. Support. In this section We get 3 helpful links of Heimdal resources: Frequently Asked Questions Product Guides for the different Heimdal products. Contact Us section, to directly contact to support team. About. Read some interesting details about Heimdal beginnings and their aims in protection technology, also a direct link to About page in official website. Testing System Settings and hardware specs. Here You are some info about the system I’ve used to install and test HeimDal Pro: Host System: Windows 10 Pro x64 RS1/AU. AMD Athlon II X3 450 @ 3,20Ghz + 8GB RAM DDR3 + 2 x Western Digital Blue SATA3 500GB in RAID 1). Guest System: virtual machine with Windows 10 Pro x64 RS1/AU running over VMWare 12.5.2 (3GB of RAM assigned). Windows Defender disabled via gpedit.msc policy. Some applications and tools installed inside virtual machine: Mozilla FireFox, Google Chrome, FoxIt Reader, Java Update 8, Microsoft Office Pro Plus 2016, Restore Point Creator, CCleaner, WinRAR, Sysinternals Suite. Heimdal PRO Resource Consumption. I took some screen-shots to show You how does performs Heimdal Pro in my virtual machine, as You can see, in general terms is quite light, and does not eat so much resources so this is a good point to have it as a companion and complement of our main security product ;) But I’ve noticed that Heimdal Pro every 4 seconds approximately has a small CPU peak of about 7%~9%, You can see in one of the screen-shots below. Final Worlds. As We can read in Heimdal Pro documentation, and I was answered and remarked from their Support team also, this is not a traditional security product and is not designed to be the main layer of protection in a system but most a complement and proactive security solution specialised in protection from financial and data stealing malware, while doing banking operations and keep you safe from Zero Hour malware and security exploits frequently employed by IT criminals. That being said, I have been testing the product with some different malware and malicious links packsfrom around 1 month ago, and the results were not as I expected. I was not able to get any warning/detection/blocking from “Malware Engine” module, which only maintains a limited number of anti-virus definitions used to perform quick scans, so I would like to see here, at least! a better protection against ransomware and other families of malware, for instance, adding or improving signatures/detection via Cloud, and also a better and increased database of malicious/phishing URLs, I’m sure this would improve a lot the effectiveness of the product. On the other hand probably my infrastructure to test specific and advanced financial/0-day threats or Exploits is not the appropriate one. Another feature I would like to see improved in the product is the information about “Activity Reports”, adding also the specific time of blocked threats/attacks and showing more detailed data about detected/blocked objects/sites. A strong point of the product for sure is the “Patching System”! I was very pleased with its working, even the own application patched itself to a newer version, You can check it in my screen-shots I installed version 2.2.9 and last ones shows 2.2.12, which was great! Very good idea is the “Recommended Software” feature which lets us install well-known and widely used applications in our systems, also hope the number of monitored and recommended applications will be increased in future versions. To finish this review I would like to say that Heimdal PRO has potential, and may be a great proactive security complement to any traditional security suite application out there in home or corporate environments. ____________________________________________________________________________________ I would like to thank @jasonX , @BC2Tweak and @Trim, and all my friends here in this forum for their support and for convince me to do this review And of course to Heimdal Security for their Support and Assistance!! Well guys, see You soon... in the next review!!