Changes (compared to build 923):
Download
- Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
- Added protection against cloning of LSASS process to Credential Theft Protection
- Added support for ReFS file system to CryptoGuard
- Added NOTEPAD.EXE to Office template
- Added GPT partition support to WipeGuard
- Added NVMe support to WipeGuard
- Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
- Added alerting to our protection of sticky key abuse (and other accessibility features)
- Added EA Digital Illusions CE AB to game detection
- Improved protection against direct system calls, or SysCall, on 32-bit applications
- Improved handling of certificates on code-signed applications
- Improved CookieGuard alert with information about the application certificate, if any, in the alert
- Improved CookieGuard so it now adds certificate validation information into the alert details
- Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
- Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
- Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
- Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
- Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
- Change reboot fly-out reminder interval from 1h to 8h
- Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
- Changed text for Benefits button to Help center
- Changed Sophos Privacy Notice and Terms of Service
- Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
- Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
- Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
- Fixed displaying icons of UWP applications
- Fixed several user interface inconsistencies
- Fixed false alarm by APCViolation on Avast 'aswhook' DLL
- Fixed false alarm by CookieGuard if application starts from a RAM-drive
- Fixed false alarm by HollowProcess on Visual Studio
- Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
- Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
- Fixed tray icon burning CPU cycles after install
- Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
- Updated third-party libraries
- Several other changes under the hood
In the coming days we are automatically updating our users, starting with machines running build 941 tonight.
A big thank you to all participants who helped us test our beta builds! Awesome!
www.wilderssecurity.com
Changelog (compared to 943)
Download
- Improved Syscall
- Improved WipeGuard
- Improved CryptoGuard5
- Improved HollowProcess
- Improved ROP detection on crashing processes
- Improved HeapHeapHooray also covers powershell_ise now
- Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
- Several other changes under the hood
https://dl.surfright.nl/hmpalert3b945.exe
Please let us know how this version runs on your machine, thanks!
www.wilderssecurity.com
www.wilderssecurity.com
www.wilderssecurity.com
Changelog (compared to 947)
SendKeyGuard - mitigation (part of Lockdown) to block macro-borne keystroke injection.
- Improved SendKeyGuard
- Improved CryptoGuard5
- Improved HeapHeapProtect
- Improved StackPivot
- Improved CookieGuard
- Improved HollowProcess
- Several other changes under the hood
Feature needs to be enabled manually on Office applications (e.g. Word/Excel)
Download
https://dl.surfright.nl/hmpalert3b951.exe
Beware this is a BETA release which hasn't been fully tested (warning: backups, not on production etc).
Please let us know how this version runs on your machine
On behalf of Team HitmanPro(Alert) we wish you Happy Holidays! and a healthy 2023.
www.wilderssecurity.com
Changelog (compared to 951)
Beware this build is signed with a new code-signing certificate by Sophos BV, this might take some 3rd party vendors to have "trust" issues as it's a fresh certificate.
- Added HWBGuard, A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now block these breakpoints.
- Improved AMSIGuard
- Improved CookieGuard
- Improved SendKeysGuard now only protects specific predefined applications
- Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
- Improved Bitdefender compatibility causing crashing applications on startup after a recent update on their end
- Fixed BSOD in StickyKeys
- Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b957.exe
Please let us know how this version runs on your machine
www.wilderssecurity.com
Changelog (compared to 957)
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.
- Added Risk Reduction New Process Protection panel
- Added RDPGuard Icon under Risk Reduction button
- Improved CiGuard
- Improved PrivGuard
- Improved CryptoGuard5
- Improved HeapHeapProtect
- Improved APC Game detection
- Improved HHP Cobal Strike detection
- Improved DrWeb Compatibility (CallerCheck/SysCall)
- Improved SendKeyGuard Now specific key combinations can be allowed
- Improved Lockdown Now allows WMIC GET 'only' commands without interference
- Fixed Driver BSOD under specific circumstances.
- Fixed Lockdown Bypass when loading files over UNC paths
- Removed ReflectiveDLL As it has become obsolete in it's current implementation
- Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b965.exe
Please let us know how this version runs on your machine
We're planning to promote this build to Stable if results are good in the coming week(s).
www.wilderssecurity.com
Changelog (compared to 965)
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.
- Improved KeyboardGuard
- Improved HeapHeapProtect
Download
https://dl.surfright.nl/hmpalert3b967.exe
Please let us know how this version runs on your machine
We're planning to promote this build to Stable if results are good in the coming week(s).
for products using the Bitdefender engine.
Changelog (compared to 967)
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.
- Fixed CookieGuard False positive on "chrome.dll"
- Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
- Improved KeyboardGuard compatibility with ESET protected browsers
- Improved HeapHeapProtect tweaked a few things to reduce FP's
Download
https://dl.surfright.nl/hmpalert3b971.exe
Please let us know how this version runs on your machine
We're planning to promote this build to Stable if results are good in the coming week(s).
www.wilderssecurity.com
Changelog (compared to 971)
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.
- Fixed C2 interceptor crashes/blocking of application loading
Download
https://dl.surfright.nl/hmpalert3b975.exe
Please let us know how this version runs on your machine
We'll enable auto-update for anyone running >947
We're planning to promote this build to Stable if results are good in the coming week(s).
www.wilderssecurity.com
We're slowly releasing this new build to our current 947 stable fleet, as there have been a significant number of changes this update won't be auto-update available all at once.
Monitoring telemetry & support will give us an indication of possible issues, and if all looks good we'll migrate more users, of course you are free to download the latest version via provided link if you don't want to wait for the update to show up via the auto-updating mechanism.
Changelog (compared to 947)
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.
- Added HWBGuard (Silent), A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now detect these breakpoints
- Added New Process Protection panel for Risk Reduction
- Added RDPGuard Icon under Risk Reduction button
- Added SendKeyGuard
- Fixed BSOD in StickyKeys
- Fixed Driver BSOD under specific circumstances
- Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
- Fixed Lockdown Bypass when loading files over UNC paths
- Improved AMSIGuard
- Improved APC Game detection
- Improved Bitdefender Compatibility
- Improved CiGuard
- Improved CookieGuard
- Improved CryptoGuard5
- Improved DrWeb Compatibility CallerCheck/SysCall
- Improved HeapHeapProtect Cobalt Strike detection
- Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
- Improved HollowProcess
- Improved KeyboardGuard u.a. compatibility with ESET protected browsers, Windows search
- Improved Lockdown Now allows WMIC GET 'only' commands without interference
- Improved PrivGuard
- Improved StackPivot
- Removed ReflectiveDLL As it has become obsolete in it's current implementation
- Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b975.exe
Please let us know how this version runs on your machine
www.wilderssecurity.com
We're slowly releasing this new build to our current 947 stable fleet, as there have been a significant number of changes this update won't be auto-update available all at once.
Monitoring telemetry & support will give us an indication of possible issues, and if all looks good we'll migrate more users, of course you are free to download the latest version via provided link if you don't want to wait for the update to show up via the auto-updating mechanism.
Changelog (compared to 975)
Download
- Fixed HWBGuard (Silent) excessive alert reporting, now limited to max 2 alerts per process.
https://dl.surfright.nl/hmpalert3b977.exe
Please let us know how this version runs on your machine
www.wilderssecurity.com
Changelog (compared to 977)
Download
- Fixed Intruder/Safe Browsing compatibly issue introduced by a recent Bitdefender update.
- Improved HeapHeapProtect, improved handing in code and added more whitelisting options to alerts.
- Improved SendKeysGuard, switched the main thumbprint to handle whitelisting more easy.
- Improved HWBGuard (Silent).
- Improved HollowProcess/HWBGuard, to prevent exception pointer abuse.
https://dl.surfright.nl/hmpalert3b979.exe
Please let us know how this version runs on your machine
For those that run in to the XTUService issue, can you please remove the "Suppress Alert" on your setup and keep an eye out if anything has improved in that area?
www.wilderssecurity.com
Now stable:HitmanPro.Alert 3.8.26 Build 979 RC1
HitmanPro.Alert BETA
Weird, did you tweak any settings? and was this installed deliberately or part of an OEM package install? Ronny, can you respond to this post? I think...
www.wilderssecurity.com
Changelog (compared to 979)
https://dl.surfright.nl/hmpalert3b983.exe
- Added UI - EventLog - Clear event data dialog, use right mouse click on "Last events"
- Added UI - EventLog - Show only Suppressed events
- Added UI - EventLog - Copy details to clipboard button
- Added Several code preparations for upcoming changes/additions
- Fixed Exclusions - UWP exclusions browser for Windows 11
- Fixed BSOD - CryptoGuard5
- Improved HeapHeapProtect
- Improved SoftwareRadar - No longer removes UWP Exclusions at startup
- Improved PrivGuard - Now also prints the current and expected userSID's
- Improved Kernel32Trap
- Improved SyscallX64
Please let us know how this version runs on your machine
www.wilderssecurity.com
www.wilderssecurity.com
