pablozi

Level 22
Verified
Joined
Jun 14, 2011
Messages
1,186
#1
Surprise... Due to overwhelming feedback on the Private CTP1 build we decided to make the CTP2 release a Public Beta!

In order to keep the BETA and CTP feedback separated from the Support and Discussion thread we created this new thread dedicated to discuss BETA and CTP builds. Otherwise people might think reported issues in the BETA and CTP builds are also in the stable releases.

We need your feedback to make sure the new HitmanPro.Alert mitigations run alongside other security products.

New Features in version 3.7
  • Real-time Anti-Malware
    Works with the HitmanPro cloud.

  • Credential Theft Protection
    Preventing theft of authentication passwords and hash information from memory, registry and disk. Prevents Mimikatz-style attacks.

  • Local Privilege Guard
    Prevents exploits of the operating system kernel. Prevents an attacker from using the privilege information of another process.

  • Code Cave mitigation
    Stops backdoors in trusted code.

  • Sticky Keys mitigation
    Prevents misuse of the Microsoft sticky key feature. Usually used by attackers to gain persistence.

  • Asynchronous Procedure Call (APC) mitigation
    Stops code injection via APC (ex. DoublePulsar and Atom Bombing attack).

  • Application Verifier mitigation
    Prevents misuse of the Application Verifier feature of Windows (eg. Double Agent attack).

  • Malicious Process Migration
    Detects remote reflective DLL injection used to move laterally between processes.

Changelog (compared to CTP1)
  • Added DoublePulsar detection to APC mitigation
  • Added Compatibility with QEMU/KVM hypervisor
  • Improved Anti-Malware component
  • Improved CodeCave mitigation
  • Improved Local Privilege Guard mitigation
  • Improved Asynchronous Procedure Call (APC) mitigation
  • Improved DLL injection respects Trustlets
  • Improved CryptoGuard 4.9
  • Improved Installer
  • Fixed CodeCave false positives
  • Fixed PrivGuard false positives
  • Fixed APCViolation false positives
  • Fixed BSOD installing Alert in QEMU/KVM
  • Fixed BSOD caused in minifilter (introduced since 701)
  • Fixed iTunes compatibility
  • Fixed Compatibility with Steam Apps
  • Fixed typo in German translation Offene Browser
Notes
  • Do NOT run this build on production environments. This is BETA software.
  • This build has Microsoft co-signed drivers.
  • This build triggers a PrivGuard false positives when running Sandboxie sandboxed processes. We are looking into this and aiming to get this fixed as soon as possible.
Download
http://test.hitmanpro.com/hmpalert3b708.exe

Make sure to report the Technical Details of a potential false positive.
If you hit a compatibility issue, make sure you mention which version of Windows you are running and what security products you have installed.

Happy testing and let us know how this build runs on your computer in this brand new thread :thumb:
 

mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,708
Operating System
Windows 10
Antivirus
Kaspersky
#2
finally, nice.
is someone planning to test it on malware samples section?
 
Likes: harlan4096

pablozi

Level 22
Verified
Joined
Jun 14, 2011
Messages
1,186
#5
HitmanPro.Alert 3.7 Build 709 CTP3

This build addresses a few minor issues in CTP2.

Changelog (compared to 708 )
  • Added Sandboxie compatility to Local Privilege Guard (PrivGuard)
  • Fixed HitmanPro/Sophos Clean triggering Credential Theft Protection (CredGuard)
  • Fixed driver did not properly keep track of injection and whitelisting
  • Fixed driver did not properly stop when installing only the anti-ransomware component
Notes
This build uses Microsoft co-signed drivers.

Download
http://test.hitmanpro.com/hmpalert3b709.exe
 

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#7
I hope they release the final version before I win a key in giveaways:p:p:p
The current Giveaway is only for Hitman Pro and not the "Alert"
If you buy Hitman Pro Alert, the HMP scanner will activate with the same key,
I don't think the HMP scanner key will activate HMP.A though. I hope I said that clearly lol.
We can ask @Erik Loman and see what he says.
 

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#8
Has been a nightmare blocking everything, Instead of improving, is a vaginal crab.
Everything is detected as an exploit attack. And the worst of it, Is the error between Hp and hpa Scanner.
Can not work together, Due to a mismatch hook between the 2.
I have noticed this too, it was not reacting to a HMP scan, but for some reason it is again.
HMP_Scan_Error.png

Is this what your seeing too ?
@Erik Loman
Windows 10 x64
Winver.png
 

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#11
The scanner still works, but it is annoying, they will fix it.
Thanks for posting that you have the issue too, what version of Win10 are you on ?
knowing that will help them sort it faster.
 

erreale

Level 7
Content Creator
Verified
Joined
Oct 22, 2016
Messages
331
Operating System
Windows 10
Antivirus
Kaspersky
#13
The scanner still works, but it is annoying, they will fix it.
Thanks for posting that you have the issue too, what version of Windows 10 are you on ?
knowing that will help them sort it faster.
Windows 10 Creators Update 1703
 
Likes: _CyberGhosT_

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#14
He is so poorly adjusted, That even lock me diskpart, sfc scannow, dism
Windows disk tools, even defragmenters.
I did not want to offer it to any colleague or company for the same reason.
What version of Windows are you on ?
in your search bar type this and take a SS of the windows version: "winver.exe" without the quotes
see:
Winver2.png

He will need more than just "1703"
 

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#15
I reported it over at the HMP.A beta thread and let him know that I tagged him here at MalwareTips, so he will visit when he gets the message.
If I remember correctly, Disabling CredGuard will solve this issue for now, till
they can resolve it altogether.
EDIT: I can confirm that disabling CredGuard will resolve it for now.
 
Last edited:

_CyberGhosT_

Level 53
Content Creator
Verified
Joined
Aug 2, 2015
Messages
4,224
Operating System
Windows 10
Antivirus
#16
Thanks CYBERGHOST_t
So that's the error. I'm going to deactivate it immediately.
too i need to know about how to unbann the locks process detected as attacks.
I don't want to uninstall HMPA. because Is the only way for my processes to work again.
If I understand you correctly, you don't have to Unlock HMP just turn off CredGuard, seen here:
With the "white" box around it, and reboot, and you should be ok
HMPA_SS2.png
 
Likes: BugCode
Joined
Jun 8, 2017
Messages
2
Operating System
Windows 10
Antivirus
Comodo
#17
CTP3 + East-Tec Eraser (newest version) dont like each other. I'm not sure if its enough info I post here. If you need more (logs or whatever), please tell me and I do my best to provide all you need.

C:\Program Files (x86)\east-tec Eraser\etEraser.exe

CryptoGuard

Mitigation CryptoGuard Platform 10.0.15063/x64 v709 06_4e PID 9624 Application C:\Program Files (x86)\east-tec Eraser\etEraser.exe Description east-tec Eraser 12.9.5 Filename C:\Program Files (x86)\east-tec Eraser\etEraser.exe C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-pro-see-in-action-1-en[1].png C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-pro-box[1].png C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-logo[1].png WBH 2e1f18161d0e13100e1e241a1f1a0e13100e1e24 Process Trace 1 C:\Program Files (x86)\east-tec Eraser\etEraser.exe [9624] 2 C:\Program Files (x86)\east-tec Eraser\etRiskMonitor.exe [9136] 3 C:\Windows\System32\svchost.exe [1408] c:\windows\system32\svchost.exe -k netsvcs -s Schedule 4 C:\Windows\System32\services.exe [928] 5 C:\Windows\System32\wininit.exe [808] wininit.exe Thumbprint b2833aef8187f8e4c40346dbf04bb0c36bed3bae8f75f44c169aeb793ffac6db
 

XhenEd

Level 27
Content Creator
Verified
Joined
Mar 1, 2014
Messages
1,674
Operating System
Windows 10
Antivirus
#18
CTP3 + East-Tec Eraser (newest version) dont like each other. I'm not sure if its enough info I post here. If you need more (logs or whatever), please tell me and I do my best to provide all you need.

C:\Program Files (x86)\east-tec Eraser\etEraser.exe

CryptoGuard

Mitigation CryptoGuard Platform 10.0.15063/x64 v709 06_4e PID 9624 Application C:\Program Files (x86)\east-tec Eraser\etEraser.exe Description east-tec Eraser 12.9.5 Filename C:\Program Files (x86)\east-tec Eraser\etEraser.exe C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-pro-see-in-action-1-en[1].png C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-pro-box[1].png C:\Users\MyName MyFirstName\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ARUTQZB4\heimdal-logo[1].png WBH 2e1f18161d0e13100e1e241a1f1a0e13100e1e24 Process Trace 1 C:\Program Files (x86)\east-tec Eraser\etEraser.exe [9624] 2 C:\Program Files (x86)\east-tec Eraser\etRiskMonitor.exe [9136] 3 C:\Windows\System32\svchost.exe [1408] c:\windows\system32\svchost.exe -k netsvcs -s Schedule 4 C:\Windows\System32\services.exe [928] 5 C:\Windows\System32\wininit.exe [808] wininit.exe Thumbprint b2833aef8187f8e4c40346dbf04bb0c36bed3bae8f75f44c169aeb793ffac6db
That's expected. The dev would say that CryptoGuard is working as intended.

What is recommended with any "secure delete" software is to temporarily disable CryptoGuard when doing the secure deletion. :)
 
Likes: _CyberGhosT_
Joined
Jun 8, 2017
Messages
2
Operating System
Windows 10
Antivirus
Comodo
#19
Okay, you are right. Makes sense that it detects the crypto task.

Maybe its interesting to somebody:

Zemana AntiLogger Privacy guard dont work...well you can activate it, but keyboard isnt working with both. I guess its because of key stroke encryption. Hitman+Zemana is encrypting key strokes.

And: I installed the newest Bitdefender (the giveaway for german IPs). When I start a scan wit Bitdefender, HitmanPro detects a harmful thread. I can provide more Info when I arrive at home.

cheers
 

pablozi

Level 22
Verified
Joined
Jun 14, 2011
Messages
1,186
#20
HitmanPro.Alert 3.7 Build 710 CTP4

This build focuses on improvements on code injection and related fail-safe mechanisms. Additional UI elements for Anti-Malware exclusions are on our roadmap.

Changelog
  • Added code injection fail-safe mechanisms
  • Improved Anti-Malware performance (changed from on-access to on-execute)
  • Improved APC Mitigation
  • Improved path translation for thumbprints
  • Fixed detection of Protected Processes and Trustlets
  • Fixed Local Privilege Guard (PrivGuard) mitigation on Windows XP
  • Fixed Windows XP support was broken since build 708
Notes
This build has Microsoft co-signed drivers.

Download
http://test.hitmanpro.com/hmpalert3b710.exe