Update HitmanPro.Alert 3.7.x CTP BETA releases

Discussion in 'HitmanPro (Sophos)' started by pablozi, May 30, 2017.

  1. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,154
    4,916
    Null Island
    Windows 10
    Default-Deny
    HitmanPro.Alert 3.7.0 build 721 Release Candidate

    Changelog (compared to build 720)
    • Improved Code Cave Mitigation.
    • Improved Software Radar so it now also scans 'App path' for browsers. This will put Opera under Browsers instead of Office. It now also detects web browser that allow to be installed by less-privileged normal users.
    • Improved VBScript God Mode protection on Windows 10 Creators Update (Redstone 2) and newer.
    • Improved Control Flow Integrity (CFI) on Windows 10 64-bit.
    • Fixed an incompatibility with an Internet Explorer browser plugin from Agricultural Bank of China.
    • Fixed an incompatibility with Internet Explorer browser plugins from South Korean SoftForum XecureWeb.
    • Fixed an incompatibility between our APC Mitigation, that thwarts e.g. DoublePulsar and AtomBombing code injection, and Avast / AVG on Windows 10 Fall Creators Update only (Redstone 3). This also only affected specific applications installed by the enduser. Note: Requires a secondary update in our cloud before this fix is completely operational. Please allow us until next week to complete this - no further manual update by enduser needed. Most Avast / AVG user wouldn't have noticed this incompatibility issue.
    • Fixed real-time protection against prevalent malware (anti-malware) on Windows XP.
    • Fixed a BSOD caused by BadUSB Protection, which could occur on specific hardware coming out of sleep.
    • Fixed several other minor issues.
    Important notices
    1. Before uninstalling the existing 7xx build or upgrading to this build, please disable the Block Untrusted Fonts mitigation (which is default disabled). This because we removed the Block Untrusted Fonts mitigation, which is only available on Windows 10. This mitigation relied on a structure in Windows 10 which is no longer supported by Microsoft. More information: https://blogs.technet.microsoft.com...dropping-the-untrusted-font-blocking-setting/
    2. Furthermore, to start fresh, we recommend that you uninstall the existing version of HitmanPro.Alert and that you remove this folder from your machine before rebooting: C:\ProgramData\HitmanPro.Alert
    3. Credential Theft Protection is now default disabled. If you'd like to enable it, please do, as it protects against Mimikatz and similar attacks. But remember that if you want to make a full system backup of your Windows, you might need to temporarily disable this protection or your backup software may be unable to backup the Windows SAM database. We'll improve this in a future version.
    Download
    http://test.hitmanpro.com/hmpalert3b721.exe

    This version includes drivers co-signed by Microsoft and thus also runs on systems with Secure Boot enabled.

    Please let us know how this version runs on your system. Thanks!
     
    Solarquest, venustus, frogboy and 7 others like this.
  2. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Was the issue with blocked Windows updates solved?
     
    Solarquest, XhenEd and lowdetection like this.
  3. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Anyone else have a problem with Chrome loading very slow, and some extensions crashing?
    I am also running AppGuard. I made all possible exceptions.
     
    Solarquest and XhenEd like this.
  4. aragornnnn

    aragornnnn Level 11

    Aug 18, 2016
    524
    6,236
    Warehouse Employee @ Nike ELC Belgium
    Belgium
    Windows 10
    Kaspersky
    same problem here, start button not working or very slow... explorer very very slow, Chrome takes ages to open and so on...
    I removed HitmanPro.Alert and now everything works fine :confused:
     
    Solarquest, XhenEd, venustus and 2 others like this.
  5. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    Yeah, unfortunately, uninstalling HMPA is very healthy for system performance and stability.
     
    aragornnnn and XhenEd like this.
  6. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,269
    13,581
    Utopia
    I tried it again, and this time, no prob with Chrome. Don't know why.
     
    XhenEd likes this.
  7. Durden

    Durden Level 2

    Dec 21, 2013
    93
    346
    BSC in medicine
    Windows 10
    Emsisoft
    I had it installed for over a month , during that time I noticed some real hit in response time especially while browsing the web ;page reloading time; and while loading videos.
    y/d I uninstalled it and everything is smooth again. this is a gaming laptop with some top-end hardware, it's shouldn't affect it like that. I was running it alongside Emsisoft AM and Adguard for windows.
    I'm not giving up on it, I like it, maybe I'll try it again after the update.
     
    shmu26 likes this.
  8. pablozi

    pablozi Level 22
    Trusted

    Jun 14, 2011
    1,154
    4,916
    Null Island
    Windows 10
    Default-Deny
    HitmanPro.Alert build 723 Release Candidate

    Screenshot
    [​IMG]

    Changelog (compared to build 721)
    • Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
    • Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
    • Improved Credential Theft Protection by separating LSASS (memory) and SAM protection (disk and registry).
      LSASS memory protection is now enabled by default. SAM protection (disk and registry) is optional, meaning it is disabled by default to allow system backups. We recommend you to enable the protection of the SAM database (Security Account Manager) from the Credential Theft Protection mitigation so its structures in the Windows Registry and local disk are shielded against dumping.
    • Improved Code Cave mitigation.
    • Improved Import Address Table Address Filtering (IAF) mitigation.
    • Improved logging to the Windows Event Log from the Anti-Malware mitigation.
    • Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
    • Fixed generation of Thumbprints for the Credential Theft Protection module with regard to catalog signed files.
    • Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
    • Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
    • Fixed a rare BSOD caused by the Anti-Malware mitigation.
    • Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
    • Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
    Unless mentioned otherwise, from now on all our builds contain drivers co-signed by Microsoft so they also works on machines with Secure Boot enabled.

    Download

    http://test.hitmanpro.com/hmpalert3b723.exe

    Please let us know how this build runs on your machine. All users running a 7xx beta build are currently automatically updated. Users running build 604 are expected to receive an automatic update early next week (no exact date yet).

    Thanks everybody!
     
Loading...
Similar Threads Forum Date
Update HitmanPro.Alert 3.6.x BETA Releases HitmanPro (Sophos) Jun 9, 2017
Update HitmanPro.Alert 3.6 Build 602 BETA HitmanPro (Sophos) May 30, 2017
Update HitmanPro.Alert 3.6.7 build 601 BETA HitmanPro (Sophos) May 30, 2017