HitmanPro.Alert 3.7.x CTP BETA releases

[enaph]

HitmanPro.Alert 3.7.0 build 721 Release Candidate

Changelog (compared to build 720)

• Improved Code Cave Mitigation.
• Improved Software Radar so it now also scans 'App path' for browsers. This will put Opera under Browsers instead of Office. It now also detects web browser that allow to be installed by less-privileged normal users.
• Improved VBScript God Mode protection on Windows 10 Creators Update (Redstone 2) and newer.
• Improved Control Flow Integrity (CFI) on Windows 10 64-bit.
• Fixed an incompatibility with an Internet Explorer browser plugin from Agricultural Bank of China.
• Fixed an incompatibility with Internet Explorer browser plugins from South Korean SoftForum XecureWeb.
• Fixed an incompatibility between our APC Mitigation, that thwarts e.g. DoublePulsar and AtomBombing code injection, and Avast / AVG on Windows 10 Fall Creators Update only (Redstone 3). This also only affected specific applications installed by the enduser. Note: Requires a secondary update in our cloud before this fix is completely operational. Please allow us until next week to complete this - no further manual update by enduser needed. Most Avast / AVG user wouldn't have noticed this incompatibility issue.
• Fixed real-time protection against prevalent malware (anti-malware) on Windows XP.
• Fixed a BSOD caused by BadUSB Protection, which could occur on specific hardware coming out of sleep.
• Fixed several other minor issues.

Important notices

1. Before uninstalling the existing 7xx build or upgrading to this build, please disable the Block Untrusted Fonts mitigation (which is default disabled). This because we removed the Block Untrusted Fonts mitigation, which is only available on Windows 10. This mitigation relied on a structure in Windows 10 which is no longer supported by Microsoft. More information: https://blogs.technet.microsoft.com...dropping-the-untrusted-font-blocking-setting/
2. Furthermore, to start fresh, we recommend that you uninstall the existing version of HitmanPro.Alert and that you remove this folder from your machine before rebooting: C:\ProgramData\HitmanPro.Alert
3. Credential Theft Protection is now default disabled. If you'd like to enable it, please do, as it protects against Mimikatz and similar attacks. But remember that if you want to make a full system backup of your Windows, you might need to temporarily disable this protection or your backup software may be unable to backup the Windows SAM database. We'll improve this in a future version.

Download
http://test.hitmanpro.com/hmpalert3b721.exe

This version includes drivers co-signed by Microsoft and thus also runs on systems with Secure Boot enabled.

Please let us know how this version runs on your system. Thanks!

 

[shmu26]

Was the issue with blocked Windows updates solved?

 

[shmu26]

Anyone else have a problem with Chrome loading very slow, and some extensions crashing?
I am also running AppGuard. I made all possible exceptions.

 

[aragornnnn]

Anyone else have a problem with Chrome loading very slow, and some extensions crashing?
I am also running AppGuard. I made all possible exceptions.

same problem here, start button not working or very slow... explorer very very slow, Chrome takes ages to open and so on...
I removed HitmanPro.Alert and now everything works fine

 

[shmu26]

same problem here, start button not working or very slow... explorer very very slow, Chrome takes ages to open and so on...
I removed HitmanPro.Alert and now everything works fine

Yeah, unfortunately, uninstalling HMPA is very healthy for system performance and stability.

 

[shmu26]

Anyone else have a problem with Chrome loading very slow, and some extensions crashing?
I am also running AppGuard. I made all possible exceptions.

I tried it again, and this time, no prob with Chrome. Don't know why.

 

[Durden]

I had it installed for over a month , during that time I noticed some real hit in response time especially while browsing the web ;page reloading time; and while loading videos.
y/d I uninstalled it and everything is smooth again. this is a gaming laptop with some top-end hardware, it's shouldn't affect it like that. I was running it alongside Emsisoft AM and Adguard for windows.
I'm not giving up on it, I like it, maybe I'll try it again after the update.

 

[enaph]

HitmanPro.Alert build 723 Release Candidate

Screenshot

Changelog (compared to build 721)

• Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
• Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
  
• Improved Credential Theft Protection by separating LSASS (memory) and SAM protection (disk and registry).
  LSASS memory protection is now enabled by default. SAM protection (disk and registry) is optional, meaning it is disabled by default to allow system backups. We recommend you to enable the protection of the SAM database (Security Account Manager) from the Credential Theft Protection mitigation so its structures in the Windows Registry and local disk are shielded against dumping.
• Improved Code Cave mitigation.
• Improved Import Address Table Address Filtering (IAF) mitigation.
• Improved logging to the Windows Event Log from the Anti-Malware mitigation.
• Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
  
• Fixed generation of Thumbprints for the Credential Theft Protection module with regard to catalog signed files.
• Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
• Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
  
• Fixed a rare BSOD caused by the Anti-Malware mitigation.
• Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
• Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.

Unless mentioned otherwise, from now on all our builds contain drivers co-signed by Microsoft so they also works on machines with Secure Boot enabled.

Download
http://test.hitmanpro.com/hmpalert3b723.exe

Please let us know how this build runs on your machine. All users running a 7xx beta build are currently automatically updated. Users running build 604 are expected to receive an automatic update early next week (no exact date yet).

Thanks everybody!

 

[Sunshine-boy]

Can Someone, please report these FPs to HMPA developer?I can't comment on Wilders.
Here HMPA blocked Hmp:

Mitigation CredGuard

Platform 10.0.16299/x64 v738 06_2a
PID 9016
Application C:\Users\Sunshine\Desktop\hitmanpro_x64.exe
Description HitmanPro 3.8

\REGISTRY\MACHINE\SAM\

Process Trace
1 C:\Users\Sunshine\Desktop\hitmanpro_x64.exe [9016]
2 C:\Windows\explorer.exe [4164]
3 C:\Windows\System32\userinit.exe [4140]

Here blocked one of Nirsfot tools for no reason:

Mitigation Lockdown

Platform 10.0.16299/x64 v738 06_2a
PID 2340
Application C:\Windows\explorer.exe
Description Windows Explorer 10

Filename C:\Users\Sunshine\Desktop\New folder (4)\SimpleWMIView.exe
Created By C:\Program Files\PeaZip\res\7z\7z.exe

Command line:
"C:\Users\Sunshine\Desktop\New folder (4)\SimpleWMIView.exe"

Process Trace
1 C:\Windows\explorer.exe [2340]
explorer.exe

2 C:\Windows\System32\winlogon.exe [780]
winlogon.exe

Thumbprint
2f95d1c12070140509a620a22880dc52c1fb5b4e6678d154615a73241e0d18b8


Fp related to my beloveD Telegram:
Mitigation Lockdown



Platform 10.0.16299/x64 v738 06_2a
PID 2712
Application C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Updater.exe
Description Telegram Desktop Updater 1.2.14

Filename C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Updater.exe
Created By C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Telegram.exe


Process Trace
1 C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Updater.exe [2712]
"C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Updater.exe" -update -exename "Telegram.exe"
2 C:\Users\Sunshine\Desktop\New folder\Telegram Desktop\Telegram.exe [7928]
3 C:\Windows\explorer.exe [668]

Thumbprint
aa989e0a0e8410ca3fe0380ccc2586dcf95064d115487913b6278bc141b5802a

I Also found that hitman pro alert keystroke encryption doesn't work for browser inside the Sandboxie! probably bug?
I couldn't solve any of these issues i even exclude them from Hmpa but the same issue.

version 3.7.6 build 738

 

[Sunshine-boy]

PPl don't you want to report these FPs to HMPA developer? omg, I have useless friends:/

 

[shmu26]

PPl don't you want to report these FPs to HMPA developer?

Send them an email. It works better if you communicate with them directly, rather than someone posting for you.