HitmanPro.Alert 3 build 90 CTP4

Status
Not open for further replies.
Petrovic

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,356
With each Community Technology Preview (CTP) of HitmanPro.Alert 3 we introduce new features for compatibility testing. CTP1 was our first development release of HitmanPro.Alert 3 wherein we introduced our hardware-assisted exploit mitigations. A few weeks later, with CTP2, we added the ability for users to add and protect custom applications through an easy-to-use Running Applications interface. In CTP3 we enabled our network inspection driver and delivered Network Lockdown for Java applications, while we also expanded support to all Intel Core i3, i5 and i7 processors for our hardware- assisted exploit protection.

With this fourth and last Community Technology Preview (CTP4) we introduce Application Lockdown, Virtual Machine Simulation (part of Activate Vaccination) and a second (default) Simplified User Interface. In addition we applied Network Lockdown not only to Java but also Office applications, while we improved compatibility with applications reported by the security community.

As before, this preview is released here at Wilders Security Forum only.
This preview is NOT to be used in production environments.



Release Notes
  • Added Application Lockdown feature to Exploit Mitigations’ code mitigations, which enables safe use of protected applications while preventing high risk actions. If attackers successfully bypass sandbox, memory and other code mitigations, they still cannot introduce and run new executables, or manipulate the Windows Registry to run malicious code. For example, because Microsoft Word is designed to write documents, it can no longer be abused to abnormally download, create and run binaries – Alert blocks this inappropriate behavior, effectively stopping attackers from executing malicious payloads. Application Lockdown also affects attacks that abuse e.g. macros in Office documents to hoist in malware via phishing emails.
  • Added Virtual Machine Simulation to Active Vaccination. This new feature adds to our Debugger Simulation and are both designed to make VM-aware malware believe it is attacking a virus research sandbox/honeypot, which causes it not to infect the machine and self-terminate. Vaccination turns malware’s own defenses against itself.
  • Added Minimize button to the installer and main user interface.
  • Added Simplified User Interface, which is now the default interface. Users can use the new Settings menu, next to the new Minimize window button, to reveal the Advanced Interface. The simplified user interface also warns users when important features are disabled or when the computer needs to be scanned for malware.
  • Added Network Lockdown to Office applications, including PDF programs like Acrobat Reader. This helps to stop attackers from establishing a command-and-control connection. The Network Lockdown setting can be found by clicking on the orange Security tile.
  • Added registry protection to prevent illegal registry data. This feature is part of Vaccination and blocks e.g. the persistent Poweliks malware, which is diskless and lives in the registry.
  • Added automatic activation of the trial license so Exploit Mitigations, Vaccination and Hollow Process protections are automatically enabled after installation.
  • Improved performance of Control-Flow Integrity (CFI) technology, which blocks ROP attacks by analyzing on-chip branch-traces (inside Intel® processor hardware).
  • Improved Java (Network) Lockdown compatibility with legitimate applications like Cisco ADSM. Java (Network) Lockdown is now part of Network Lockdown.
  • Improved Keystroke Encryption which now offers dependable performance.
  • Improved detection of installed web browsers by the Software Radar.
  • Fixed a 32-bit stack traversal corner-case condition that affected Intuit QuickBooks.
  • Fixed a compatibility problem with Windows 8.0.
  • Fixed a compatibility issue with Microsoft Office 2007.
  • Fixed a problem with orphaned browser plugins, e.g. Silverlight (agcp.exe) when closing Netflix in the browser.
  • Fixed a compatibility issue with Steam games installed on non-default path.
  • Fixed a compatibility issue with AdwCleaner.
  • Added Anti-VM test to the Exploit Test Tool (32-bit). This test can be used to trigger the Active Vaccination feature of HitmanPro.Alert 3. The used technique is identical to how 99% of all VM-aware malware evade sandboxes.
  • Enabled the Updater. When there is a new version, the user interface will notify you.
Known Issues
  • Webcam Notifier works with webcams that use the Windows usbvideo.sys driver. Webcams using vendor specific drivers are currently not supported.
  • The checkbox ‘Show border around applications’ under ‘Safety notification’ is currently checked and locked on purpose.
  • HitmanPro.Alert 3 is currently not compatible with Sandboxie on Windows Vista 32.
  • Sandboxie and Norton (Internet) Security can interfere with the drawing of the notification border around protected applications.
  • Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
  • The Export Address Table Access Filtering (EAF) module of Microsoft EMET 5.0 is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible. Microsoft EMET 4.1 Update 1 is fully compatible with HitmanPro.Alert 3.
  • Malwarebytes Anti-Exploit is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible
Download
http://test.hitmanpro.com/hmpalert3ctp4.zip

HitmanPro.Alert 3 supports Windows XP Service Pack 3, Windows Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 Technology Preview.

Note: This preview is NOT to be used in production environments.
Source
 
  • Like
Reactions: silversurfer, gin, Av Gurus and 1 other person
Av Gurus

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
This is not final product yet or...?
 
FleischmannTV

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
This is not final product yet or...?
Click to expand...

No, CTP4 stands for Community Technology Preview 4. There will be a release candidate after CTP4 and before the final release.
 
  • Like
Reactions: Av Gurus
Welldone

Welldone

Level 5
Verified
Dec 29, 2012
235
HitmanPro.Alert 3 CTP4 build 92

Download link: http://test.hitmanpro.com/hmpalert3b92.zip
In an effort trying to find the cause of the BSOD,found a problem resulting the Alert service to crash (and restart). This crash may lead to slowdown when starting a new process.
While the crash of the service is not the root cause of the reported BSOD, it may still be the trigger for the BSOD to occur.

Also fixed a bug where disabling mitigation is not remembered between reboots
Click to expand...

Edit:
Download link corrected now,previously it lead to download of build 91 :D
 
Last edited:
  • Like
Reactions: Av Gurus
Status
Not open for further replies.

Similar threads

bjm_
    • Like
    • Hundred Points
New Update Sandboxie-Plus 1.14.7, 1.14.8
Replies
1
Views
257
Sandboxie
Bot
Bot
Brownie2019
    • Like
    • Thanks
Unlimited Giveaway iObit Driver Booster 12 PRO free for 3 month
Replies
2
Views
2,085
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
bjm_
    • Like
New Update Sandboxie-Plus 1.15.0, 1.15.1 - Pre-release
Replies
2
Views
227
Sandboxie
bjm_
bjm_

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top