HitmanPro.Alert Updates

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,658
Hmm, I see Alert has protection against wiper malware now. That's impressive, but is it so worrisome for an "average" Home user?

I still see this kind of attack as very specialized, for those who are likely to be targeted in some way--esp. if closer to the frontlines in the Ukraine/Russia conflicts.
 

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,047
HitmanPro.Alert 3.8.12 Build 943 Released
Changes (compared to build 923):
  • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
  • Added protection against cloning of LSASS process to Credential Theft Protection
  • Added support for ReFS file system to CryptoGuard
  • Added NOTEPAD.EXE to Office template
  • Added GPT partition support to WipeGuard
  • Added NVMe support to WipeGuard
  • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
  • Added alerting to our protection of sticky key abuse (and other accessibility features)
  • Added EA Digital Illusions CE AB to game detection
  • Improved protection against direct system calls, or SysCall, on 32-bit applications
  • Improved handling of certificates on code-signed applications
  • Improved CookieGuard alert with information about the application certificate, if any, in the alert
  • Improved CookieGuard so it now adds certificate validation information into the alert details
  • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
  • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
  • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
  • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
  • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
  • Change reboot fly-out reminder interval from 1h to 8h
  • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
  • Changed text for Benefits button to Help center
  • Changed Sophos Privacy Notice and Terms of Service
  • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
  • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
  • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
  • Fixed displaying icons of UWP applications
  • Fixed several user interface inconsistencies
  • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
  • Fixed false alarm by CookieGuard if application starts from a RAM-drive
  • Fixed false alarm by HollowProcess on Visual Studio
  • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
  • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
  • Fixed tray icon burning CPU cycles after install
  • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
  • Updated third-party libraries
  • Several other changes under the hood
Download

In the coming days we are automatically updating our users, starting with machines running build 941 tonight.
A big thank you to all participants who helped us test our beta builds! Awesome! (y)
 

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,047
HitmanPro.Alert 3.8.21 Build 945 Release Candidate
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe

Please let us know how this version runs on your machine, thanks! (y)
 

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,047
HitmanPro.Alert 3.8.21 Build 945 released
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe
Auto-updater is enabled as of now.