HitmanPro.Alert Updates

plat

plat

Level 28
Verified
Top Poster
Well-known
Sep 13, 2018
1,794
Hmm, I see Alert has protection against wiper malware now. That's impressive, but is it so worrisome for an "average" Home user?

I still see this kind of attack as very specialized, for those who are likely to be targeted in some way--esp. if closer to the frontlines in the Ukraine/Russia conflicts.
 
  • Like
  • +Reputation
Reactions: ng4ever, Nevi, dinosaur07 and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,773
HitmanPro.Alert 3.8.12 Build 943 Released
Changes (compared to build 923):
  • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
  • Added protection against cloning of LSASS process to Credential Theft Protection
  • Added support for ReFS file system to CryptoGuard
  • Added NOTEPAD.EXE to Office template
  • Added GPT partition support to WipeGuard
  • Added NVMe support to WipeGuard
  • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
  • Added alerting to our protection of sticky key abuse (and other accessibility features)
  • Added EA Digital Illusions CE AB to game detection
  • Improved protection against direct system calls, or SysCall, on 32-bit applications
  • Improved handling of certificates on code-signed applications
  • Improved CookieGuard alert with information about the application certificate, if any, in the alert
  • Improved CookieGuard so it now adds certificate validation information into the alert details
  • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
  • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
  • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
  • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
  • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
  • Change reboot fly-out reminder interval from 1h to 8h
  • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
  • Changed text for Benefits button to Help center
  • Changed Sophos Privacy Notice and Terms of Service
  • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
  • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
  • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
  • Fixed displaying icons of UWP applications
  • Fixed several user interface inconsistencies
  • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
  • Fixed false alarm by CookieGuard if application starts from a RAM-drive
  • Fixed false alarm by HollowProcess on Visual Studio
  • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
  • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
  • Fixed tray icon burning CPU cycles after install
  • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
  • Updated third-party libraries
  • Several other changes under the hood
Download

In the coming days we are automatically updating our users, starting with machines running build 941 tonight.
A big thank you to all participants who helped us test our beta builds! Awesome! (y)
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022) My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Thanks
  • Wow
Reactions: silversurfer, Viking, plat and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,773
HitmanPro.Alert 3.8.21 Build 945 Release Candidate
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe

Please let us know how this version runs on your machine, thanks! (y)
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

Please let us know how this version runs on your machine Lots of failures here: Update failed Uninstall failed (succeeded after yet another reboot)...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Zartarra, MacTwig and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,773
HitmanPro.Alert 3.8.21 Build 945 released
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe
Auto-updater is enabled as of now.
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022) My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Nevi, Zartarra, Dolphiner and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,773
HitmanPro.Alert 3.8.22 Build 947 released:
Changelog (compared to 945)
  • Improved HollowProcess
  • Improved Syscall
  • Improved StackPivot
  • Improved RemoteThreadGuard
  • Improved CryptoGuard 5
  • Fixed rare BSOD's in CryptoGuard 5
  • Fixed HollowProcess incompatibility with PC-Matic/Pitstop
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b947.exe
Auto-updater is enabled as of now.
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

"That's All Folks" -- I'm done with SurfRght HMPA Uninstalled SurfRight is dead to me. Not worth the aggravation.
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Thanks
  • Wow
Reactions: Nevi, Dolphiner, Zartarra and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,773
HitmanPro.Alert 3.8.23 Build 951 (BETA) released
Changelog (compared to 947)
  • Improved SendKeyGuard
  • Improved CryptoGuard5
  • Improved HeapHeapProtect
  • Improved StackPivot
  • Improved CookieGuard
  • Improved HollowProcess
  • Several other changes under the hood
SendKeyGuard - mitigation (part of Lockdown) to block macro-borne keystroke injection.
Feature needs to be enabled manually on Office applications (e.g. Word/Excel)

upload_2022-12-23_22-53-25.png

Download
https://dl.surfright.nl/hmpalert3b951.exe

Beware this is a BETA release which hasn't been fully tested (warning: backups, not on production etc).
Please let us know how this version runs on your machine
:thumb:
(y)

On behalf of Team HitmanPro(Alert) we wish you Happy Holidays! and a healthy 2023.
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

@feerf56 You can also suppress the hmp.Alert-alerts using Sandboxie Plus 1.2.0. To suppress an alert click Actions and click Suppress Alert.. [ATTACH]
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Moonhorse, Nevi and harlan4096

Similar threads

Techno Mama
    • Like
Question HitmanPro.Alert Beta help needed
Replies
9
Views
2,213
Other Security for Windows
Techno Mama
Techno Mama
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
HitmanPro.Alert still being developed with new novel mitigations and a beta release soon
Replies
9
Views
2,537
Other Security for Windows
Kongo
Kongo
Gandalf_The_Grey
    • Like
HitmanPro.Alert 3.8.8 Build 887 Release Candidate
Replies
0
Views
2,030
Other Security for Windows
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top