HitmanPro.Alert Updates

plat

plat

Level 29
Verified
Top Poster
Well-known
Sep 13, 2018
1,822
Hmm, I see Alert has protection against wiper malware now. That's impressive, but is it so worrisome for an "average" Home user?

I still see this kind of attack as very specialized, for those who are likely to be targeted in some way--esp. if closer to the frontlines in the Ukraine/Russia conflicts.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: BryanB, ng4ever, Nevi and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.12 Build 943 Released
Changes (compared to build 923):
  • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
  • Added protection against cloning of LSASS process to Credential Theft Protection
  • Added support for ReFS file system to CryptoGuard
  • Added NOTEPAD.EXE to Office template
  • Added GPT partition support to WipeGuard
  • Added NVMe support to WipeGuard
  • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
  • Added alerting to our protection of sticky key abuse (and other accessibility features)
  • Added EA Digital Illusions CE AB to game detection
  • Improved protection against direct system calls, or SysCall, on 32-bit applications
  • Improved handling of certificates on code-signed applications
  • Improved CookieGuard alert with information about the application certificate, if any, in the alert
  • Improved CookieGuard so it now adds certificate validation information into the alert details
  • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
  • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
  • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
  • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
  • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
  • Change reboot fly-out reminder interval from 1h to 8h
  • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
  • Changed text for Benefits button to Help center
  • Changed Sophos Privacy Notice and Terms of Service
  • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
  • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
  • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
  • Fixed displaying icons of UWP applications
  • Fixed several user interface inconsistencies
  • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
  • Fixed false alarm by CookieGuard if application starts from a RAM-drive
  • Fixed false alarm by HollowProcess on Visual Studio
  • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
  • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
  • Fixed tray icon burning CPU cycles after install
  • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
  • Updated third-party libraries
  • Several other changes under the hood
Download

In the coming days we are automatically updating our users, starting with machines running build 941 tonight.
A big thank you to all participants who helped us test our beta builds! Awesome! (y)
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022) My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Thanks
  • Wow
Reactions: BryanB, silversurfer, Viking and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.21 Build 945 Release Candidate
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe

Please let us know how this version runs on your machine, thanks! (y)
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

Please let us know how this version runs on your machine Lots of failures here: Update failed Uninstall failed (succeeded after yet another reboot)...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: BryanB, Nevi, Zartarra and 4 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.21 Build 945 released
Changelog (compared to 943)
  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b945.exe
Auto-updater is enabled as of now.
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

HMPA - Windows 11 BSOD - after install of KB5013943 (May 10th 2022) My Windows 11 machine starts to BSOD at boot, either intermittent or stuck in a...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: BryanB, Nevi, Zartarra and 6 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.22 Build 947 released:
Changelog (compared to 945)
  • Improved HollowProcess
  • Improved Syscall
  • Improved StackPivot
  • Improved RemoteThreadGuard
  • Improved CryptoGuard 5
  • Fixed rare BSOD's in CryptoGuard 5
  • Fixed HollowProcess incompatibility with PC-Matic/Pitstop
  • Several other changes under the hood
Download
https://dl.surfright.nl/hmpalert3b947.exe
Auto-updater is enabled as of now.
Click to expand...
www.wilderssecurity.com

HitmanPro.ALERT Support and Discussion Thread

"That's All Folks" -- I'm done with SurfRght HMPA Uninstalled SurfRight is dead to me. Not worth the aggravation.
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Thanks
  • Wow
Reactions: BryanB, Nevi, Dolphiner and 6 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.23 Build 951 (BETA) released
Changelog (compared to 947)
  • Improved SendKeyGuard
  • Improved CryptoGuard5
  • Improved HeapHeapProtect
  • Improved StackPivot
  • Improved CookieGuard
  • Improved HollowProcess
  • Several other changes under the hood
SendKeyGuard - mitigation (part of Lockdown) to block macro-borne keystroke injection.
Feature needs to be enabled manually on Office applications (e.g. Word/Excel)

upload_2022-12-23_22-53-25.png

Download
https://dl.surfright.nl/hmpalert3b951.exe

Beware this is a BETA release which hasn't been fully tested (warning: backups, not on production etc).
Please let us know how this version runs on your machine
:thumb:
(y)

On behalf of Team HitmanPro(Alert) we wish you Happy Holidays! and a healthy 2023.
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

@feerf56 You can also suppress the hmp.Alert-alerts using Sandboxie Plus 1.2.0. To suppress an alert click Actions and click Suppress Alert.. [ATTACH]
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: BryanB, Moonhorse, Nevi and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.24 Build 957 (RC1) released:
Changelog (compared to 951)
  • Added HWBGuard, A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now block these breakpoints.
  • Improved AMSIGuard
  • Improved CookieGuard
  • Improved SendKeysGuard now only protects specific predefined applications
  • Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
  • Improved Bitdefender compatibility causing crashing applications on startup after a recent update on their end
  • Fixed BSOD in StickyKeys
  • Several other changes under the hood
Beware this build is signed with a new code-signing certificate by Sophos BV, this might take some 3rd party vendors to have "trust" issues as it's a fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b957.exe

Please let us know how this version runs on your machine (y)
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

HitmanPro.Alert 3.8.23 Build 951 (BETA) Changelog (compared to 947) Improved SendKeyGuard Improved CryptoGuard5 Improved HeapHeapProtect Improved...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Zartarra, BryanB, Dave Russo and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.25 Build 965 (RC1) released:
Changelog (compared to 957)
  • Added Risk Reduction New Process Protection panel
  • Added RDPGuard Icon under Risk Reduction button
  • Improved CiGuard
  • Improved PrivGuard
  • Improved CryptoGuard5
  • Improved HeapHeapProtect
  • Improved APC Game detection
  • Improved HHP Cobal Strike detection
  • Improved DrWeb Compatibility (CallerCheck/SysCall)
  • Improved SendKeyGuard Now specific key combinations can be allowed
  • Improved Lockdown Now allows WMIC GET 'only' commands without interference
  • Fixed Driver BSOD under specific circumstances.
  • Fixed Lockdown Bypass when loading files over UNC paths
  • Removed ReflectiveDLL As it has become obsolete in it's current implementation
  • Several other changes under the hood
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b965.exe

Please let us know how this version runs on your machine (y)
We're planning to promote this build to Stable if results are good in the coming week(s).
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

I have been receiving another alert, this time while using Excel. Every time it is triggered, HMP.A closes Excel on me and I lose some of my work. It...
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
  • Wow
Reactions: Zartarra, silversurfer, gigi64 and 3 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.25 Build 967 (RC2)
Changelog (compared to 965)
  • Improved KeyboardGuard
  • Improved HeapHeapProtect
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b967.exe

Please let us know how this version runs on your machine (y)
We're planning to promote this build to Stable if results are good in the coming week(s).
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

Yes, I was using 957. Also 957.
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: gigi64, Zartarra, silversurfer and 2 others
Zartarra

Zartarra

Level 6
Verified
Well-known
May 9, 2019
294
This afternoon Emsisoft flagged Hitman Pro Alert download- and execution file as malicious. Detection is made by the Bitdefender engine. I opened a call and they submit it to Bitdefender support.

VT:
1700515283475.png
 
  • Like
Reactions: Jonny Quest
Gandalf_The_Grey

Gandalf_The_Grey

Level 74
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,332
HitmanPro.Alert 3.8.25 Build 971 (RC3)
Changelog (compared to 967)
  • Fixed CookieGuard False positive on "chrome.dll"
  • Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
  • Improved KeyboardGuard compatibility with ESET protected browsers
  • Improved HeapHeapProtect tweaked a few things to reduce FP's
Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b971.exe

Please let us know how this version runs on your machine (y)
We're planning to promote this build to Stable if results are good in the coming week(s).
Click to expand...
www.wilderssecurity.com

HitmanPro.Alert BETA

Mitigation CookieGuard. Yes, same issue, issue has been addressed, I expect a new RC early next week. For now disable CookieGuard (during browser startup).
www.wilderssecurity.com www.wilderssecurity.com
 
  • Like
Reactions: Zartarra, Dolphiner, upnorth and 2 others

Similar threads

Techno Mama
    • Like
Need Advice HitmanPro.Alert Beta help needed
Replies
9
Views
2,474
Other security for Windows, Mac, Linux
Techno Mama
Techno Mama
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
HitmanPro.Alert still being developed with new novel mitigations and a beta release soon
Replies
9
Views
2,928
Other security for Windows, Mac, Linux
Kongo
Kongo
Gandalf_The_Grey
    • Like
HitmanPro.Alert 3.8.8 Build 887 Release Candidate
Replies
0
Views
2,196
Other security for Windows, Mac, Linux
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top