HitmanPro.Alert BETA

I'm just a self-taught luddite who prefers to use his mouse as much as possible. Kinda lazy that way.

At least you worked out what the cause is.

 

Hi m0unds,
This doesn't reproduce on our end, can you send me a DM or open a new ticket on support@hitmanpro.com so we can have a look?
Please provide step-by-step instructions on how to reproduce as it sounds like a specific setup issue.

 

been suddenly getting a lot of what seem to be self generated CredGuard attack alerts on 3.7.9 775.

turned off credguard for the time being, not sure if anyone else has seen the same?

 

Also some CredGuard-alerts recently. HmP. Alert 773/775.

 

Please disable the SAM protection, we'll remove that from the next build anyway.

 

@RonnyT
I sent you a PM, please check it

 

HitmanPro.Alert 3.7.9 Build 777 Release Candidate

Changelog (compared to build 775)

• We've switched from audit to termination of malicious software that violate our novel signature-less heap memory protection: Heap Heap Protect. This means that rampant malware like Emotet, Dridex, BitPaymer and other families can now be stopped based on the threat's runtime memory allocation behavior caused by multi-layer obfuscation and packing techniques to bypass machine learning (ML) and AV checking. It also universally blocks active multi-stage backdoors employed in supply chain attacks embedded in trusted applications, like the CCleaner incident.
  
• In addition, HitmanPro.Alert is now observing threats that allocate heap memory into other processes.
  
• Improved Enforce DEP (Data Execution Prevention) as it previously did not set a flag correctly.
• Classified more trusted binaries as LOLbin (Living-of-the-Land binary), which means attackers cannot abuse them in attacks via Browsers and productivity applications.
  
• Improved handling of crashing application as they could previously trigger one or more exploit mtigations (i.e. KiUserExceptionDispatcher on Windows 10 was not correctly recognized).
• Fixed compatibility with Windows Vista.
  
• Fixed some false positives occuring in the Firefox web browser, which were caused by our hardware assisted ROP mitigation that employs Last Branch Record (LBR) in Intel microprocessor hardware. On Firefox version 57 and up, HitmanPro.Alert will no longer enforce control-flow integrity using hardware registers.
  
• Fixed a bug in the Code Cave mitigation involving a NOP sled that inadvertently could overwrite code placed by a third party security application.
• Fixed another conflict with Universal Windows Platform (UWP) applications and our Code Cave mitigation, when running HitmanPro.Alert alongside F-Secure / Ziggo Internetbeveiliging / KPN Veilig.

Download
http://test.hitmanpro.com/hmpalert3b777.exe

Please let us know how this version runs on your machine. Thanks!

 

Also here: Win 10 x64 Pro v1809 17763.379

 

No problems upgrading/updating build 777 RC.

Win10 1809 build 17763.379 x64/Norton Security v22.17.0.183

 

The problem is the same as at the previous version. Windows 10 Pro 64bit version1809 build 17763.379. JDownloader is a download manager, written in Java. jdownloader.org/download/index

 

If you reboot the machine and run JDownloader again, does it still say not protected?

 

No problems here with 777 on Win7.

 

Yes, it still say not protected!



This was already the case with the previous version too (version 3.7.9 build 775), as I wrote earlier.

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-613#post-2814355

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-613#post-2814552

 

What about the Alt+ Tab issue?

It is still persistent for me. Even after new computer + keyboard. That's the only reason I can not buy HMPA...

 

I just upgraded from Build 775 to 777 RC and everything is running well.

 

I just received this alert while trying to install the Google Toolbar in IE11 on my Win10 x64 1809 machine.

 

No problems upgrading/updating build 777 RC, on Windows 10Pro (64bits) 1809

 

W7-x64-Pro: Installed build 777 RC over build 775, Up till now no issues what so ever.

 

Do you have to have a paid license to beta test HMPA? I use to beta test HMPA a few years ago, and the last couple of times I installed HMPA using the trial option it said my license had expired. I have never installed HMPA on this image since reformating so i'm not sure why it was saying that. The last couple of time that it happened I ended up rolling my computer back.

 

HMP.A is now linked to your hardware. Even a clean install of Windows will pick up if you have a license or not. If that machine has had a trial I imagine that the trial expired and this is picked up too now.

 

Oh, ok I suspected that it might be something like that. Thank you for letting me know!

 

You're welcome.

The Loman's used to offer free licenses to those who beta tested Alert in the past. I'm not sure if that offer is still available now since they sold out to Sophos, but it might be worth sending a PM to Erik or Mark anyway. You've got nothing to lose.Good luck!

 

Thanks for the advice! They gave me a license when I first started testing HMPA, but I think it was for only a year. HMPA was not compatible with other security software I had been using for years so it limited my ability to test. I'm pretty sure that's not a problem now, but I hate asking for anything. I will just wait until I can afford to buy a license. Thanks!

 

Works for me, any reason your running 32bit version of JDownloader on top of 64 bit Java and Windows? maybe the issue is related to that.
I'd opt for the 64 bit version.