HitmanPro.ALERT Support and Discussion Thread

You can sign up for the beta here
https://home.sophos.com/register/beta
If you participate in the beta, when it goes live you get a free 1 year subscription. You can install the software on up to 10 devices.

 

HitmanPro.Alert 3.7 build 704 CTP1 - PRIVATE

Finally we have a build with major new features! Most new features are located on the orange tile but we have also improved existing mitigations. The executable is still less than 5MB.

Please help us test how these new features fare alongside other security products (compatibility).

New Features

• Real-time Anti-Malware
  Works with the HitmanPro cloud.
  
  
• Credential Theft Protection
  Preventing theft of authentication passwords and hash information from memory, registry and disk. Prevents Mimikatz-style attacks.
  
  
• Local Privilege Guard
  Prevents exploits of the operating system kernel. Prevents an attacker from using the privilege information of another process.
  
  
• Code Cave mitigation
  Stops backdoors in trusted code.
  
  
• Sticky Keys mitigation
  Prevents misuse of the Microsoft sticky key feature. Usually used by attackers to gain persistence.
  
  
• Asynchronous Procedure Call (APC) mitigation
  Stops code injection via APC (ex. Atom Bombing attack).
  
  
• Application Verifier mitigation
  Prevents misuse of the Application Verifier feature of Windows (eg. Double Agent attack).
  
  
• Malicious Process Migration
  Detects remote reflective DLL injection used to move laterally between processes.

Improvements

• Application Lockdown
  Now blocks CVE-2017-0199
  
  
• Increased height of the user interface
  There are now three rows of applications under the tiles
  
  
• 64-bit DLL is now compiled with Intel MPX instructions
  
  
• Various minor improvements

Participate
Please PM me to participate in this (currently) PRIVATE program.
We will open up the program to PUBLIC once we received enough confidence that the new features run fine alongside other security products

 

that's incredible, so you did not raise white flag as theorized on WS!

Seriously, keep up the good work (i'll PM you ASAP)

 

This new version sounds so promising, really nice to see real time malware protection with the cloud and Local Privilege Guard pushs the exploit protection to another league.

 

As stated in our conversation: please report via PM!

The CredGuard detection of HitmanPro is expected. Consider it a way to verify the mitigation is working. We will update HitmanPro in the near future to no longer violate the mitigation.

 

C000041D means STATUS_FATAL_USER_CALLBACK_EXCEPTION.

Do you have a dump by any chance?

 

Sophos is keeping our team very busy with additional products as HitmanPro and HitmanPro.Alert are being put into everything:

Sophos Intercept X - Central Managed from Cloud
https://www.sophos.com/en-us/press-office/press-releases/2016/09/sophos-launches-intercept-x.aspx

Sophos Endpoint Protection (EXP) - Central Managed On-Premise with Enterprice Console (SEC)

Sophos Server Protection - CryptoGuard for Servers
https://www.sophos.com/en-us/press-...n-anti-ransomware-cryptoguard-technology.aspx

Sophos Home Premium
https://home.sophos.com/register/beta

Sophos Clean
https://www.sophos.com/en-us/press-...troduces-enterprise-malware-removal-tool.aspx

Each of the above also come with specific additions/changes to HMP/HMPA to support each product environment (all these changes/additions are in the regular hmpalert.exe). And don't forget the above comes with many meetings and management overhead (it works a little bit different when working in a big company).
Lastly, we have built a completely new scriptable tester to test/trigger the various mitigations in HMPA.

The net result is SurfRight contributed to moving Sophos significantly in Gartner's Magic Quadrant for Endpoint Protection Platforms:
https://www.sophos.com/en-us/press-...17/02/gartner-2017-magic-quadrant-report.aspx




While we also try to maintain our existing HitmanPro/HitmanPro.Alert user base we work hard to improve the product. We finally found the time to work and finish the new features and improvements.

We seek once again help from YOU, the Wilders members to iron out the (compatibility) problems before we can release.

SurfRight is 7 engineers, 2 support ladies and 1 manager.

 

I have sent you PM , because I want to participate in the beta program. @erikloman

 

I have sent the PM and waiting my ticket

 

Sent PM

 

What a surprise (after 4-5 weeks of silence)

 

HitmanPro.Alert 3.7 build 704 CTP1 – PRIVATE

I have sent you PM, because I want to participate in the beta program. @erikloman

 

I request the feature of a tray icon that changes when Silent Audit mode is enabled. It should visually indicate that

 

+1.

Have requested to participate in build 704 CTP1 - should be a good test for compatibility on my primary machine .

 

We will put this on our TODO list!

 

If I'm permitted I could post some screenshots from the changes but I'm unsure because it's closed beta test and it might get a change.

 

you can't post infos publicly, all observations has to be sent to the Loman's brothers via PM; private = closed

@erikloman PM sent

 

PM request sent

 

I have also requested to participate. I will be testing the new software in conjunction with Kaspersky.
Just in general, what is the view among participants in this thread on other anitvirus/malware software? I have been on and off using Kaspersky Internet Security Suite. Sometimes updates come by for KIS that hinder some of my other software and I revert back to the basic Defender software in Windows 10. As I still have a valid license for Kaspersky, I always come back installing it again within a few weeks, as I question whether I am actually 'safe' with Defender. Currently, I'm torn between renewing the license or just trust in the combination of HMPA and Defender to do the job. What are your views on this?

 

After some really bad experiences with third party AV I won't name, I use the Windows Defender, along with HMPA, VoodooShield and browser extensions like uMatrix or uBlock Origin in Firefox. It's a good, trouble-free combination but I'm not a high risk user. . It's a different story, though, if you currently have an active subscription. My license is still active for the third party AV but I'll have to absorb it, I had to reinstall Windows more than once, even using stable feeds. My choice.

 

@Armadax There were compatibility issues reported. This is expected, anyway. The general recommendation is to exclude each other as soon as possible (e.g. HMP.A should be excluded in KIS, and KIS should be excluded in HMP.A).

Any compatibility issues should be reported, also.

 

I use Windows Defender along with HMPA and MalwareBytes v3, plus various security extensions in Firefox and Chrome. This is a trouble free combination that I feel provides solid protection. It may help to identify what types of threats you're primarily worried about.

 

You not need MalwareBytes v3 when you use HitManPro.Alert. There is no benefit combining them. More isn't better except that you waste PC resources and bandwidth for nothing. Hitman communicates with Azure cloud while MalwareBytes does the same with their own cloud.

Okay.

 

In my opinion, AV (and their suites) are useless remnant of a past age (except for beginners and non-security geeks obviously)...Now we (aware security geeks that lurk on forums like here ^^ ) have better type of softwares at disposition (isolation/virtualization and SRPs/Anti-exe) more effective and lighter than any suites without the hassle of a real-time engine scanning every files you are opening and all the issues/instabilities they spawn (FPs, kernel hooking, heavy resources usage, etc...).