Removed Alert 720 plus the ProgramData folder and installed 721. The Block Untrusted Fonts tile isn't even there any more but had to manually enable BadUSB, and set Vaccination to active for now. Left Credential Theft Protection disabled (at default) for now. Works fine so far w/Sandboxie 5.22 release and IE11. The only thing is being unable to get the HMP scanner to show separately by clicking on the scanner tile, it just shows that little menu. The only feedback you get then is a "scan complete" and green or red on the Alert tile. It would be nice to see the scanner separately in real time.
Followed instructions for installing 721. Left settings on standard as left factory. All is fine. PC boots to Macrium reflect USB unlike 718 and 720. Thank you.
No problems installing (after also deleting Programdata folder). Win 10 Pro x64 v1709 16299.19. Surprised to see No. of alerts is not zeroised though, must be getting that data from elsewhere (Event Viewer?). Can one manually zeroise it?
The alerts are read from the Application log, part of the Windows Event Log. If you want to set the counters to zero, you can clean the Windows Event Log.
It still triggers an alert: Spoiler: CodeCave - Astah installer Mitigation CodeCave Platform 10.0.16299/x64 v721 8f_01 PID 8292 Application C:\Users\sanya\AppData\Local\Temp\is-2VQ9O.tmp\astah-professional-7_2_0-1ff236-jre-64bit-setup.tmp Description Setup/Uninstall Intersectional control flow detected! Process Trace 1 C:\Users\sanya\AppData\Local\Temp\is-2VQ9O.tmp\astah-professional-7_2_0-1ff236-jre-64bit-setup.tmp [8292] "C:\Users\sanya\AppData\Local\Temp\is-2VQ9O.tmp\astah-professional-7_2_0-1ff236-jre-64bit-setup.tmp" /SL5="$608D2,92158849,569856,C:\Users\sanya\Downloads\astah-professional-7_2_0-1ff236-jre-64bit-setup.exe" 2 C:\Users\sanya\Downloads\astah-professional-7_2_0-1ff236-jre-64bit-setup.exe [14332] 3 C:\Windows\explorer.exe [7504] Thumbprint 37a1c59855a4c83de118d54424ab6cf74b1bf93f6de08b0a37bff1e7659618d2 However if I disable CodeCave I can install the program, and once installed I can enable CodeCave and launch the application without issue. Another CodeCave situation: Visual Studio Community 2017 -> Create a new Windows Console Application (C++) and just make a simple Hello World application. Now do CTRL + F5 to run it, causes: Spoiler: CodeCave - Visual Studio Community C++ Console Application Mitigation CodeCave Platform 10.0.16299/x64 v721 8f_01 PID 15328 Application C:\Users\sanya\source\repos\TestCodeCave\Debug\TestCodeCave.exe Description TestCodeCave.exe Process Protection / Code Cave Mitigation: Active code cave detected! Process Trace 1 C:\Users\sanya\source\repos\TestCodeCave\Debug\TestCodeCave.exe [15328] "C:\Users\sanya\source\repos\TestCodeCave\Debug\TestCodeCave.exe" 2 C:\Windows\SysWOW64\cmd.exe [2880] "C:\WINDOWS\system32\cmd.exe" /c ""C:\Users\sanya\source\repos\TestCodeCave\Debug\TestCodeCave.exe" & pause" 3 C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\devenv.exe [9408] 4 C:\Windows\explorer.exe [7504] Thumbprint e6d903dc8fe081f7dc79ecf91e6fe6cb164431777269e2db654e99e00d5757c4
Win 10 Pro x64 v1709 16299.19, HMP.A build 721 beta. Mitigation ROP Platform 10.0.16299/x64 v721 06_45 PID 8120 Application C:\Program Files\Mozilla Firefox\firefox.exe Description Firefox 56.0.2 Callee Type LoadLibrary Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FF841D9966D KernelBase.dll 2 00007FF844AF8508 ntdll.dll 3 00007FF844AE0F56 ntdll.dll __C_specific_handler +0x96 4 00007FF844AF4C3D ntdll.dll __chkstk +0x11d 5 00007FF844A6D1B8 ntdll.dll 6 00007FF844AF3B6E ntdll.dll KiUserExceptionDispatcher +0x2e 7 00007FF8027AAA01 xul.dll cc INT 3 8 00007FF802EFCAAA xul.dll 9 00007FF802EE5F62 xul.dll 10 00007FF802C37D1E xul.dll Code Injection 000002723EE4D000-000002723EE4E000 4KB C:\Program Files\Mozilla Firefox\firefox.exe [14032] 00007FF844AF0000-00007FF844AF1000 4KB 00007FF844AF2000-00007FF844AF3000 4KB 00007FF844AEF000-00007FF844AF0000 4KB 1 C:\Program Files\Mozilla Firefox\firefox.exe [14032] 2 C:\Program Files\Mozilla Firefox\firefox.exe [16456] 3 C:\Windows\explorer.exe [4104] 4 C:\Windows\System32\userinit.exe [4676] Process Trace 1 C:\Program Files\Mozilla Firefox\firefox.exe [8120] "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14032.3.511104922\1068371946" -childID 1 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|92:2|93:1|107:5000|118:0|120 2 C:\Program Files\Mozilla Firefox\firefox.exe [14032] 3 C:\Program Files\Mozilla Firefox\firefox.exe [16456] 4 C:\Windows\explorer.exe [4104] 5 C:\Windows\System32\userinit.exe [4676] Thumbprint 65b08153b6f661f989e3612ad52cf5c1192ecd4df327f9082c26b98b91b224b3
When you run the scan the HitmanPro icon is in the "tray" though it may be hidden. If you double click the icon the usual HitmanPro window with the list of detections will open.
Yes, got it. Actually, this was brought up before, I guess it's just the way it is. You can double-click the scanner tile on the release and get the HMP interface while it's running. Just not in the beta, it seems. No biggie.
From a technical point of view HMPA is superior, but I also feel it causes too many problems, that's why I decided not to install. But for some it won't cause any problems, it also depends on apps and other security tools that are used. But I'm not willing it to risk anything.
Installed RC 721, upgrade over previous one "720" and clean install. I see both zam and cyberghost working fine now. I instead obtain a Error Starting Application for C:\Windows\System32\PrintDisp.exe that is installed with https://www.iceni.com/infix.htm a PDF Editor, looking at the properties of that PE looks like miss any Mitigation Exploit feature, and I added it to exclusion, so far not obtaining any error starting anymore, means that Hitman try to protect it but fail because has no way to protect it, Am I wrong?
W7-x64 Professional: De-installed Build 720 completely, Installed build 721 RC, no issues what so ever!
Installed 721 RC, on Win 10 x64 pro fall creators update. Chrome starts up slowly and fitfully, and some of the extensions crash.
That is strange, because I uninstalled 720 and deleted Programdata, rebooted, installed 721, rebooted - and BadUSB is Enabled.