Heads-up, we're updating everyone to build 3.7.10 Build 785 at the moment. This newer build fixes an issue with CTF Guard in combination with some third-party security products.
Thank you. Does the new build address the issue reported here? (I'm told that it's an HMP issue, but then HMP is part of HMP.A.)
Cool, I didn't even know that so many new protections were added. And I noticed that HMPA stops APC code injection, but what about code injection done by other methods? And will "Hollow Process Mitigation" block process hollowing on ALL processes?
Look in @RonnyT's signature: https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-62#post-2850287
As long as it is not mentioned in the changelog that you need to uninstall the old version prior installing the new version, then you can simply install the new version.
Any news on a new CTP? Also, sometimes HMP.A CPT1 does not start at boot, if I try to open it, it says the service is not running and computer needs to restart. EDIT: Forgot system details. Win10 x64 1809 with AppGuard 6.2
Also waiting on new CTP. (Event List does not open, until I reset Excalibur.db). Incidentally, I don't have your boot start issue, but I am Win10 Pro x64 1903 (18362.356), Emsisoft ++. (Appguard, still 4.4.6.1, currently Off).
I'm also eagerly awaiting a new CTP, but only because I'm a and love seeing new features/forms of protection.
HitmanPro.Alert 3.8.0 Build 849 Community Technology Preview 2 (CTP2) Changelog (compare to Community Technology Preview 1) Added Added CTF Guard under Risk Reductions > Process Protection. This new mitigation validates CTF protocol callers and is ported over from GA builds 785-789 (since August 23). This new system-level exploit mitigation protects against abuse of the undocumented Windows CTF protocol as mentioned in CVE-2019-1162, discovered by Tavis Ormandy. More details: https://news.sophos.com/en-us/2019/08/22/blocking-attacks-against-windows-ctf-vulnerabilities/ Added protection against side-loading of code via ApiSet Stub DLLs. The mitigation is called APISetGuard and is an integral part of the DLL Hijacking mitigation under Risk Reductions > Process Protection. Added protection against replacement of accessibility tools (like StickyKeys) from a remote machine. This is specifically useful against attacks like BlueKeep, that target RDP-enabled endpoints. This mitigation is called FileProtection. Improved Improved CryptoGuard v5 ransomware detection algorithms. Improved CryptoGuard v5 overall performance, especially with backup software. Improved CodeCave mitigation. WipeGuard inadvertently protected USB drives that were already connected during boot. Keystroke Encryption was default enabled on the first window that was visible after install. Forward ported compatibility improvements from build 789. Fixed Fixed deadlock scenarios during CryptoGuard v5 rollback. Fixed initial dashboard when installing as CryptoGuard-only. Screenshot Figure 1: CTF Guard Figure 2: Interactive CTF Exploration Tool by Tavis Ormandy intercepted as it attempted to communicate over CTF. Figure 3: New visualization features in HitmanPro.Alert 3.8 help to gain insight into what e.g. a temporary malicious PowerShell process has been doing. Here it downloaded a ransomware from a remote web site and started it, causing our CryptoGuard to step in. Figure 4: Overview of signature-less protections against adversary tactics and techniques. Download https://dl.surfright.nl/hmpalert3b849.exe Notes Do NOT install this on a machine of which you only have access over Remote Desktop as it will lock you out from admin access, you need hands on keyboard to generate the 2fa token. Do NOT return from this 8xx CTP to version 7xx stable without first removing c:\programdata\hitmanpro.alert\excalibur.db Supports Windows XP up to Windows 10 19H2. Footprint 4.8 MB All code compiled with Visual Studio 2019 16.3. Please let us know how this build runs on your machine
Using CryptoGuard 5 is our preference. If you run into an issue, you can always switch back to CryptoGuard 4 and report the problem to us.
YES!!! First it was a smooth upgrade to CTP2 from 1. My problem with 1 was the Cryptogruard v5. It brought my imaging programs to a stand still. Tested v5 on CTP2 and I had to check to make sure it was turned on. Imaging programs ran as they should. v5 is staying on. Excellent!!
Awesome! Thanks for letting us know. We've been working hard the last few weeks to get this release out into the community. We're working towards a general availability release so everybody can enjoy our new technologies. Thanks again!
No problems upgrading build 849 CTP2 (from build 789). Using CryptoGuard v5. Win10 1903 build 18362.356 x64/Norton Security v22.19.8.65