HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Ok thanks Ronny. I’ll use build 738 and wait for the next build of 8xx CTPx.
     
  2. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Heads-up, we're updating everyone to build 3.7.10 Build 785 at the moment. This newer build fixes an issue with CTF Guard in combination with some third-party security products.
     
  3. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Thank you. Does the new build address the issue reported here? (I'm told that it's an HMP issue, but then HMP is part of HMP.A.)
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Cool, I didn't even know that so many new protections were added. And I noticed that HMPA stops APC code injection, but what about code injection done by other methods? And will "Hollow Process Mitigation" block process hollowing on ALL processes?
     
  5. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    How can I get the installer for that?

    The download page offers build 775...
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
  7. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    Do I need to uninstall Build 775 to install Beta 783 ?
     
  8. guest

    guest Guest

    No need to install the "old" Beta 783. There is already a newer stable version 787
     
  9. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    Thanks,but can I install it over my current HMPro Alert non beta version ?
     
  10. guest

    guest Guest

    As long as it is not mentioned in the changelog that you need to uninstall the old version prior installing the new version, then you can simply install the new version.
     
  11. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    Thank you Mood. Could you please post the link for downloading here ?
     
  12. guest

    guest Guest

    A download link for the beta (783) can be found here #1538, stable (at the moment 787): #15528
     
  13. Ashanta

    Ashanta Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    702
    Location:
    Europe
    Thank you Mood
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Any news on a new CTP? Also, sometimes HMP.A CPT1 does not start at boot, if I try to open it, it says the service is not running and computer needs to restart.
    EDIT: Forgot system details. Win10 x64 1809 with AppGuard 6.2
     
    Last edited: Sep 21, 2019
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Also waiting on new CTP. (Event List does not open, until I reset Excalibur.db).
    Incidentally, I don't have your boot start issue, but I am Win10 Pro x64 1903 (18362.356), Emsisoft ++. (Appguard, still 4.4.6.1, currently Off).
     
  16. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    I'm also eagerly awaiting a new CTP, but only because I'm a :geek: and love seeing new features/forms of protection.
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.8.0 Build 849 Community Technology Preview 2 (CTP2)

    Changelog (compare to Community Technology Preview 1)

    Added

    • Added CTF Guard under Risk Reductions > Process Protection. This new mitigation validates CTF protocol callers and is ported over from GA builds 785-789 (since August 23). This new system-level exploit mitigation protects against abuse of the undocumented Windows CTF protocol as mentioned in CVE-2019-1162, discovered by Tavis Ormandy.
      More details: https://news.sophos.com/en-us/2019/08/22/blocking-attacks-against-windows-ctf-vulnerabilities/
    • Added protection against side-loading of code via ApiSet Stub DLLs. The mitigation is called APISetGuard and is an integral part of the DLL Hijacking mitigation under Risk Reductions > Process Protection.
    • Added protection against replacement of accessibility tools (like StickyKeys) from a remote machine. This is specifically useful against attacks like BlueKeep, that target RDP-enabled endpoints. This mitigation is called FileProtection.
    Improved
    • Improved CryptoGuard v5 ransomware detection algorithms.
    • Improved CryptoGuard v5 overall performance, especially with backup software.
    • Improved CodeCave mitigation.
    • WipeGuard inadvertently protected USB drives that were already connected during boot.
    • Keystroke Encryption was default enabled on the first window that was visible after install.
    • Forward ported compatibility improvements from build 789.
    Fixed
    • Fixed deadlock scenarios during CryptoGuard v5 rollback.
    • Fixed initial dashboard when installing as CryptoGuard-only.
    Screenshot
    849.PNG
    Figure 1: CTF Guard

    ctftool-intercepted.png
    Figure 2: Interactive CTF Exploration Tool by Tavis Ormandy intercepted as it attempted to communicate over CTF.

    Capture2.PNG
    Figure 3: New visualization features in HitmanPro.Alert 3.8 help to gain insight into what e.g. a temporary malicious PowerShell process has been doing. Here it downloaded a ransomware from a remote web site and started it, causing our CryptoGuard to step in.

    CTP2.png
    Figure 4: Overview of signature-less protections against adversary tactics and techniques.

    Download
    https://dl.surfright.nl/hmpalert3b849.exe

    Notes
    • Do NOT install this on a machine of which you only have access over Remote Desktop as it will lock you out from admin access, you need hands on keyboard to generate the 2fa token.
    • Do NOT return from this 8xx CTP to version 7xx stable without first removing c:\programdata\hitmanpro.alert\excalibur.db
    • Supports Windows XP :D up to Windows 10 19H2.
    • Footprint 4.8 MB o_O
    • All code compiled with Visual Studio 2019 16.3.
    Please let us know how this build runs on your machine :thumb:
     
    Last edited: Sep 26, 2019
  18. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Can we test CryptoGuard v5 now, or is that still not recommended for daily use?
     
  19. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Using CryptoGuard 5 is our preference. If you run into an issue, you can always switch back to CryptoGuard 4 and report the problem to us.
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Wow. This really sounds exciting.
     
  21. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    OK. I’ll leave it at v5 then.
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Smooth update from CTP1 to CTP2 - no issues :thumb:
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    YES!!! First it was a smooth upgrade to CTP2 from 1. My problem with 1 was the Cryptogruard v5. It brought my imaging programs to a stand still. Tested v5 on CTP2 and I had to check to make sure it was turned on. Imaging programs ran as they should. v5 is staying on. Excellent!!
     
  24. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    Awesome! Thanks for letting us know. We've been working hard the last few weeks to get this release out into the community. We're working towards a general availability release so everybody can enjoy our new technologies. Thanks again!
     
  25. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 849 CTP2 (from build 789). Using CryptoGuard v5.

    Win10 1903 build 18362.356 x64/Norton Security v22.19.8.65
     
    Last edited: Sep 27, 2019
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.