Which one( F#, C++, C#, Visual Basic, XML )? Are you still developing the 3.7 series or will the next be the 3.8?
Win 10 Pro x64 v1903 b18362.356. BSOD on reboot. But so far, fine after subsequent reboot. WhoCrashed report below. Can't say that it's due to HmP.A ... test machine with other security softs installed, mostly disabled. Code: On Fri 2019/09/27 6:08:41 AM GMT your computer crashed or a problem was reported crash dump file: C:\WINDOWS\Minidump\092719-6171-01.dmp This was probably caused by the following module: ntoskrnl.exe (nt+0x1C10A0) Bugcheck code: 0x3B (0xC0000005, 0xFFFFF8066E24826C, 0xFFFFF30A524C2960, 0x0) Error: SYSTEM_SERVICE_EXCEPTION file path: C:\WINDOWS\system32\ntoskrnl.exe product: Microsoft® Windows® Operating System company: Microsoft Corporation description: NT Kernel & System Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time. I use Macrium Reflect and have been running with CryptoGuard v4. Due to @Peter2150's on v5, will give it a whirl.
Yes, it does @Krusty. I should have made the connection because I saw that BFP post though I hadn't experienced it before v4.0.1. That explains it then, thanks .
No worries. I emailed Darren to try and send a dump but even compressed it was far to large to attach. He set me up with an account at account.box.com. He posted in the other thread that it was related to Secure Boot, but my machine (that had the BSOD) does not have Secure Boot.
We're now actively developing for 3.8 and will backport important improvements back into 3.7 until 3.8 becomes GA.
Updated from CTP1 to CTP2 with no issues to report. Event log is clean. Oh, and thanks Mark for the detailed description and the Power Point slide. From what I can tell, item #23 under App-level should protect against this recently described Nodersok malware.
Wow, this stuff looks very cool, it's sort of like an EDR! BTW, perhaps you can also respond to some of my other questions and what I have never understood is why the "Keystroke Encryption" module doesn't work globally on almost all apps? https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-63#post-2850861
Running smooth here, W10 build 1903. All the minor issues I had with previous version seem to have disappeared (y).
Windows 10 Pro versie 1903 HitmanPro.Alert versie 3.8.0 build 849, CTP2 No problem na updated HitmanPro.Alert.
Asynchronous Procedure Calls This is a system-level mitigation. It shields all processes. Prevents code injection via Asynchronous Procedure Call (APC) from kernel and user-mode. It is effective against DoublePulsar (used by e.g. EternalBlue, EternalRomance) and AtomBombing attack techniques used by the Dridex malware. It is also effective against BlueKeep. Hollow Process Mitigation This is a system-level mitigation. It shields all processes. Prevents abuse of a (trusted) process to act as a container for hostile code Prevents manipulation of the Process Environment Block (PEB) Prevents hijacking of the main thread (MTH) It is effective against Process Hollowing, Process Doppelgänging, Transacted Hollowing and similar attack techniques. But it also intercepts malware packers used by e.g. Emotet, Trickbot. Keystroke Encryption proactively scrambles keystrokes against keyloggers (we don't use encryption, you can't reverse it, we just feed keyloggers rubbish). It is an app-level mitigation and is only enabled on applications that are Browsers (category). In addition, we also shield password managers (Other category). We don't scramble the keystrokes in e.g. Microsoft Office apps. You could change this by removing e.g. Microsoft Word from the Office category and add it again under the Other category, which offers Keystroke Encryption. It was a design choice to enable it only on specific applications where users need to enter passwords. Hope this helps! Mark
Thanks for the info! About APC code injection, I forgot that this protects against attacks like DoublePulsar. But why not add protection against more code injection techniques, since most apps don't often make use of it. Of course security software like AV's need to be whitelisted. About protection against Process Hollowing, thanks for confirming that it protects EVERY process, so I'm guessing you guys look at if processes are launched in suspended state. About Keystroke Encryption, the thing is, tools like KeyScrambler and SpyShelter protect just about all important apps system wide. Perhaps you should simply copy the list from KeyScrambler, that would give users peace of mind. I mean, why not protect MS Office out of the box, I don't see any reason not to. https://www.endgame.com/blog/techni...-technical-survey-common-and-trending-process https://www.qfxsoftware.com/ks-windows/applications.htm
Hi, for info i had 1 false alert with v 3.8 build 849 CTP2 "Risk Reduction CryptoGuard about my AppData\Local\Discord\app-0.0.305\Discord.exe I had placed discord in the category "Other" in terms of exploits mitigation btw br.
HitmanPro.Alert 3.7.11 Build 791 Release Candidate Changelog (compare to build 789) Improved CryptoGuard 4 anti-ransomware module. Download https://dl.surfright.nl/hmpalert3b791.exe Please let us know how this version runs on your computer We aim to update our entire community (excluding users running the newer 8xx technology previews) to this new version later this week.
When I tried to install Build 791, the currently installed build (789) opened instead of the installer. I had to remove build 789 first, reboot, and then build 791 installed without a problem. It is running fine.
I got a pop-up notice on my release version of HMPA build 789 that a new version was ready to be installed. This in-application notice appeared only 24 hours after this post from Mark went up, and I haven't seen any feedback on the RC yet. Looks a bit premature to me. Was this intentional?