HitmanPro.Alert BETA

Can you close the GUI and re-open and see if it's still broken?
And if so please reboot and try again.

Driver booster should be fixed by now.

 

[QUOTE = "RonnyT, gönderi: 2999400, üye: 151568"] Evet, iyi çalışmalı. [/ QUOTE]
so sophos free + hitman pro alert: is sophos premium?

 

Almost, there is 'malicious traffic detection' which is not part of the Alert engine, and central management.

 

hello today i get these alerts from HMPA ...i think that these are false positives which maybe has something to do with BD ?
do i have to wait for an update from HMPA or BD ?

cheers

 

Can you please check one of these keys and see where they point to?

 

i can find these keys in my reg
i think they point to BD but im not sure what u mean
i see that all these files in the reg have no value ?

i scanned with roguekiller too but my system is clean
when i delete these threats with HMPA they return after reboot

 

It's a false detection on our end, and in this case Bitdefender related, we're working on it.

 

Should be solved now.

 

Thank You for your answer! Now everything is OK.

 

Thanks a lot incredible help
after a new scan with new HMPA nothing was detected anymore

best regards
scip

 

HitmanPro.Alert 3.8.10 Build 893 Release Candidate

Changelog (compared to build 891)

Added

• New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
• Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
• As part of the HeapHeapHooray mitigation, we now apply our proprietary SysCall mitigation system wide. This means when unknown malware employs, for example, the Heaven’s Gate defense evasion technique, it is now also blocked (this technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment).
• Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).
• New CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in Google Chrome and Microsoft Edge on Chromium.
  
• Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be rebooted before the update is actually applied.

Fixed

• Stack Pivot exploit mitigation no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content.
• APC Violation mitigation now correctly identifies process injection from VMware.
• Code Cave mitigation now plays nice with DRM code from gaming company Electronic Arts (EA).
• Kernel32Trap mitigation no longer causes issues with certain code compiled with Visual Studio.

Improved

• Further tweaked the CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
• Threat termination is now even more robust, especially when the threat runs with high privileges outside of user session(s).

Important note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.

Download
https://dl.surfright.nl/hmpalert3b893.exe

Please let us know how this version runs on your machine. Thanks!

 

Manual update. There is nothing wrong. All is well. System and software environment see signature.

 

Wow, this does sound very interesting. Why not also protect all other major browsers like Vivaldi, Brave, Opera and Firefox?

 

all good thanks

 

I had a SmartScreen warning on both machines but the update installed successfully on both.

 

Same here (on one machine).

Win10 21H1 build 19043.868

 

Just stay tuned

 

I do not understand. Will CookieGuard mitigation protect other browsers in the future? For example, Firefox?

 

We haven't had the time to look at other browsers that could work with our new technology, so for now it supports the two biggest browsers on Windows. Stay tuned!

 

No problem with manual update. Win 10 x64 Pro v20H2 19042.906.

 

@markloman @RonnyT
I have another dump for v391 for W7x86. Let me know if you need it. Installed v93 and will post when I get the next dump.

 

CookieGuard mitigation with a sandboxed Edge Chromium (as expected with Sandboxie).

HmP.A build 893/Sandboxie 5.49.5/Win10 21H1 build 19043.868

 

Just released a new filter update that will solve this detection. It can take a few hours before it arrives on your machine. Thanks!

 

No more CookieGuard-mitigations after launching Edge Chromium sandboxed. Thank you.

 

Manually uninstalled and waited for a few days and no problems.

Windows 10 Pro 64bits versie 20H2 build 19042.630