I was notified that after restart HitmanPro.Alert 3.8.12 Build 899 would be updated. Done that and encountered no problems. Windows 10 Pro Versie 21H1 Build 190453.985
On the 21st, I manually updated from 3.8.11 Build 897 Release Candidate to 3.8.12 Build 899 Release Candidate. No issues to report. Although, I didn't reboot until the 22nd, I applied the update before you posted your request to wait for it to auto update so I cannot comment on the fly-out.
HitmanPro.Alert 3.8.13 Build 903 Release Candidate Changelog (compared to build 901) Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms. Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390. Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected. Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations. Improved detection of Chromium-based web browser for CookieGuard. Added Thumbprint generation for remote-debugging-port CookieGuard detection. Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks). Download https://dl.surfright.nl/hmpalert3b903.exe Please let us know how this version runs on your machine. Thanks!!!
HMPA crashes Outlook on more than one computer Windows 10 Pro, nothing shows up in HMPA alert log. Outlook crashes 30 seconds after opening it, rebooting the computer does not help. Disabling Load Library Code Mitigation for the Outlook Application is a workaround. Faulting application name: OUTLOOK.EXE, version: 16.0.14131.20278, time stamp: 0x60da3184 Faulting module name: hmpalert.dll, version: 3.8.13.903, time stamp: 0x60d093de Exception code: 0xc0000005 Operating System: Microsoft Corporation, Windows 10 Pro (10.0.19043) (en-US) Processor(s): Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz (8 virtual) (X64) Available Memory: 22631 MB / 24466 MB Manufacturer & Model: Hewlett-Packard HP EliteDesk 800 G1 SFF
HitmanPro.Alert 3.8.14 Build 907 Release Candidate Changelog (compared to build 903): Fixed a crash that could occur in Microsoft Office 365 Fixed an issue that could result our tray icon to take up to 25% CPU usage. Improved the StackPivot mitigation. Fixed the License expired flyout, which - when clicked - showed a request for reboot instead of going to the Activation panel. Improved HollowProcess MTH mitigation, solving incompatibility with certain games. Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release. Download https://dl.surfright.nl/hmpalert3b907.exe Please let us know how this version runs on your machine Bonus: In case you want to see how our unique technologies worked against the REvil ransomware attack via Kaseya's VSA, I made a 7 minute video explaining our Heap Heap Protect (Dynamic Shellcode) and CryptoGuard. HitmanPro.Alert is at the core of Sophos Intercept X. You can watch it here: https://vimeo.com/572576580
Thanks will check out this video, very cool. Also, can you perhaps share more technical info about CookieGuard, how does it work? I assume it will block malware from getting access to browser cookies, but what about malicious extensions for example? And I forgot to ask about the new "unexpected sytem calls" mitigation, perhaps you can tell more about it. For example, how would malware evade security hooks, I'm guessing it has got something to do with unhooking stuff. I remember that in the past, malware was able to disable protection from Trusteer Rapport via unhooking, but I can't find the link at the moment.
I manually updated from 3.8.12 Build 899 Release Candidate to 3.8.14 Build 907 Release Candidate. No issues. Just sorry to hear that Syscall mitigation has been removed, even temporarily. I feel slightly less safe now
Mitigation PrivGuard Timestamp 2021-07-12T15:16:44 Platform 10.0.19043/x64 v907 06_5e PID 11652 Application C:\Windows\System32\CompPkgSrv.exe Created 2021-01-12T18:59:06 Description Component Package Support Server 10 Sweep Code Injection 0000000000060000-0000000000066000 24KB C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3024] 0000000000070000-0000000000072000 8KB 00007FF9B6624000-00007FF9B6625000 4KB 1 C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3024] 2021-07-12T12:01:45 2 C:\Windows\System32\services.exe [996] 2021-07-12T12:01:40 3 C:\Windows\System32\wininit.exe [872] 2021-07-12T12:01:40 wininit.exe 4 C:\Windows\System32\smss.exe [752] 2021-07-12T12:01:39 1.1s \SystemRoot\System32\smss.exe 00000110 00000088 5 C:\Windows\System32\smss.exe [512] 2021-07-12T12:01:15 \SystemRoot\System32\smss.exe Services 3024 SbieSvc Thumbprints 04c5d137eba482b6c267eeffde93e702577745c0b09937b297b25ce5dfb83231
This exactly expected when running Sandboxie, they sweep the security tokens of the running proces(ses), you can either ignore or suppress the alert.
The latest HitmanPro.Alert(v.3.8.14 build 907) won't let me run Driver Booster, even though I put it in the exceptions. How can I run it? I cannot access the user directory from HitmanPro.Alert.
That's the Anti-Malware module blocking because it detected malware or pua, you'll need to use Suppress Alert from the eventlog for this to run this application.