Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.
Ok thanks Ronny. I’ll use build 738 and wait for the next build of 8xx CTPx.
Heads-up, we're updating everyone to build 3.7.10 Build 785 at the moment. This newer build fixes an issue with CTF Guard in combination with some third-party security products.
Thank you. Does the new build address the issue reported here? (I'm told that it's an HMP issue, but then HMP is part of HMP.A.)
Cool, I didn't even know that so many new protections were added. And I noticed that HMPA stops APC code injection, but what about code injection done by other methods? And will "Hollow Process Mitigation" block process hollowing on ALL processes?
How can I get the installer for that?
The download page offers build 775...
Look in @RonnyT's signature: https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-62#post-2850287
Do I need to uninstall Build 775 to install Beta 783 ?
No need to install the "old" Beta 783. There is already a newer stable version 787
Thanks,but can I install it over my current HMPro Alert non beta version ?
As long as it is not mentioned in the changelog that you need to uninstall the old version prior installing the new version, then you can simply install the new version.
Thank you Mood. Could you please post the link for downloading here ?
A download link for the beta (783) can be found here #1538, stable (at the moment 787): #15528
Thank you Mood
Any news on a new CTP? Also, sometimes HMP.A CPT1 does not start at boot, if I try to open it, it says the service is not running and computer needs to restart.
EDIT: Forgot system details. Win10 x64 1809 with AppGuard 6.2
Also waiting on new CTP. (Event List does not open, until I reset Excalibur.db).
Incidentally, I don't have your boot start issue, but I am Win10 Pro x64 1903 (18362.356), Emsisoft ++. (Appguard, still 126.96.36.199, currently Off).
I'm also eagerly awaiting a new CTP, but only because I'm a and love seeing new features/forms of protection.
HitmanPro.Alert 3.8.0 Build 849 Community Technology Preview 2 (CTP2)
Changelog (compare to Community Technology Preview 1)
Added CTF Guard under Risk Reductions > Process Protection. This new mitigation validates CTF protocol callers and is ported over from GA builds 785-789 (since August 23). This new system-level exploit mitigation protects against abuse of the undocumented Windows CTF protocol as mentioned in CVE-2019-1162, discovered by Tavis Ormandy.
More details: https://news.sophos.com/en-us/2019/08/22/blocking-attacks-against-windows-ctf-vulnerabilities/
Added protection against side-loading of code via ApiSet Stub DLLs. The mitigation is called APISetGuard and is an integral part of the DLL Hijacking mitigation under Risk Reductions > Process Protection.
Added protection against replacement of accessibility tools (like StickyKeys) from a remote machine. This is specifically useful against attacks like BlueKeep, that target RDP-enabled endpoints. This mitigation is called FileProtection.
Improved CryptoGuard v5 ransomware detection algorithms.
Improved CryptoGuard v5 overall performance, especially with backup software.
Improved CodeCave mitigation.
WipeGuard inadvertently protected USB drives that were already connected during boot.
Keystroke Encryption was default enabled on the first window that was visible after install.
Forward ported compatibility improvements from build 789.
Fixed deadlock scenarios during CryptoGuard v5 rollback.
Fixed initial dashboard when installing as CryptoGuard-only.
Figure 1: CTF Guard
Figure 2: Interactive CTF Exploration Tool by Tavis Ormandy intercepted as it attempted to communicate over CTF.
Figure 3: New visualization features in HitmanPro.Alert 3.8 help to gain insight into what e.g. a temporary malicious PowerShell process has been doing. Here it downloaded a ransomware from a remote web site and started it, causing our CryptoGuard to step in.
Figure 4: Overview of signature-less protections against adversary tactics and techniques.
Do NOT install this on a machine of which you only have access over Remote Desktop as it will lock you out from admin access, you need hands on keyboard to generate the 2fa token.
Do NOT return from this 8xx CTP to version 7xx stable without first removing c:\programdata\hitmanpro.alert\excalibur.db
Supports Windows XP up to Windows 10 19H2.
Footprint 4.8 MB
All code compiled with Visual Studio 2019 16.3.
Please let us know how this build runs on your machine
Can we test CryptoGuard v5 now, or is that still not recommended for daily use?
Using CryptoGuard 5 is our preference. If you run into an issue, you can always switch back to CryptoGuard 4 and report the problem to us.
Wow. This really sounds exciting.
OK. I’ll leave it at v5 then.
Smooth update from CTP1 to CTP2 - no issues
YES!!! First it was a smooth upgrade to CTP2 from 1. My problem with 1 was the Cryptogruard v5. It brought my imaging programs to a stand still. Tested v5 on CTP2 and I had to check to make sure it was turned on. Imaging programs ran as they should. v5 is staying on. Excellent!!
Awesome! Thanks for letting us know. We've been working hard the last few weeks to get this release out into the community. We're working towards a general availability release so everybody can enjoy our new technologies. Thanks again!
No problems upgrading build 849 CTP2 (from build 789). Using CryptoGuard v5.
Win10 1903 build 18362.356 x64/Norton Security v188.8.131.52
Separate names with a comma.