HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    33
    Location:
    Nederlands
    I was notified that after restart HitmanPro.Alert 3.8.12 Build 899 would be updated.
    Done that and encountered no problems.


    Windows 10 Pro Versie 21H1 Build 190453.985
     
  2. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    246
    Automatic update, no problem.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Cool that you have added other browsers like Vivaldi, will try to test HMPA soon. :thumb:
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,538
    Location:
    Outer space
    No problems on 1909 x64.
     
  5. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    197
    Location:
    Canada
    On the 21st, I manually updated from 3.8.11 Build 897 Release Candidate to 3.8.12 Build 899 Release Candidate. No issues to report.

    Although, I didn't reboot until the 22nd, I applied the update before you posted your request to wait for it to auto update so I cannot comment on the fly-out.
     
  6. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    HitmanPro.Alert 3.8.13 Build 903 Release Candidate

    Changelog (compared to build 901)
    • Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
    • Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390.
    • Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected.
    • Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations.
    • Improved detection of Chromium-based web browser for CookieGuard.
    • Added Thumbprint generation for remote-debugging-port CookieGuard detection.
    • Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
      Capture.PNG
    Download
    https://dl.surfright.nl/hmpalert3b903.exe

    Please let us know how this version runs on your machine. Thanks!!! :thumb:
     
    Last edited: Jun 23, 2021
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    980
    No problems upgrading build 903. No SmartScreen-alert this time.

    Win10 21H1 build 19043.1052
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    No problems upgrading to build 903.

    Win 10 x64 Pro v21H1 19043.1081
     
  9. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    24
    Location:
    internet
    Runs perfect thx :)
     
  10. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    FYI, we've done a small batch of upgrades for 901 users to 903.
     
  11. Mr Humphries

    Mr Humphries Registered Member

    Joined:
    Dec 3, 2016
    Posts:
    14
    Location:
    Australia
    Manually updated from 901. No problem so far on 21390.co_release.210521-1658.
     
  12. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    197
    Location:
    Canada
    Auto update received to go from 901 to 903. Rebooted, and things are running fine.
     
  13. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    80
    Location:
    Kissimmee, FL
    HMPA crashes Outlook on more than one computer Windows 10 Pro, nothing shows up in HMPA alert log. Outlook crashes 30 seconds after opening it, rebooting the computer does not help.

    Disabling Load Library Code Mitigation for the Outlook Application is a workaround.

    Faulting application name: OUTLOOK.EXE, version: 16.0.14131.20278, time stamp: 0x60da3184
    Faulting module name: hmpalert.dll, version: 3.8.13.903, time stamp: 0x60d093de
    Exception code: 0xc0000005

    Operating System:
    Microsoft Corporation, Windows 10 Pro (10.0.19043) (en-US)
    Processor(s):
    Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz (8 virtual) (X64)
    Available Memory:
    22631 MB / 24466 MB

    Manufacturer & Model:
    Hewlett-Packard HP EliteDesk 800 G1 SFF
     
    Last edited: Jul 1, 2021
  14. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    Hi Mike,

    Thanks for reporting, I've send a PM with further request for details.
     
  15. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    HitmanPro.Alert 3.8.14 Build 907 Release Candidate

    Changelog (compared to build 903):
    • Fixed a crash that could occur in Microsoft Office 365
    • Fixed an issue that could result our tray icon to take up to 25% CPU usage.
    • Improved the StackPivot mitigation.
    • Fixed the License expired flyout, which - when clicked - showed a request for reboot instead of going to the Activation panel.
    • Improved HollowProcess MTH mitigation, solving incompatibility with certain games.
    • Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.
    Download
    https://dl.surfright.nl/hmpalert3b907.exe

    Please let us know how this version runs on your machine :thumb:

    Bonus: In case you want to see how our unique technologies worked against the REvil ransomware attack via Kaseya's VSA, I made a 7 minute video explaining our Heap Heap Protect (Dynamic Shellcode) and CryptoGuard. HitmanPro.Alert is at the core of Sophos Intercept X. You can watch it here: https://vimeo.com/572576580
     
    Last edited: Jul 10, 2021
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    980
    No problems upgrading build 907.

    Win10 21H1 build 19043.1083
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,898
    Location:
    Among the gum trees
    No problem here x 2 machines.
     
  18. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,373
    Location:
    Under a bushel ...
    No problem with manual update, Win 10 Pro as per sig.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Thanks will check out this video, very cool. Also, can you perhaps share more technical info about CookieGuard, how does it work? I assume it will block malware from getting access to browser cookies, but what about malicious extensions for example?

    And I forgot to ask about the new "unexpected sytem calls" mitigation, perhaps you can tell more about it. For example, how would malware evade security hooks, I'm guessing it has got something to do with unhooking stuff. I remember that in the past, malware was able to disable protection from Trusteer Rapport via unhooking, but I can't find the link at the moment.
     
  20. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    197
    Location:
    Canada
    I manually updated from 3.8.12 Build 899 Release Candidate to 3.8.14 Build 907 Release Candidate. No issues.

    Just sorry to hear that Syscall mitigation has been removed, even temporarily. I feel slightly less safe now ;)
     
  21. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    246
    Besides ESET v.14.2.19.0 with HitmanPro.Alert v.3.8.13 build 903 everything is fine, no problems.
     
    Last edited: Jul 12, 2021
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    980
    Mitigation PrivGuard
    Timestamp 2021-07-12T15:16:44

    Platform 10.0.19043/x64 v907 06_5e
    PID 11652
    Application C:\Windows\System32\CompPkgSrv.exe
    Created 2021-01-12T18:59:06
    Description Component Package Support Server 10

    Sweep

    Code Injection
    0000000000060000-0000000000066000 24KB C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3024]
    0000000000070000-0000000000072000 8KB
    00007FF9B6624000-00007FF9B6625000 4KB
    1 C:\Program Files\Sandboxie-Plus\SbieSvc.exe [3024] 2021-07-12T12:01:45
    2 C:\Windows\System32\services.exe [996] 2021-07-12T12:01:40
    3 C:\Windows\System32\wininit.exe [872] 2021-07-12T12:01:40
    wininit.exe
    4 C:\Windows\System32\smss.exe [752] 2021-07-12T12:01:39 1.1s
    \SystemRoot\System32\smss.exe 00000110 00000088
    5 C:\Windows\System32\smss.exe [512] 2021-07-12T12:01:15
    \SystemRoot\System32\smss.exe

    Services
    3024 SbieSvc

    Thumbprints
    04c5d137eba482b6c267eeffde93e702577745c0b09937b297b25ce5dfb83231
     
  23. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    This exactly expected when running Sandboxie, they sweep the security tokens of the running proces(ses), you can either ignore or suppress the alert.
     
  24. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    246
    The latest HitmanPro.Alert(v.3.8.14 build 907) won't let me run Driver Booster, even though I put it in the exceptions. How can I run it? I cannot access the user directory from HitmanPro.Alert.

    2021-07-14_063914.jpg
     
  25. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    343
    Location:
    Planet Earth
    That's the Anti-Malware module blocking because it detected malware or pua, you'll need to use Suppress Alert from the eventlog for this to run this application.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.