Ronny, can you respond to this post? I think somewhere in this thread you might have answered my first question, but I'm trying to visualize it. How do infostealers even work in the first place, do they steal data from disk only, or also from memory? https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-89#post-3173762
Most of them are very noisy, the scan for config files that contain plain or reversible passwords etc, mostly if they even have collected the data and they hit the cookie-guard the process is killed before the data is zipped up and exfiltrated. Cookie-Guard depends on illegal access of the credential store for supported browsers else they can't decrypt the stolen contents.
HitmanPro.Alert 3.8.25 Build 975 (RC4) Changelog (compared to 971) Fixed C2 interceptor crashes/blocking of application loading Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate. Download https://dl.surfright.nl/hmpalert3b975.exe Please let us know how this version runs on your machine We'll enable auto-update for anyone running >947 We're planning to promote this build to Stable if results are good in the coming week(s).
After notification HitmanPro.Alert that after reboot that will be installed did that and no problems. https://www.imgdumper.nl/uploads9/657440f493438/657440f491c84-Naamloos.png HitmanPro.Alert Versie 3.8.25 build 975 Windows 11 Pro Versie 23H2 Emsisoft
Wow, I'm not sure if I had good or bad timing with my post. Either way, I received the update notification yesterday for RC4 and rebooted into it at that time. No issues till now. I will reply again if any issues appear.
Don't think so, we can't reproduce this right now, if you have issues please use suppress alert for now. Perhaps something similar will pop-up later which might lead to a fix.
Hi Ronny, I can see that with ver. 975 I can launch "Luminar Neo" with no issues with C2 protection on - thanks for solving this. However the other issue I had: very partial UWP exclusion list (add exclusion, UWP applications) is still present - I can only see 5 apps out of 10s of apps), not a big issue, as I can open the app and add it from "running applications", but FYI... Thanks
Can you share the names of those applications and did you install them in the default location or have you tweaked anything on the Store location?
This is what I see, and everything is default, didn't change store location and also installed apps through Winget (default sources: store + winget) But as I said, minor issue, as the alternative option (running apps) is also easy to use.
Image didn't show, so here is a text capture: Your applications (5) UWP-APPS ms-resourceackageStoreName photos.dlc.mediaengine.exe Print Dialog 10 printdialog.exe Settings IO systemsettings.exe WINDOWS.IMMERSIVECONTR... SystemSettings.exe WINDOWS.PRINTDIALOG 6.2.2... PrintDialog.exe
OK, but does HMPA only protects access to the credential store or what? Doesn't it protect browser memory and the browser profile folder? Like I said, I'm trying to visualize it. https://attack.mitre.org/techniques/T1555/003/
975 build has now been promoted from RC -> Stable and we'll slowly enable auto-update for a small number of users at a time. https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-677#post-3176552
CookieGuard does the credential store, other mitigations memory related, encrypted browser files are not monitored.
OK, this is a bit confusing to me to be honest. But I assume HMPA should protect against all or most info-stealers who need access to cookies and passwords in the browser profile. And I also assume that all Chromium based browsers (Chrome, Vivaldi, Edge, Brave, Opera) make use of the credential store?
HitmanPro.Alert 3.8.26 Build 979 RC1 Changelog (compared to 977) Fixed Intruder/Safe Browsing compatibly issue introduced by a recent Bitdefender update. Improved HeapHeapProtect, improved handing in code and added more whitelisting options to alerts. Improved SendKeysGuard, switched the main thumbprint to handle whitelisting more easy. Improved HWBGuard (Silent). Improved HollowProcess/HWBGuard, to prevent exception pointer abuse. Download https://dl.surfright.nl/hmpalert3b979.exe Please let us know how this version runs on your machine For those that run in to the XTUService issue, can you please remove the "Suppress Alert" on your setup and keep an eye out if anything has improved in that area?