Witamy na PZD!

Welcome to PZD!

Register Zaloguj

HitmanPro.Alert - wersje rozwojowe

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#61
HitmanPro.Alert 3.7.4 build 734 BETA
HitmanPro.Alert 3.7.4 Build 734 BETA

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
)

  • Improved Credential Theft Protection, which now terminates applications that attempt to access LSASS in an offending way.
  • Improved error handling when activating a trial or product key
  • Improved startup time of the HitmanPro.Alert Service
  • Improved mini-filter performance which speeds-up CryptoGuard
  • Improved CryptoGuard to handle compressed PDF files more accurately
  • Improved Application Lockdown with detailed thumbprint generation for script-based attacks and to block abuse of Certutil and Python
  • Improved event logging of APC mitigation alerts
  • Added Event ID 800 (malware detected) to the custom HitmanPro.Alert view in the Windows Event Log
  • Added malware detections to the "Number of alerts" counter on the HitmanPro.Alert user interface
  • Added support for Spectre mitigations; i.e. our binaries are now compiled with /Qspectre compiler switch
  • Added offline indicator when the HitmanPro Anti-Malware Cloud is unreachable
  • Fixed the "Scan failed" issue which could occur when pressing the "Scan Computer" or "Scan with HitmanPro" button
  • Fixed unexpected behavior of Safe Browsing to improve detection and prevent false positives
  • Fixed issue that prevented proper disabling of Exploit Mitigations on Java binaries
  • Fixed rare issue that caused a hanging thread (locked a file) when CryptoGuard creates a file backup
  • Fixed an issue with code injection on Windows XP
  • Fixed an issue with the Reflective DLL Injection mitigation (part of Load Library mitigation)
  • Fixed an issue with the Windows 10 Start Menu
  • Fixed an issue when importing previously exported settings
  • Fixed a rare issue that could cause a BSoD mentioning partmgr.sys
  • Several other minor fixes and improvements
Download (with drivers co-signed by Microsoft)
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#62
HitmanPro.Alert 3.7.7 Build 746 BETA
Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
)

  • Improved General performance
  • Improved Credential Theft Protection, LSASS protection
  • Improved Java mitigation profile, removed obsolete protections for Java processes
  • Improved Intruder detection for trickbot
  • Improved Office & IE11 compatibility
  • Added wmic.exe to Application Lockdown to block abuse used in SquiblyTwo attack
  • Added Japanese language
  • Fixed Bug in mono (.NET xPlatform lib) causing a CallerCheck
  • Fixed IE Godmode False positives
  • Fixed Potential BSOD in CryptoGuard
  • Fixed LoadLib Alert in Firefox when loading NPAPI plugin(s)
  • Fixed Windows 7 hanging on shutdown
  • Fixed WipeGuard on Hyper-V guest systems
  • Several other minor fixes and improvements
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#63
HitmanPro.Alert 3.7.8 Build 750 Release Candidate
Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
)

  • Improved process startup performance of applications protected with Exploit Mitigations
  • Improved Hardware Assisted Control-Flow Integrity (HA-CFI) performance by increasing the LBR stack-pool
  • Improved Code Cave Mitigation
  • Improved Asynchronous Procedure Call (APC) Mitigation
  • Improved Thumbprint technology on the CallerCheck exploit mitigation, which now allows us to whitelist e.g. a CreateProcess from the 1Password just-in-time .NET code running inside a web browser or Outlook as a plug-in
  • Fixed a crash occurring during a specific ROP exploit attack, e.g. during attack on CVE-2018-9958
  • Fixed issue with Microsoft Edge browser on Windows 10 Redstone 4 32-bit (x86)
  • Fixed a false positive in Chrome caused by the Dynamic Heap Spray exploit mitigation
  • Added a workaround for an issue with Chrome 67 (and newer) which triggered our Hardware Assisted Control-Flow Integrity (HA-CFI) now Chrome generates ROP chains on the fly for a legitimate reason. Note that the workaround is we disabled the use of LBR records during ROP checks on Chrome 67 (and newer).
  • Added list of loaded modules to the alert details of the WipeGuard and CryptoGuard modules, to help with triaging attacks originating from trusted processes
Download (with drivers co-signed by Microsoft)
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#64
HitmanPro.Alert 3.7.8 Build 751 Release
As many of you noticed, HitmanPro.Alert ran into an issue yesterday. The issue was caused by the Microsoft Azure node in Europe and mainly affected users located in the EU. As some of you know, we temporarily switched EU users to the node in the United States as a workaround.
In the meantime, we found the issue that caused the crash of our HitmanPro.Alert Service. We also crafted a proper fix and, at this very moment, all our users are updated automatically to HitmanPro.Alert 3.7.8 build 751.

Release notes (compared to build 750)
  • Fixed issue with cloud communication component.
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#65
HitmanPro.Alert 3.7.9 Build 759 Release
HitmanPro.Alert 3.7.9 Build 759 Release Candidate

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
)

  • Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
  • Added Compatibility with Windows 10 Redstone 5
  • Improved WipeGuard mitigation handling VBR sectors
  • Improved Asynchronous Procedure Call (APC) Mitigation
  • Improved SEHOP mitigation performance improvement
  • Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
  • Improved Windows Vista code injection
  • Fixed Compatibility with Windows XP Embedded POSReady 2009
  • Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
  • Fixed Compatibility with Microsoft Hyper-V failed to start
  • Fixed Compatibility with F-Secure DeepGuard
  • Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
  • Fixed Security issue (CVE assigned)
  • Updated Botan 2.7.0
  • Updated Sqlite 3.24.0
  • Updated All code compiled with Visual Studio C++ 15.8.4
  • Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
  • Removed Network Lockdown mitigation (deprecated) / hmpnet.sys



Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#66
HitmanPro.Alert 3.7.9 Build 761 ( beta )
HitmanPro.Alert 3.7.9 Build 761 BETA

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć


Added
  • Improved Shellcode mitigation (system-wide) to detect backdoor stage/payload on the heap
  • Improved Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasions technique
Improved
  • CryptoGuard to block specific variants of the Dharma ransomware, that include needless action to thwart behavior monitoring
  • Dynamic Heap Spray Mitigation to allow certain memory block patterns
Fixed
  • Compatibility issue with ESET Smart Security in combination with Google Chrome
  • Rare BSOD in WipeGuard when it was running out of stack
  • Process Protection user interface menu now correctly disables the features when no valid license is present
  • Automatic update when running HitmanPro.Alert in Anti-Ransomware (CryptoGuard) only
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
25290
Polubienia
4039
Autor tematu #67
HitmanPro.Alert 3.7.9 Build 763 Release Candidate

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć


Added
  • New Lolbin to Application Lockdown
Improved
  • Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasions technique
  • Dynamic Heap Spray Mitigation to allow certain memory block patterns
Fixed
  • Auto update when installed in CryptoGuard only mode
Download
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#68

al

The janitor
Członek Załogi
Administrator
Dołączył
22 Lipiec 2012
Posty
4416
Polubienia
1701
#69
HitmanPro.Alert 3.7.9 Build 767 Release Candidate 3

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
Added
  • Dynamic Shellcode Mitigation (Helps prevent threat actors from loading unsafe code into memory) protection can now be turned on/off - however the mitigation is still in detect only mode.
Improved
  • Reduction of false-positives for DEP alerts in case of crashing applications.
  • Reduction of false-positives for Code Cave alerts on .NET applications.
Fixed
  • WipeGuard can now handle disks with other sector sizes than 512.
  • CodeCave triggered falsely during process initialization.

Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

al

The janitor
Członek Załogi
Administrator
Dołączył
22 Lipiec 2012
Posty
4416
Polubienia
1701
#70

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
25290
Polubienia
4039
Autor tematu #71
HitmanPro.Alert 3.7.9 Build 771 Release Candidate

Changelog (compared to build 769):

Removed

Menu option to enable/disable SMB CryptoGuard protection (crypto-ransomware attack from remote machine); it is always enabled on supported systems, i.e. 64-bit Windows

Improved

CryptoGuard compatibility on Windows 10 19H1 (i.e. current Windows Insider preview builds)
64-bit call stack parsing (improves stability)
Code Cave Mitigation, now showing SHA-256 of the process in the Alert Info

Fixed

False positives caused by the Code Cave Mitigation
Issue when Anti-Malware is enabled/disabled; the service stopped responding/system became unstable
Minor update problem in CryptoGuard UI when an attack had occured
Issue with pipe communication between service and client when volume name is changed
Hollow Process Mitigation false positive with VMware ThinApps
Issue that caused Visual Studio's vswhere.exe not to start correctly
IAT/IAF hardcoded whitelisting not working properly
Stability issue when report files get corrupted
Download
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
 

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
25290
Polubienia
4039
Autor tematu #72

OXYGEN THIEF

Bardzo aktywny
Członek Załogi
Administrator
Dołączył
26 Maj 2010
Posty
25290
Polubienia
4039
Autor tematu #73
HitmanPro.Alert 3.7.9 Build 773 Release Candidate (re-release)

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
):


Changed
  • Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
Improved
  • Heap Heap Protect
  • CodeCave
Fixed
  • Trend Micro Intruder/Safe Browsing incompatibility
Download
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć


Hi all, we found a small issue in the previous 773, so we re-released it.
Current 773 users will be automatically upgraded to the new 773.
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#74
HitmanPro.Alert 3.7.9 Build 775 Release Candidate

Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
):

Improved
  • Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly.
  • Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications.
  • Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs.
  • Alert info regarding our real-time Anti-Malware and Code Cave mitigation.
Fixed
  • Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack.
Download:
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć

[/SPOILER]
 

Ircus

Bardzo aktywny
Ekspert
Dołączył
26 Maj 2010
Posty
3587
Polubienia
2449
#75
HitmanPro.Alert 3.7.9 Build 777 Release Candidate
Changelog (compared to
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć
)

  • We've switched from audit to termination of malicious software that violate our novel heap memory protection Heap Heap Protect. This means that rampant malware like Emotet, Dridex, BitPaymer and other families can now be stopped based on the threat's runtime memory allocation behavior caused by multi-layer obfuscation and packing techniques to bypass machine learning (ML) and AV checking.
  • In addition, HitmanPro.Alert is now auditing applications that allocate heap memory into other processes. And Heap Heap Protect is also auditing unknown heap memory allocations while we're finetuning our signature-less backdoor mitigation (to block e.g. Cobalt Strike).
  • Improved Enforce DEP (Data Execution Prevention) as it previously did not set a flag correctly.
  • Classified more trusted binaries as LOLbin (Living-of-the-Land binary), which means attackers cannot abuse them in attacks via Browsers and productivity applications.
  • Improved handling of crashing application as they could previously trigger one or more exploit mtigations (i.e. KiUserExceptionDispatcher on Windows 10 was not correctly recognized).
  • Fixed compatibility with Windows Vista.
  • Fixed some false positives occuring in the Firefox web browser, which were caused by our hardware assisted ROP mitigation that employs Last Branch Record (LBR) in Intel microprocessor hardware. On Firefox version 57 and up, HitmanPro.Alert will no longer enforce control-flow integrity using hardware registers.
  • Fixed a bug in the Code Cave mitigation involving a NOP sled that inadvertently could overwrite code placed by a third party security application.
  • Fixed another conflict with Universal Windows Platform (UWP) applications and our Code Cave mitigation, when running HitmanPro.Alert alongside F-Secure / Ziggo Internetbeveiliging / KPN Veilig.
Nie masz uprawnień do przeglądania zaloguj się lub zarejestruj aby zobaczyć