With each Community Technology Preview (CTP) of HitmanPro.Alert 3 we introduce new features for compatibility testing. CTP1 was our first development release of HitmanPro.Alert 3 wherein we introduced our hardware-assisted exploit mitigations. A few weeks later, with CTP2, we added the ability for users to add and protect custom applications through an easy-to-use Running Applications interface. In CTP3 we enabled our network inspection driver and delivered Network Lockdown for Java applications, while we also expanded support to all Intel Core i3, i5 and i7 processors for our hardware- assisted exploit protection.
With this fourth and last Community Technology Preview (CTP4) we introduce Application Lockdown, Virtual Machine Simulation (part of Activate Vaccination) and a second (default) Simplified User Interface. In addition we applied Network Lockdown not only to Java but also Office applications, while we improved compatibility with applications reported by the security community.
As before, this preview is released here at Wilders Security Forum only.
This preview is NOT to be used in production environments.
UI-Simplified.PNG UI-Advanced.PNG Exploit-mitigations.PNG
Release Notes
Added Application Lockdown feature to Exploit Mitigations’ code mitigations, which enables safe use of protected applications while preventing high risk actions. If attackers successfully bypass sandbox, memory and other code mitigations, they still cannot introduce and run new executables, or manipulate the Windows Registry to run malicious code. For example, because Microsoft Word is designed to write documents, it can no longer be abused to abnormally download, create and run binaries – Alert blocks this inappropriate behavior, effectively stopping attackers from executing malicious payloads. Application Lockdown also affects attacks that abuse e.g. macros in Office documents to hoist in malware via phishing emails.
Added Virtual Machine Simulation to Active Vaccination. This new feature adds to our Debugger Simulation and are both designed to make VM-aware malware believe it is attacking a virus research sandbox/honeypot, which causes it not to infect the machine and self-terminate. Vaccination turns malware’s own defenses against itself.
Added Minimize button to the installer and main user interface.
Added Simplified User Interface, which is now the default interface. Users can use the new Settings menu, next to the new Minimize window button, to reveal the Advanced Interface. The simplified user interface also warns users when important features are disabled or when the computer needs to be scanned for malware.
Added Network Lockdown to Office applications, including PDF programs like Acrobat Reader. This helps to stop attackers from establishing a command-and-control connection. The Network Lockdown setting can be found by clicking on the orange Security tile.
Added registry protection to prevent illegal registry data. This feature is part of Vaccination and blocks e.g. the persistent Poweliks malware, which is diskless and lives in the registry.
Added automatic activation of the trial license so Exploit Mitigations, Vaccination and Hollow Process protections are automatically enabled after installation.
Improved performance of Control-Flow Integrity (CFI) technology, which blocks ROP attacks by analyzing on-chip branch-traces (inside Intel® processor hardware).
Improved Java (Network) Lockdown compatibility with legitimate applications like Cisco ADSM. Java (Network) Lockdown is now part of Network Lockdown.
Improved Keystroke Encryption which now offers dependable performance.
Improved detection of installed web browsers by the Software Radar.
Fixed a 32-bit stack traversal corner-case condition that affected Intuit QuickBooks.
Fixed a compatibility problem with Windows 8.0.
Fixed a compatibility issue with Microsoft Office 2007.
Fixed a problem with orphaned browser plugins, e.g. Silverlight (agcp.exe) when closing Netflix in the browser.
Fixed a compatibility issue with Steam games installed on non-default path.
Fixed a compatibility issue with AdwCleaner.
Added Anti-VM test to the Exploit Test Tool (32-bit). This test can be used to trigger the Active Vaccination feature of HitmanPro.Alert 3. The used technique is identical to how 99% of all VM-aware malware evade sandboxes.
Enabled the Updater. When there is a new version, the user interface will notify you.
Known Issues
Webcam Notifier works with webcams that use the Windows usbvideo.sys driver. Webcams using vendor specific drivers are currently not supported.
The checkbox ‘Show border around applications’ under ‘Safety notification’ is currently checked and locked on purpose.
HitmanPro.Alert 3 is currently not compatible with Sandboxie on Windows Vista 32.
Sandboxie and Norton (Internet) Security can interfere with the drawing of the notification border around protected applications.
Agnitum Outpost Firewall on 64-bit versions of Windows is currently incompatible with HitmanPro.Alert 3.
The Export Address Table Access Filtering (EAF) module of Microsoft EMET 5.0 is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible. Microsoft EMET 4.1 Update 1 is fully compatible with HitmanPro.Alert 3.
Malwarebytes Anti-Exploit is currently incompatible with HitmanPro.Alert 3, but our Exploit Test Tool is compatible
Download
Zaloguj lub Zarejestruj się aby zobaczyć!
HitmanPro.Alert 3 supports Windows XP Service Pack 3, Windows Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 Technology Preview.
Note: This preview is NOT to be used in production environments.
Reporting issues
Please report issues via PM or via email:Please send me a PM if you need a product key for testing purposes.
Zaloguj lub Zarejestruj się aby zobaczyć!
Looking forward to hearing from you how this build runs on your computer :thumb:
HitmanPro.Alert 3 CTP4 build 92
I made a mistake in build 91 causing the Alert service to crash when launching apps from a short path (for example, C:\some.exe).
Hereby build 92.
Download
Zaloguj lub Zarejestruj się aby zobaczyć!
Please let me know this version runs on your computer
