Thema: Hitman Pro

[SiLæncer]

Changelog

    Added HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
    Added Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu.
    Added Automatic protection of Microsoft Access against exploitation.
    Added DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation.
    Improved Alert report now includes a list of services if a process runs as a service.
    Improved CryptoGuard-only now also enables anti-malware.
    Improved GUI: Added anti-malware menu item to settings menu.
    Improved GUI: EULA on install dialog
    Improved Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost.
    Improved Windows on ARM: Fixed last scan timestamp.
    Improved AmsiGuard: Now supports unloading of AMSI.DLL.
    Improved ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application.
    Improved CredGuardSAM: Prevent registry command line tool from dumping credentials.
    Improved WipeGuard: Volume Boot Record (VBR) protection and alert details.
    Improved Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection.
    Fixed CodeCave: coding error that could cause certain rare applications to crash.
    Fixed CodeCave: False alarms when application is packed with boxedApp packer.
    Fixed ACPProtection: False alarms when application is packed with boxedApp packer.
    Fixed ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1.
    Fixed CryptoGuard 5: False alarm in combination with Dropbox.
    Fixed CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature.
    Fixed HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack.
    Fixed Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP).
    Fixed Italian string in Systray context menu.

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Whats new:>>

    IMPROVED: Malware removal
    CHANGED: PUA Engine
    FIXED: Freezing during removal of complex PUA files

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Release Notes

Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Release Notes

    Added New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
    Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
    Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).
    Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
    Added CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
    Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
    Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content.
    Fixed APC Violation mitigation so it now correctly identifies process injection from VMware.
    Fixed Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA).
    Fixed Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio.
    Improved CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
    Improved threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
    Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
    Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Release Notes

    Fixed more compatibility issues between process hollowing and certain games.
    Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build.
    Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges.
    Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile.
    Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
    Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
    Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines.

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Release Notes

    Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
    Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390.
    Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected.
    Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations.
    Improved detection of Chromium-based web browser for CookieGuard.
    Added Thumbprint generation for remote-debugging-port CookieGuard detection.
    Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Whats new:>>

    Fixed a crash that could occur in Microsoft Office 365.
    Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Whats new:>>

    Improved Game detection.
    Improved LockdownLoadImage whitelisting.

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Whats new:>>

    ADDED: Detection of Turla malware
    IMPROVED: Scan speed in certain scenarios
    CHANGED: Cloud components

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Whats new:>>

    FIXED: Detection and removal of Chrome cookies
    FIXED: Windows XP Updater
    CHANGED: Terms and Condition when using HitmanPro for the first time

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Changelog

    Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
    Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
    Added protection against cloning of LSASS process to Credential Theft Protection
    Added support for ReFS file system to CryptoGuard
    Added NOTEPAD.EXE to Office template
    Added GPT partition support to WipeGuard
    Added NVMe support to WipeGuard
    Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
    Added alerting to our protection of sticky key abuse (and other accessibility features)
    Added EA Digital Illusions CE AB to game detection
    Improved protection against direct system calls, or SysCall, on 32-bit applications
    Improved handling of certificates on code-signed applications
    Improved CookieGuard alert with information about the application certificate, if any, in the alert
    Improved CookieGuard so it now adds certificate validation information into the alert details
    Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
    Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
    Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
    Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
    Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
    Change reboot fly-out reminder interval from 1h to 8h
    Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
    Changed text for Benefits button to Help center
    Changed Sophos Privacy Notice and Terms of Service
    Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
    Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
    Fixed displaying icons of UWP applications
    Fixed several user interface inconsistencies
    Fixed false alarm by APCViolation on Avast 'aswhook' DLL
    Fixed false alarm by CookieGuard if application starts from a RAM-drive
    Fixed false alarm by HollowProcess on Visual Studio
    Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
    Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
    Fixed tray icon burning CPU cycles after install
    Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
    Updated third-party libraries
    Several other changes under the hood

[close]

https://www.hitmanpro.com/en-us/alert.aspx

[SiLæncer]

Whats new:>>

    ADDED: Detection of Tarrask malware
    CHANGED: If a scan cannot complete in „Direct Access Mode“ it switches to „Compatible Disk Mode“

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Whats new:>>

    ADDED: Detection of (hidden) browser processes locking access to the cookie database(s) -> prompt for close browser(s).
    ADDED: Settings for the Running browsers prompt and the Close browser process.
    ADDED: ARM64 detection, only 32-bit version should run on ARM64.
    IMPROVED: 3rd Party tracking-cookie detection (Scan's would show up empty because chromium browsers start blocking access to it while running).
    UPDATED: Binary is now signed with Sophos LTD code-sign certificate (This might cause trust issues with other 3rd party security software as its new).
    FIXED: Fixed vulnerabilities in the driver and cookie scan.
    KNOWN ISSUE(S): ARM64 browser processes are not closed before scan (yet).

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Whats new:>>

    FIXED: Delete failed for Firefox cookies.
    FIXED: Close browsers cookie dialog logic.
    ADDED: Detection of Chrome Sxs and Chrome Dev cookies.
    ADDED: Detection of Chrome cookies from different profiles.
    ADDED: Detection for several Firefox based browser cookies.
    UPDATED: Edge Chromium icon.
    KNOWN ISSUE(S): ARM64 browser processes are not closed before scan (yet).

https://www.hitmanpro.com/en-us/hmp.aspx

[SiLæncer]

Changelog

    Added HWBGuard (Silent), A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now detect these breakpoints
    Added New Process Protection panel for Risk Reduction
    Added RDPGuard Icon under Risk Reduction button
    Added SendKeyGuard
    Fixed BSOD in StickyKeys
    Fixed Driver BSOD under specific circumstances
    Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
    Fixed Lockdown Bypass when loading files over UNC paths
    Improved AMSIGuard
    Improved APC Game detection
    Improved Bitdefender Compatibility
    Improved CiGuard
    Improved CookieGuard
    Improved CryptoGuard5
    Improved DrWeb Compatibility CallerCheck/SysCall
    Improved DrWeb Compatibility CallerCheck/SysCall
    Improved HeapHeapProtect Cobalt Strike detection
    Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
    Improved HollowProcess
    Improved KeyboardGuard u.a. compatibility with ESET protected browsers, Windows search
    Improved Lockdown Now allows WMIC GET 'only' commands without interference
    Improved PrivGuard
    Improved StackPivot
    Removed ReflectiveDLL As it has become obsolete in it's current implementation
    Several other changes under the hood

* Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

[close]

https://www.hitmanpro.com/en-us/alert.aspx