Quote:HitmanPro.Alert 3.8.21 Build 945 released

Changelog (compared to 943)

• Improved Syscall
  
• Improved WipeGuard
  
• Improved CryptoGuard5
  
• Improved HollowProcess
  
• Improved ROP detection on crashing processes
  
• Improved HeapHeapHooray also covers powershell_ise now
  
• Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  
• Several other changes under the hood
  

Download
https://dl.surfright.nl/hmpalert3b945.exe
Auto-updater is enabled as of now.

Quote:HitmanPro.Alert 3.8.22 Build 947 released:

Changelog (compared to 945)

• Improved HollowProcess
  
• Improved Syscall
  
• Improved StackPivot
  
• Improved RemoteThreadGuard
  
• Improved CryptoGuard 5
  
• Fixed rare BSOD's in CryptoGuard 5
  
• Fixed HollowProcess incompatibility with PC-Matic/Pitstop
  
• Several other changes under the hood
  

Download: https://dl.surfright.nl/hmpalert3b947.exe

Auto-updater is enabled as of now.

Quote:HitmanPro.Alert 3.8.25 Build 975

We're slowly releasing this new build to our current 947 stable fleet, as there have been a significant number of changes this update won't be auto-update available all at once.

Monitoring telemetry & support will give us an indication of possible issues, and if all looks good we'll migrate more users, of course you are free to download the latest version via provided link if you don't want to wait for the update to show up via the auto-updating mechanism.

Changelog:

• Added HWBGuard (Silent), A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now detect these breakpoints
  
• Added New Process Protection panel for Risk Reduction
  
• Added RDPGuard Icon under Risk Reduction button
  
• Added SendKeyGuard
  
• Fixed BSOD in StickyKeys
  
• Fixed Driver BSOD under specific circumstances
  
• Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
  
• Fixed Lockdown Bypass when loading files over UNC paths
  
• Improved AMSIGuard
  
• Improved APC Game detection
  
• Improved Bitdefender Compatibility
  
• Improved CiGuard
  
• Improved CookieGuard
  
• Improved CryptoGuard5
  
• Improved DrWeb Compatibility CallerCheck/SysCall
  
• Improved HeapHeapProtect Cobalt Strike detection
  
• Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
  
• Improved HollowProcess
  
• Improved KeyboardGuard u.a. compatibility with ESET protected browsers, Windows search
  
• Improved Lockdown Now allows WMIC GET 'only' commands without interference
  
• Improved PrivGuard
  
• Improved StackPivot
  
• Removed ReflectiveDLL As it has become obsolete in it's current implementation
  
• Several other changes under the hood
  

Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b975.exe

Quote:Lifted from RonnieT / Sophos QA Engineer

We're slowly releasing this new build to our current 947 stable fleet, as there have been a significant number of changes this update won't be auto-update available all at once.
Monitoring telemetry & support will give us an indication of possible issues, and if all looks good we'll migrate more users, of course you are free to download the latest version via provided link if you don't want to wait for the update to show up via the auto-updating mechanism.

• Fixed HWBGuard (Silent) excessive alert reporting, now limited to max 2 alerts per process.
  

Quote:HitmanPro.Alert 3.8.26 Build 979

Changelog (compared to 977)

• Fixed Intruder/Safe Browsing compatibly issue introduced by a recent Bitdefender update.
  
• Improved HeapHeapProtect, improved handing in code and added more whitelisting options to alerts.
  
• Improved SendKeysGuard, switched the main thumbprint to handle whitelisting more easy.
  
• Improved HWBGuard (Silent).
  
• Improved HollowProcess/HWBGuard, to prevent exception pointer abuse.
  

Download
https://dl.surfright.nl/hmpalert3b979.exe

Quote:HitmanPro.Alert 3.8.26 Build 983

Changelog (compared to 979)

• Added UI - EventLog - Clear event data dialog, use right mouse click on "Last events"
  
• Added UI - EventLog - Show only Suppressed events
  
• Added UI - EventLog - Copy details to clipboard button
  
• Added Several code preparations for upcoming changes/additions
  
• Fixed Exclusions - UWP exclusions browser for Windows 11
  
• Fixed BSOD - CryptoGuard5
  
• Improved HeapHeapProtect
  
• Improved SoftwareRadar - No longer removes UWP Exclusions at startup
  
• Improved PrivGuard - Now also prints the current and expected userSID's
  
• Improved Kernel32Trap
  
• Improved SyscallX64
  

https://dl.surfright.nl/hmpalert3b983.exe
Auto-update will also be enabled from 979 -> 983
Note for testers this is the exact same version as 983 RC1 on the beta board.

• Fixed Autoruns BSOD
  
• Fixed Driver BSOD
  
• Fixed CryptoGuard5 Memory leaks
  
• Fixed CobaltStrike Double messages in report when in audit mode
  
• Fixed SyscallX64 Added caching to prevent hickups during play when using Chromium browser streams (e.g. Netflix / Prime).
  
• Improved APCProtection Windows 11 support
  
• Improved CobaltStrike Add support for WinHttp based beacons
  
• Improved SyscallX86 Detection and alerting/reporting/suppression options
  
• Improved SyscallX64 Added protection against Ekko/Foliage/KrakenMask
  
• Improved C2Interceptor Added generic stager detection
  
• Improved PipeWorker Security restrictions
  
• Improved AmsiGuard Added protection for remote processes
  
• Improved LBR Added newer CPU's: Tiger Lake, Rocket Lake
  
• Improved CookieGuard Support for Chrome's new "Device Bound Session Credentials"
  
• Improved Excalibur Code handling of rapid alerts/reports
  
• Improved AlertProducer Added a rate limiter for repeating alerts - WARNING: Last Alert due to flood! added to eventlog
  
• Improved Selfprotection and alerting logic
  
• Improved KernelTrap32 added multiple API's
  
• Improved HollowProcess logic for PEB protection
  
• Improved CallerCheck thumbprinting for local allow-listing
  

Quote:HitmanPro.Alert 3.21.1 Build 2043 (stable)

Changelog (compared to 2019)

• Added: Vulnerable Driver Guard
  • Vulnerable Driver Guard, part of Process Protection, aims to provide signature-less, universal protection against AV/EDR Killers that abuse legitimate but vulnerable kernel drivers.
    
  • It helps prevent attackers from disabling security software or bypassing tamper protection, and reduces the risk of manipulation of critical operating system security mechanisms, even when trusted or digitally signed drivers are used.
    
• Added: ETW Guard
  • ETWGuard, part of Process Protection, protects Event Tracing for Windows (ETW) from manipulation by attackers.
    
  • ETW is critical security infrastructure used by most AV and EDR solutions for detection and monitoring, but is typically left unprotected by those same products.
    
  • ETWGuard hardens the code regions responsible for ETW functionality, blocking malware attempts to blind security tools, even though HitmanPro.Alert itself does not rely on ETW.
    
  • This prevention-first approach stops attacks that would otherwise evade detection by disabling security telemetry.
    
• Fixed: ARM64 driver issue on Win10
  
• Fixed: Compatibility issue with Sophos Home
  
• Fixed: Intruder issue with Bitdefender and Tor browser
  
• Fixed: Right click on "Last event" now prompts for Admin permissions if needed for cleaning
  
• Improved: Syscall
  
• Improved: HeapSpray
  
• Improved: SyscallX64
  
• Improved: HollowProcess
  
• Improved: Selfprotection
  
• Improved: Alert report details
  
• Improved: HWBGuard (Hardware Break Guard)
  
• Improved: UI Process protection descriptions
  
• Improved: False Positive suppression logging
  
• Improved: UI now shows if run as Administrator or not
  
• Improved: CookieGuard added protection for AppBound cookie security & IElevator2
  
• Improved: Exploit Mitigation panel shows selected template name per application
  
• Improved: Process protection UI pumpkin now shows 1/2 grayed-out if one of the protections is disabled
  

https://dl.surfright.nl/hmpalert3b2043.exe

Auto-update from 2019 is on.