HitmanPro.Alert

[harlan4096]

HitmanPro.Alert 3.8.12 Build 899 Released

Changelog (compared to build 891):

• Added New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
  Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
  
• Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).
  
• Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
  
• Added CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
  
• Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
  
• Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content.
  
• Fixed APC Violation mitigation so it now correctly identifies process injection from VMware.
  
• Fixed Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA).
  
• Fixed Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio.
  
• Improved CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
  
• Improved threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
  
• Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
  

Over the next days. all users of HitmanPro.Alert should get this new build through automatic update! Beware though, we no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.

If you want to update now, manually, use this link: https://dl.surfright.nl/hmpalert3b899.exe