HitmanPro.Alert

[jasonX]

HitmanPro.Alert version 3.7.9.771

Changelog (compared to build 759)

Added

• Dynamic Shellcode Mitigation aka Heap Heap Protect, which helps prevent threat actors from loading unsafe code into memory). This mitigation is still in silent detection mode.
  
• Improved Shellcode mitigation (system-wide) to detect backdoor stage/payload on the heap
  
• Improved Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasion technique
  
• Reduction of false-positives for DEP alerts in case of crashing applications
  
• New LoLBin to Application Lockdown
  
• OpenWith.exe to the Office Template to help mitigate the CVE-2018-8495 exploit attack
  

Improved

• CryptoGuard to block specific variants of the Dharma ransomware, that include a specific needless action to thwart behavior monitoring
  
• Dynamic Heap Spray Mitigation to allow certain memory block patterns
  
• Dynamic Heap Spray compatibility issue's with .NET applications
  
• Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasions technique
  
• CryptoGuard compatibility on Windows 10 19H1 (i.e. current Windows Insider preview builds)
  
• 64-bit call stack parsing (improves stability)
  
• Code Cave Mitigation, now showing SHA-256 of the process in the Alert Info
  

Fixed

• Compatibility issue with ESET Smart Security in combination with Google Chrome
  
• WipeGuard can now handle disks with other sector sizes than 512
  
• Rare BSOD in WipeGuard when it was running out of stack
  
• Process Protection user interface menu now correctly disables the features when no valid license is present
  
• Automatic update when running HitmanPro.Alert in Anti-Ransomware (CryptoGuard) only
  
• Issue when Anti-Malware is enabled/disabled; the service stopped responding/system became unstable
  
• Minor update problem in CryptoGuard UI when an attack had occured
  
• Issue with pipe communication between service and client when volume name is changed
  
• Hollow Process Mitigation false positive with VMware ThinApps
  
• Issue that caused Visual Studio's vswhere.exe not to start correctly
  
• IAT/IAF hardcoded whitelisting not working properly
  
• Stability issue when report files get corrupted
  

Removed

• Menu option to enable/disable SMB CryptoGuard protection (crypto-ransomware attack from remote machine); it is always enabled on supported systems, i.e. 64-bit Windows
  

HitmanPro.Alert Support and Discussion Thread HERE