Softpedia >Windows >Security >Security Related >HitmanPro.Alert >  Changelog

HitmanPro.Alert Changelog

What's new in HitmanPro.Alert 3.8.26 Build 983

Apr 5, 2024
  • Added UI - EventLog - Clear event data dialog, use right mouse click on "Last events"
  • Added UI - EventLog - Show only Suppressed events
  • Added UI - EventLog - Copy details to clipboard button
  • Added Several code preparations for upcoming changes/additions
  • Fixed Exclusions - UWP exclusions browser for Windows 11
  • Fixed BSOD - CryptoGuard5
  • Improved HeapHeapProtect
  • Improved SoftwareRadar - No longer removes UWP Exclusions at startup
  • Improved PrivGuard - Now also prints the current and expected userSID's
  • Improved Kernel32Trap
  • Improved SyscallX64

New in HitmanPro.Alert 3.8.26 Build 979 (Feb 7, 2024)

  • Fixed Intruder/Safe Browsing compatibly issue introduced by a recent Bitdefender update.
  • Improved HeapHeapProtect, improved handing in code and added more whitelisting options to alerts.
  • Improved SendKeysGuard, switched the main thumbprint to handle whitelisting more easy.
  • Improved HWBGuard (Silent).
  • Improved HollowProcess/HWBGuard, to prevent exception pointer abuse.
  • * Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

New in HitmanPro.Alert 3.8.25 Build 977 (Dec 18, 2023)

  • Fixed HWBGuard (Silent) excessive alert reporting, now limited to max 2 alerts per process.

New in HitmanPro.Alert 3.8.22 Build 947 (Dec 30, 2022)

  • Improved HollowProcess
  • Improved Syscall
  • Improved StackPivot
  • Improved RemoteThreadGuard
  • Improved CryptoGuard 5
  • Fixed rare BSOD’s in CryptoGuard 5
  • Fixed HollowProcess incompatibility with PC-Matic/Pitstop
  • Several other changes under the hood

New in HitmanPro.Alert 3.8.20 Build 943 (May 18, 2022)

  • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
  • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
  • Added protection against cloning of LSASS process to Credential Theft Protection
  • Added support for ReFS file system to CryptoGuard
  • Added NOTEPAD.EXE to Office template
  • Added GPT partition support to WipeGuard
  • Added NVMe support to WipeGuard
  • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
  • Added alerting to our protection of sticky key abuse (and other accessibility features)
  • Added EA Digital Illusions CE AB to game detection
  • Improved protection against direct system calls, or SysCall, on 32-bit applications
  • Improved handling of certificates on code-signed applications
  • Improved CookieGuard alert with information about the application certificate, if any, in the alert
  • Improved CookieGuard so it now adds certificate validation information into the alert details
  • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
  • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
  • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
  • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
  • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
  • Change reboot fly-out reminder interval from 1h to 8h
  • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
  • Changed text for Benefits button to Help center
  • Changed Sophos Privacy Notice and Terms of Service
  • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
  • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
  • Fixed displaying icons of UWP applications
  • Fixed several user interface inconsistencies
  • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
  • Fixed false alarm by CookieGuard if application starts from a RAM-drive
  • Fixed false alarm by HollowProcess on Visual Studio
  • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
  • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
  • Fixed tray icon burning CPU cycles after install
  • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
  • Updated third-party libraries
  • Several other changes under the hood

New in HitmanPro.Alert 3.8.19 Build 923 (Mar 20, 2022)

  • Improved Game detection
  • Improved LockdownLoadImage whitelisting

New in HitmanPro.Alert 3.8.18 Build 921 (Mar 20, 2022)

  • Added cmdl32.exe as LOLBin so Application Lockdown will block it when used by protected applications
  • Improved CookieGuard that prevents arbitrary decryption of web browser secrets (protects session cookies and login data)
  • Improved Thumbprint generation for DLLs dropped by protected applications (LockdownLoadImage)
  • Improved detection of games to boost compatibility
  • Fixed a minor bug in the Syscall mitigation; this mitigation stop bypasses via unsupervised system calls
  • Several other minor fixes

New in HitmanPro.Alert 3.8.14 Build 907 (Jul 9, 2021)

  • Fixed a crash that could occur in Microsoft Office 365.
  • Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.

New in HitmanPro.Alert 3.8.13 Build 903 (Jun 24, 2021)

  • Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
  • Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390.
  • Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected.
  • Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations.
  • Improved detection of Chromium-based web browser for CookieGuard.
  • Added Thumbprint generation for remote-debugging-port CookieGuard detection.
  • Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).

New in HitmanPro.Alert 3.8.13 Build 901 (Jun 3, 2021)

  • Fixed more compatibility issues between process hollowing and certain games.
  • Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build.
  • Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges.
  • Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile.
  • Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
  • Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
  • Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines.

New in HitmanPro.Alert 3.8.12 Build 899 (May 25, 2021)

  • Added New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
  • Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
  • Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).
  • Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
  • Added CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
  • Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
  • Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content.
  • Fixed APC Violation mitigation so it now correctly identifies process injection from VMware.
  • Fixed Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA).
  • Fixed Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio.
  • Improved CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
  • Improved threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
  • Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
  • Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.

New in HitmanPro.Alert 3.8.9 Build 891 (Apr 22, 2021)

  • Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.

New in HitmanPro.Alert 3.8.8 Build 889 (Apr 20, 2021)

  • Fixed False alarm on Chrome 88 and higher by the Stack Pivot exploit mitigation
  • Improved Heap Heap Protect shellcode detection

New in HitmanPro.Alert 3.8.8 Build 887 (Dec 7, 2020)

  • Added HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
  • Added Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu.
  • Added Automatic protection of Microsoft Access against exploitation.
  • Added DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation.
  • Improved Alert report now includes a list of services if a process runs as a service.
  • Improved CryptoGuard-only now also enables anti-malware.
  • Improved GUI: Added anti-malware menu item to settings menu.
  • Improved GUI: EULA on install dialog
  • Improved Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost.
  • Improved Windows on ARM: Fixed last scan timestamp.
  • Improved AmsiGuard: Now supports unloading of AMSI.DLL.
  • Improved ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application.
  • Improved CredGuardSAM: Prevent registry command line tool from dumping credentials.
  • Improved WipeGuard: Volume Boot Record (VBR) protection and alert details.
  • Improved Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection.
  • Fixed CodeCave: coding error that could cause certain rare applications to crash.
  • Fixed CodeCave: False alarms when application is packed with boxedApp packer.
  • Fixed ACPProtection: False alarms when application is packed with boxedApp packer.
  • Fixed ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1.
  • Fixed CryptoGuard 5: False alarm in combination with Dropbox.
  • Fixed CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature.
  • Fixed HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack.
  • Fixed Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP).
  • Fixed Italian string in Systray context menu.

New in HitmanPro.Alert 3.8.1 Build 863 (Feb 5, 2020)

  • Improved CryptoGuard 5 detection
  • Improved minifilter performance
  • Improved compatibility with VMware ThinApp applications
  • Improved compatibility with BoxedApp applications
  • Improved compatibility with Checkpoint
  • Various minor improvements to alert reports
  • Fixed CTF Guard false alarms on some computers
  • Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
  • Fixed HeapHeapProtect false alarms on Visual FoxPro applications
  • Fixed APC mitigation false alarms on some .NET 1.1 applications
  • Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
  • All binaries built with Visual C++ 16.4.3 with Spectre mitigations

New in HitmanPro.Alert 3.7.12 Build 861 (Jan 12, 2020)

  • Improved CryptoGuard 5 performance
  • Improved suppress alert event user interface
  • Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
  • Fixed potential local privilege escalation (LPE)

New in HitmanPro.Alert 3.7.11 Build 793 (Dec 5, 2019)

  • Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
  • Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)

New in HitmanPro.Alert 3.7.10 Build 789 (Sep 10, 2019)

  • Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
  • Improved compatibility with Webroot security software, fixing application crashes
  • Improved compatibility with Bitdefender security software, fixing application crashes
  • Improved compatibility with Trend Micro security software, fixing application crashes
  • Improved compatibility of CTFGuard with VMware ThinApp

New in HitmanPro.Alert 3.7.9 Build 775 (Mar 19, 2019)

  • Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
  • Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
  • Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
  • Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
  • Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack

New in HitmanPro.Alert 3.7.9 Build 773 (Jan 19, 2019)

  • Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
  • Improved Heap Heap Protect
  • Improved CodeCave
  • Fixed Trend Micro Intruder/Safe Browsing incompatibility

New in HitmanPro.Alert 3.7.9 Build 759 (Sep 18, 2018)

  • Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
  • Added Compatibility with Windows 10 Redstone 5
  • Improved WipeGuard mitigation handling VBR sectors
  • Improved Asynchronous Procedure Call (APC) Mitigation
  • Improved SEHOP mitigation performance improvement
  • Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
  • Improved Windows Vista code injection
  • Fixed Compatibility with Windows XP Embedded POSReady 2009
  • Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
  • Fixed Compatibility with Microsoft Hyper-V failed to start
  • Fixed Compatibility with F-Secure DeepGuard
  • Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
  • Fixed Security issue (CVE assigned)
  • Updated Botan 2.7.0
  • Updated Sqlite 3.24.0
  • Updated All code compiled with Visual Studio C++ 15.8.4
  • Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
  • Removed Network Lockdown mitigation (deprecated) / hmpnet.sys

New in HitmanPro.Alert 3.7.1 Build 723 (Dec 28, 2017)

  • Added Real-Time Anti-Malware, which works with the HitmanPro cloud.
  • Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks.
  • Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process.
  • Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks.
  • Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence.
  • Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection).
  • Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update).
  • Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
  • Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
  • Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites.
  • Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
  • Improved Import Address Table Address Filtering (IAF) exploit mitigation.
  • Improved code injection of the HitmanPro.Alert Support Library (DLL).
  • Improved upgrade when running in 'Anti-ransomware only' mode.
  • Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes.
  • Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security).
  • Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
  • Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
  • Fixed a DEP mitigation triggered in some Microsoft Excel macro's.
  • Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
  • Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
  • Many other minor fixes and improvements.

New in HitmanPro.Alert 3.6.6 Build 592 (Jun 22, 2017)

  • Fixed CryptoGuard false positive

New in HitmanPro.Alert 3.5.0 Build 546 (Jul 22, 2016)

  • Added CryptoGuard 4th generation
  • Added DLL hijack mitigation on downloaded binaries
  • Added WipeGuard mitigation
  • Added Hardware-assisted IAT filtering
  • Added Import and Export of Settings
  • Improved ROP mitigation
  • Improved CallerCheck mitigation
  • Improved Heap Spray mitigation
  • Improved Hollow Process mitigation
  • Improved Application Lockdown
  • Improved colored window border
  • Improved overall mitigation performance
  • Improved reporting details
  • Improved compatibility hooks
  • Improved 3rd party trampoline handling
  • Improved support for binaries with Intel MPX instructions
  • Fixed SoftwareRadar incorrectly detecting 64-bit applications
  • Various minor improvements

New in HitmanPro.Alert 3.1.11 Build 374 (Jun 28, 2016)

  • Improved CryptoGuard to detect Zyklon ransomware.
  • Improved CryptoGuard handling of network based renames.
  • Improved callstack report.
  • Fixed rare BSOD when local ransomware encrypts local file share.
  • Fixed off-by-one issue in command line parser.
  • Fixed ROP mitigation caused urlmon false negative.
  • Fixed ROP mitigation caused advapi32 false positive.
  • Several minor improvements.

New in HitmanPro.Alert 3.1.10 Build 373 (May 30, 2016)

  • Improved compatibility with Firefox 46.
  • Improved compatibility with Bitdefender 2016.
  • Improved Attack Surface Reduction compatibility with System Mechanic.
  • Improved ROP mitigation.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Fixed code injection issue with Windows 7 KB3146706.

New in HitmanPro.Alert 3.1.9 Build 368 (May 30, 2016)

  • Improved compatibility with Firefox 46.
  • Improved SysCall mitigation (part of Control-Flow Integrity) on Windows 10 Redstone.
  • Improved Colored Window Border.
  • Improved hardware-assisted ROP mitigation performance.

New in HitmanPro.Alert 3.1.9 Build 367 (May 30, 2016)

  • Added mitigation to prevent regsvr32.exe abuse via COM scriptlets.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Improved Skype detection in software radar.
  • Improved short filename (8.3) handling in software radar.

New in HitmanPro.Alert 3.1.9 Build 364 (Apr 8, 2016)

  • Fixed an issue with Application Lockdown mitigation on browsers

New in HitmanPro.Alert 3.1.9 Build 363 (Apr 6, 2016)

  • Fixed an issue related to trial activation (bug introduced in build 351). If you wanted to try HitmanPro.Alert before but received the error message "This computer already had a free trial", you may want to try again with this new build.

New in HitmanPro.Alert 3.1.8 Build 360 (Feb 25, 2016)

  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved user interface icon strip double click handling.
  • Fixed rare BSOD in hmpnet.sys.

New in HitmanPro.Alert 3.1.7 Build 357 (Feb 13, 2016)

  • Added support for Windows 10 Insider Preview build 14251 (Redstone).
  • Fixed hmpnet.sys not enabling on Windows 8 (or newer).
  • Fixed crash when passing additional argument along /install command line switch.
  • Fixed SelfProtection false positive.
  • Fixed Teredo Tunneling Adapter. It is no longer disabled.
  • Changed Vaccination default from Active to Passive on fresh installs.
  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved upgrade of BadUSB and Vaccination settings.
  • Improved compatibility with Emsisoft Internet Security 11.0.0.6131.
  • Improved compatibility with Avast! on Windows 8.1 x64.
  • Improved compatibility with Kaltura.
  • Improved uninstall information.
  • Improved uninstall of hmpnet.sys on 32-bit systems.
  • Added protection against DLL preloading attacks.
  • Updated several translations.

New in HitmanPro.Alert 2.0.8 (Jul 4, 2013)

  • Entire new architecture
  • Same simple usage as v1
  • Greatly improved compatibility with 3rd party software hooking into browsers.
  • Lower CPU usage (lower than v1)
  • New configuration user interface
  • Robust against attacks
  • Passive vaccination against some malware families by letting computer appear virtual machine
  • Automatic updater
  • Supports Windows XP (SP3), Vista, Windows 7 and 8.
  • Supports Internet Explorer, Google Chrome, Firefox, Opera, Maxthon, Pale Moon, TorBrowser and others.