HitmanPro.Alert 歷史版本列表
HitmanPro.Alert 阻止核心技術和利用惡意軟件的用途從防病毒軟件隱藏。它還可以通過觀察這些威脅所顯示的行為來檢測入侵者,如銀行惡意軟件,遠程訪問工具和加密勒索軟件。它甚至可以讓沙箱感知的惡意軟件終止自己,通過接種或“隱藏”您的電腦作為病毒研究人員.HitmanPro.Alert,其中包括 HitmanPro 的發現和刪除能力,將您的計算機變成一個非常不受歡迎的受害者,實時自動停止和... HitmanPro.Alert 軟體介紹更新時間:2022-06-17
更新細節:
更新時間:2022-05-19
更新細節:
What's new in this version:
HitmanPro.Alert 3.8.20 Build 943
Added:
- system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
- protection against cloning of LSASS process to Credential Theft Protection
- support for ReFS file system to CryptoGuard
- NOTEPAD.EXE to Office template
- GPT partition support to WipeGuard
- NVMe support to WipeGuard
- MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
- alerting to our protection of sticky key abuse (and other accessibility features)
- EA Digital Illusions CE AB to game detection
Improved:
- protection against direct system calls, or SysCall, on 32-bit applications
- handling of certificates on code-signed applications
- CookieGuard alert with information about the application certificate, if any, in the alert
- CookieGuard so it now adds certificate validation information into the alert details
- WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
- WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
- HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
- Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
- the per app mitigation settings in the user interface. It now has room for extra checkboxes.
Changed:
- reboot fly-out reminder interval from 1h to 8h
- Dynamic Heap Spray detection; it is now disabled on 64-bit applications
- text for Benefits button to Help center
- Sophos Privacy Notice and Terms of Service
Fixed:
- issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
- a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
- displaying icons of UWP applications
- several user interface inconsistencies
- false alarm by APCViolation on Avast 'aswhook' DLL
- false alarm by CookieGuard if application starts from a RAM-drive
- false alarm by HollowProcess on Visual Studio
- issue with Lockdown inheritance when parent process is OpenWith.exe
- issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
- tray icon burning CPU cycles after install
- unexpected removal of Forza Horizon 5 under UWP exclusions
- Updated third-party libraries
- Several other changes under the hood
- Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943
HitmanPro.Alert 3.8.19 Build 923
Improved:
- Game detection
- LockdownLoadImage whitelisting
HitmanPro.Alert 3.8.18 Build 921
- Change log not available for this version
HitmanPro.Alert 3.8.17 Build 915
Added:
- LockdownLoadImage mitigation to applications under the Office protection category; mitigates e.g. CVE-2021-40444
- Extended information in alert when CookieGuard detects cookie grab by untrusted code in a web browser, e.g., hashes of remote owner process and owner module
Fixed:
- Compatibility of Enforce DEP with Norton Security
- Small memory leak that occurred when switching CryptoGuard modes
- Compatibility with Windows CET (Shadow Stack)
- Benefits Info button now lands on the correct page
Improved:
- HollowProcess (Main Thread Hijack; MTH) mitigation to detect Cobalt Strike Beacon installing over SMB
- CookieGuard, fixed some small issues
- Compatibility with Visual Studio triggering alerts
- Changed Re-enabled global Syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.14 Build 907
- Fixed a crash that could occur in Microsoft Office 365
- Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.
HitmanPro.Alert 3.8.13 Build 903
- Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
- Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390
- Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected
- Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations
- Improved detection of Chromium-based web browser for CookieGuard
- Added Thumbprint generation for remote-debugging-port CookieGuard detection
- Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.13 Build 901
- Fixed more compatibility issues between process hollowing and certain games
- Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build
- Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges
- Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile
- Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
- Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
- Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines
HitmanPro.Alert 3.8.12 Build 899
- Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added:
- New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
- DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2)
- SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
- CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
- an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed:
- stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content
- APC Violation mitigation so it now correctly identifies process injection from VMware
- Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA)
- Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio
Improved:
- CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
- threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
- Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
- Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
HitmanPro.Alert 3.8.9 Build 891
- Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
HitmanPro.Alert 3.8.8 Build 889
- Change log not available for this version
HitmanPro.Alert 3.8.8 Build 887
Added:
- HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
- Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu
- Automatic protection of Microsoft Access against exploitation
- DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation
Improved:
- Alert report now includes a list of services if a process runs as a service
- CryptoGuard-only now also enables anti-malware
- GUI: Added anti-malware menu item to settings menu
- GUI: EULA on install dialo
- Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost
- Windows on ARM: Fixed last scan timestamp
- AmsiGuard: Now supports unloading of AMSI.DLL
- ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application
- CredGuardSAM: Prevent registry command line tool from dumping credentials
- WipeGuard: Volume Boot Record (VBR) protection and alert details
- Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection
Fixed:
- CodeCave: coding error that could cause certain rare applications to crash
- CodeCave: False alarms when application is packed with boxedApp packer
- ACPProtection: False alarms when application is packed with boxedApp packer
- ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1
- CryptoGuard 5: False alarm in combination with Dropbox
- CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature
- HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack
- Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP)
- Italian string in Systray context menu
HitmanPro.Alert 3.8.6 Build 875
- Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
- Improved CryptoGuard detection
- Improved WoW64 mitigation
- Improved upgrade of build 7xx to a 8xx build
- Improved installer to detect partial old installation
- Improved the internal updater to check more frequent for updates
- Various minor improvements
- All binaries built with Visual C++ 16.6.1 with Spectre mitigations
HitmanPro.Alert 3.8.4 Build 871
- Change log not available for this version
HitmanPro.Alert 3.8.3 Build 869
Fixed:
- handle leak in Alert's service process
- compatibility with BoxedApp applications
- event log to show the timestamp in local time instead of UTC time
- a device reference counting issue in the driver related to WipeGuard mitigation
Improved:
- CryptoGuard 5 algorithms
- APC mitigation
- DEP mitigation
- HeapHeapProtect detection
- HeapSpray mitigation
- SysCall mitigation
- the update pending message to be shown more frequent instead of just once
All binaries built with Visual C++ 16.5.3 with Spectre mitigations
HitmanPro.Alert 3.8.2 Build 867
- Change log not available for this version
HitmanPro.Alert 3.8.1 Build 863
- Improved CryptoGuard 5 detection
- Improved minifilter performance
- Improved compatibility with VMware ThinApp applications
- Improved compatibility with BoxedApp applications
- Improved compatibility with Checkpoint
- Various minor improvements to alert reports
- Fixed CTF Guard false alarms on some computers
- Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
- Fixed HeapHeapProtect false alarms on Visual FoxPro applications
- Fixed APC mitigation false alarms on some .NET 1.1 applications
- Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
- All binaries built with Visual C++ 16.4.3 with Spectre mitigations
HitmanPro.Alert 3.8.0 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 793
- Change log not available for this version
HitmanPro.Alert 3.7.11 Build 791
- Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
- Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)
HitmanPro.Alert 3.7.10 Build 789
- Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
- Improved compatibility with Webroot security software, fixing application crashes
- Improved compatibility with Bitdefender security software, fixing application crashes
- Improved compatibility with Trend Micro security software, fixing application crashes
- Improved compatibility of CTFGuard with VMware ThinApp
HitmanPro.Alert 3.7.10 Build 787
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 779
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 777
- Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
- Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
- Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
- Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
- Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack
HitmanPro.Alert 3.7.9 Build 775
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 773
- Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
- Improved Heap Heap Protect
- Improved CodeCave
- Fixed Trend Micro Intruder/Safe Browsing incompatibility
HitmanPro.Alert 3.7.9 Build 771
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 759
- Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
- Added Compatibility with Windows 10 Redstone 5
- Improved WipeGuard mitigation handling VBR sectors
- Improved Asynchronous Procedure Call (APC) Mitigation
- Improved SEHOP mitigation performance improvement
- Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
- Improved Windows Vista code injection
- Fixed Compatibility with Windows XP Embedded POSReady 2009
- Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
- Fixed Compatibility with Microsoft Hyper-V failed to start
- Fixed Compatibility with F-Secure DeepGuard
- Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
- Fixed Security issue (CVE assigned)
- Updated Botan 2.7.0
- Updated Sqlite 3.24.0
- Updated All code compiled with Visual Studio C++ 15.8.4
- Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
- Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
HitmanPro.Alert 3.7.8 Build 751
- Change log not available for this version
HitmanPro.Alert 3.7.8 Build 750
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 739
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 738
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 737
- Change log not available for this version
HitmanPro.Alert 3.7.3 Build 729
- Change log not available for this version
HitmanPro.Alert 3.7.1 Build 723
- Added Real-Time Anti-Malware, which works with the HitmanPro cloud
- Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks
- Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process
- Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks
- Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence
- Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection)
- Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update)
- Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert
- Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard
- Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites
- Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code
- Improved Import Address Table Address Filtering (IAF) exploit mitigation
- Improved code injection of the HitmanPro.Alert Support Library (DLL)
- Improved upgrade when running in 'Anti-ransomware only' mode
- Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes
- Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security)
- Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office
- Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL
- Fixed a DEP mitigation triggered in some Microsoft Excel macro's
- Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update)
- Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation
- Many other minor fixes and improvements
HitmanPro.Alert 3.6.7 Build 604
- Fixed CryptoGuard false positive
HitmanPro.Alert 3.6.6 Build 593
- Change log not available for this version
HitmanPro.Alert 3.6.5 Build 592
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 588
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 586
- Fixed bug in CryptoGuard correlation
更新時間:2022-05-19
更新細節:
What's new in this version:
dbForge Studio for MySQL Professional 9.0.894
- Improved CrossOver compatibility
- Fixed schema comparison behavior (D76098, D73000, D76098)
dbForge Studio for MySQL Professional 9.0.890
Improved:
- Improved the behavior of determining the dimension of numeric types for the parameters of procedures and functions (D73292)
- Improved the tab activation behavior when executing queries in a SQL Document (D76851)
- Improved the SSH Protocol configuration form to display the Local port option (D75981)
- Improved the behavior of the Studio to work around a server error using hyphenation in procedure and function comments (D75638)
- Improved compatibility with macOS and Linux using CrossOver
- Fixed an issue with activation on macOs using CrossOver
- Fixed issues that could occur when installing the application on macOS and Linux using CrossOver
User-reported and internal bug fixes:
- Added a query timestamp in the General output window (D75287, D78442)
- Changed the opening behavior of the trigger editor and implemented the capability to view the script from SHOW CREATE TRIGGER (D78463)
- Enhanced the execution performance of metadata queries and improved the support for object names with different cases for Unix systems (D73426, D73485)
- The compiler now factors in the ANSI_QUOTES mode when saving a procedure compiled for debugging (D85538, D85537, D85664, D85665)
- Fixed an unexpected exception that occurred when generating data for the foreign key columns (D61140)
- Fixed an unexpected exception that occurred when describing data for Schema Compare (D76988)
- Fixed an unexpected exception that occurred when creating a script in the Data Report Wizard
- Fixed an unexpected exception that occurred after selecting the Use Regular Expression option in the Data Compare Wizard (D54972)
- Fixed file error that occurred after exporting data to the .xlsx format (D65759)
- Fixed an unexpected exception that occurred when importing data from a text file with no content (D71358, D71359)
- Fixed an unexpected exception that occurred when exporting data with nullable values via ODBC provider (D75249, D75475, D75640)
- Fixed an unexpected exception that occurred when closing a SQL document during query profiling
- Fixed an issue that occurred when starting the application (D54073)
- Fixed an unexpected exception that occurred when opening the application options editor window (D66452, T315964, T317130)
- Fixed a bug where after renaming a table column in Database Explorer, no changes were displayed in the table editor (p200130)
- Fixed an unexpected exception that occurred when launching the Data Generation wizard (D72307)
- Fixed an unexpected exception that occurred when loading the Data Report file
- Fixed an unexpected exception that occurred when generating the Tooltip for the connection node
- Fixed an issue with the Next and Previous keywords in the trigger script (D82957)
- Fixed an issue in the text editor on Windows builds 22567 and higher (D81729, D81730)
- Fixed an error that occurred when renaming a procedure with a long name (D76977)
- Fixed an issue with the Splash window (T321527)
- Fixed an error that occurred when saving a SQL Document to a network drive (D76829)
- Fixed the control rendering error 'Arithmetic operation resulted in an overflow' (D83365, D83094, D82790, D75641, D76700, D79304, D79299, D79284, D79391, D79513, D79538, D79647, D79795, D80052, D82265, D82390, D82645, D83232, D83328, D83354, D83415, D83488, D83488, D83553, D83806, D83978, D84261, D84261, D84309, D84497, D84597, D84630, D84633, D84904)
- Fixed an issue with getting the procedures and functions metadata (D74780, D74782, D74781, D74783, D74806, D75289, D75805, D76493, D77598, D777791, D78100, D81817, D81893, D81960, D82277, D83125, D83300, D835900, D836V)
- Fixed the generation of scripts with BULK INSERT (D73106)
- Fixed an error that occurred when opening the context menu (D67415)
- Fixed the comparison and synchronization of foreign keys and indexes associated with foreign keys (D68054)
- Fixed an issue with the tool's windows activation (T309559, T310394, T309631)
- Fixed an issue with closing the application (D72911)
- Fixed an error that occurred when executing the query containing the '/' symbol (D63962)
- Fixed an error that occurred when opening the Style menu in Documenter (D54079)
- Fixed the connection opening error in a SQL Document (D69979, D83775)
- Fixed an error that occurred when selecting a connection in the Project Explorer window
- Fixed an error that occurred when executing a request (D65909)
- Fixed an issue with calling the object editing window from the Search window (D70832, D66412)
- Fixed a bug that could occur when switching between pages in the comparison wizard (D67465, D77784)
- Fixed an error that occurred when working with permissions in database projects (D77870)
- Fixed an error that occurred when working with the procedure parameters (D75638)
- Fixed an issue with the synchronization of objects with the enabled NO_ZERO_DATE, NO_ZERO_IN_DATE options (D80408)
- Fixed a bug that could occur when closing the application (D80352)
- Fixed a critical application error (D58203)
- Fixed the behavior of index synchronization (D70389)
- Fixed schema comparison behavior (D76098, D73000, D76098)
- Fixed an error that could occur when comparing a database with a script folder (D74083)
- Fixed an issue with object script generation (D75427)
- Fixed a bug that could occur when setting a breakpoint
- Fixed issues caused by false syntax errors (T325249, D72828, D56047, D73574, D73593, D74726, D76485, D77098, D75695, D76420, D82654, D84159, D84851)
- Fixed the suggestion of types for the CAST function
- Fixed errors that could occur when specifying a list of view columns for schema comparison (D71544)
- Fixed critical bugs related to the parsing of long calculated expressions and multiple unions (D74042, D82634, D83823, D83997, D76586, p206266, D76612, D74042, D83997, d82635, d76612)
- Fixed an issue with renaming objects in a script (D75618)
- Fixed the loss of procedure parameter values between debug sessions (D77708)
- Fixed an error that could occur when debugging a procedure with the LONG type parameter (D78488)
- Fixed the loss of breakpoints during procedure debugging (D75638, D76971, D77193)
- Fixed an issue with saving changes in database object editors (D76029)
- Fixed an issue with exporting VARBINARY data type to Google Sheets (p205834)
- Fixed an issue with handling queries containing syntax errors in Query Builder (D77579, D84159)
- Fixed a text editor bug on Windows builds 22567 and higher (D81675, D81730, D81712, D81713, D81699, D81463, D81105, D81428, D81674, D80821, D81556, D81203, D81193, D81500, D81199, D81213, D81214, D81106, D81200, D81209 , D81916, D82123, D81292, D82633)
- Fixed docking error when working on 4k monitors (D81179)
dbForge Studio for MySQL Professional 9.0.791
- Added support for new privileges during syntax check
- Improved performance when opening a connection
Fixed:
- an issue that occurred when generating scripts for tables
- an issue with reading table metadata
- an issue with reading session variables when opening a connection
dbForge Studio for MySQL Professional 9.0.782
Improved:
- Added support for the following syntax constructs: ARRAY, MEMBER OF, JSON_TABLE, JSON_ARRAYAGG
Fixed:
- an unexpected exception during the operation of the code completion module
- Added the analysis of the BOM (Byte Order Markers) availability when opening files with a suggestion to normalize such files
- an issue with data export to an Excel file that occurred when the dataset exceeded 66,000 lines
- an issue that occurred during data import due to incorrect initialization of the charset and collations for a new table
- an issue that occurred during data import from a JSON file
- an unexpected exception that occurred when updating the caret position in the document editor
- the incorrect behavior of the "Hide unmodified columns" option in the Data Comparison document
- a data presentation format issue that occurred during data export
- an issue that occurred when connecting under a user with limited permissions
- an unexpected exception that occurred during data export from ODBC due to data type incompatibility
- a product activation error that occurred during a delayed response of the activation server
- a primary key synchronization issue
- an issue that occurred during data import via a template
- a synchronization issue for a table with PARTITION BY RANGE COLUMN
- a procedure script generation issue
- an issue that occurred when creating a project
- memory leaks that occurred during data import
- a product activation issue that involved Arabic characters
- a synchronization issue for a table with partitioning
- the behavior of the Limit Bulk Size option in Data Compare
- Implemented the display and editing of the original object text in the procedure and function editor
- an issue that occurred when using data filtering in Data Editor
- an issue with the repeated execution of a query in Data Editor
- an issue that occurred when canceling query execution in a SQL document
- an issue with the paginal mode in Data Editor
- an issue with connection to a database in a SQL document
- selection criteria in queries that retrieve metadata for security objects
- an issue that occurred when retrieving a charset in the view editor
- the behavior of setting up user permissions in Security Manager
- Improved the behavior of saving the database connections list when using the Studio repeatedly
- the background color application error that occurred during data export to the Excel format
- an issue that occurred when launching the application and accessing the Object Viewer
- an issue that occurred when processing scripts containing syntax in versioned comments
- an issue with the partial loss of expressions during formatting
- the inclusion of a false error to the log
- Variable parsing now complies with the documentation
- Added support for the varcharacter[(n)] data type when parsing scripts with the MariaDB syntax
- the behavior of change markers in SQL Editor
- the selection of encoding when writing synchronization scripts to a file
- an issue with the syntax check for SELECT expressions with multiple UNION operators
- an issue that occurred when closing the Studio
- an issue that occurred when retrieving a list of view columns
- an issue that occurred when using a drop-down list (Member List)
- a false syntax check that hindered the compilation of stored procedures for debugging
- the behavior of the view editor during detection of syntax errors
- a false syntax check that hindered the comparison of views
- Improved the behavior of query execution using the utf8mb3 charset for MariaDB 10.6
dbForge Studio for MySQL Professional 9.0.689
Fixed:
- The application fails with a critical error when trying to create diagram objects after installing the KB5006670, KB5006672 or KB5006674 Windows update
dbForge Studio for MySQL Professional 9.0.688
Fixed:
- an error with reading the default values (Z60282)
- a error with displaying a warning about the absence of unique keys in the Data Editor (Z62016, Z62008, Z62390, Z62717, Z63023)
dbForge Studio for MySQL Professional 9.0.665
Improvements:
- Connectivity support for MariaDB 10.6
User-reported and internal bug fixes:
- Error with quotation of Default values for the ENUM type was fixed
dbForge Studio for MySQL Professional 9.0.660
Fixed:
- export of large tables with more than 65536 records for Excel 2003 and 1048576 records for Excel 2007
- metadata retrieval for default_role in Documenter
- a problem with comparing a view that calls aggregate function with OVER clause in its query
Resolved an issue that led to multiple row data changes when editing data in a table with a unique key that allows NULL values
- incorrect work with the default TIMESTAMP column
- a problem with generating a script for virtual columns
dbForge Studio for MySQL Professional 9.0.636
Improvements:
- Database Project deployment was improved
User-reported and internal bug fixes:
- Debugger behavior in the auto-commit mode = OFF was fixed
- Issue with the reserved word LAG in Object Editor was fixed
- Procedure execution error was fixed
- Processing of error information output was fixed
- Error in Data Editor in case of deleting a table on the server was fixed
- Ability to connect via SSL with different encryption protocols was added
- Bug with quoting DEFAULT values was fixed
- Critical error when parsing procedure parameters was fixed
dbForge Studio for MySQL Professional 9.0.567
Improvements:
- New commands added to Data Viewer
- Behavior of grouping, sorting, and filtering data in Data Editor
- Informational message added instead of an unexpected exception when importing data from invalid Excel files
- Supported processing of FOR and END FOR construction
- Optimized synchronization of changes in virtual columns
Fixed:
- Issue related to Drag & Drop of nodes in Database Explorer
- Error when retrieving data in Data Editor
- Error in Database Diagram
- Error when opening Object Editor
- Bug when renaming an object with refactoring
- Issue related to MS Access database in Data Import
- Error when opening the Database Diagram document
- Issue with a warning about unique keys in Data Editor
- Issue with a connection to Azure MySQL when using Azure Active Directory
- Freeze issue in Data Editor
- Issue with displaying the DEFAULT values of functions in Table Editor
- Issue related to ANSI_QUOTES when generating DD
- Issue related to renaming objects with refactoring without full privileges
- Incorrect behavior when importing data: now the default value for table columns when generating a script is taken into account
- Incorrect behavior when exporting data: float data export as a string
- Unexpected exception while generating data
- Error when exporting data to the Excel format
- Incorrect highlighting for changes preview nodes when renaming
- Issue with floating point typeseal, double) incorrectly handled by the code parser in certain cases
- Issue with a possible application crash during status bar updates
- Failure to detect caret position when suggesting code snippets due to fatal error
- Number of exceptional cases when renaming objects
- Possible errors when parsing queries due to the incorrect handling of built-in date and time functions
- Possible unrecoverable error when trying to get hardware info for analytics
- Issue with possible compilation failure for specific procedures due to critical error
- Possible application freeze when scrolling through large scripts
- Incorrect code parser behavior when handling specific subqueries
- Application failure with critical error after renaming the table added to Query Builder
- Critical error when searching through any Data Report document
- Possible errors after calculating context for code completion suggestions
- Issue with currently active document window not being focused after closing the Find and Replace panel
- Possible application crash when caching document content for restoring
- Error when comparing stored procedures
- Issue with a request to server metadata
- Error in ignoring spaces through the command line when working with options
- Error in finding dependencies when working with quoted object names
- Error in reading table partitioning settings- Critical error when quitting the application
- Critical error when processing versioned comments
dbForge Studio for MySQL Professional 9.0.505
Improved:
- More informative error outputting in Restore Database Wizard
- UI with notification text when refactoring objects is enhanced
- Improved display of tags for source objects in Documenter
- The mechanism of reading metadata for events and triggers containing underscore in names on MariaDB Server is modified
- Support for the utf8mb4_0900_ai_ci coding is added
Fixed:
- Issue with freezing in the foreign keys editor
- Behavior with formatting the procedure body when refactoring objects
- Issue with unclosed connection to MySQL server in SQL document
- Error when inserting the DATETIME value into Data Editor
- Error when inputting an incorrect value on the Security tab of Connection Manager
- Connection to MariaDB Server via the PAM authentication
- Error when opening a document in Database Diagram
- Error when switching to the Read-only mode in Data Editor
- Application was unable to profile queries when connected to Percona Server for MySQL 8.0.21
- Syntax Checker reported errors for parameters and variables that started with numbers
- Possible critical errors when preparing quick info for items from the completion list
- Syntax Checker failed to process union syntax in specific cases
- Code Formatter did not work for certain queries that contained object names that match keywords
- Issue with the import date: "When importing, there is no way to assign a default value for a column."
- Issue with the import date: "When importing a CSV into an existing table, the program creates a MySQL error in the query it generates."
- Throwing an unhandled exception when importing some types of the .xlsx files
- Reading metadata when working with users and roles
- Incorrect script generation when working with an auto-increment column
- Critical error when analyzing the required order of columns
- User formatting is taken into account when synchronizing the function parameters
- Loss of foreign keys without names during synchronization
- Critical error when generating comparison report
- Error occurred when closing comparison wizard is fixed
dbForge Studio for MySQL Professional 9.0.470
Improvements:
- Work of the application when connecting via SSL is improved
Fixed:
- Issue with connecting to Azure MySQL via SSL (T313516, T319656, T321100)
- Issue with processing Quick Info hints (T314128)
dbForge Studio for MySQL Professional 9.0.435
Improvements:
- Behavior of metadata retrieving when dragging and dropping a table in Query Builder (T314046)
- Behavior of displaying empty values for the JSON data types in Data Editor
- Behavior of incorrect retrieving of constraints in Data Editor (T314423)
- Behavior of modifying the comment text when changing the letter case (T314767)
- Behavior of identifying unique keys when changing the editable table in Data Editor (T315797)
- Behavior of displaying object lists in Object Viewer (T314050)
- Behavior of the Not Null tag of a column in Table Editor (T312215)
- Behavior of renaming a query in Data Report
Fixed:
- Error in Database Diagram when opening a .dbd file
- Error in the View editor after closing a document
- Error with displaying the Search (Find Objects) window when Database Explorer was absent (T312512)
- Error with copy-pasting in Data Editor
- Error with formatting the DATETIME value in Data Editor (T312665, T315522)
- Error with rendering values in Data Editor (T313623)
- Error with the progress tab of Restore in Execute Large Script Wizard (T313785)
- Error with selecting an editable table in Data Editor
- Error with updating objects in Query Builder (T314231)
- Error with the undoing operations for linked tables in Query Builder (T310715)
- Working with column types for Turkish encoding (T316473)
- Error with displaying the context menu of an object in Database Diagram (T315113)
- Work of Data Import for Google Spread Sheets (T314984)
- Error with saving a procedure in Database Diagram (T313856)
- Error with reading the Google Sheets data in Data Import (T314178)
- Error of overflow when executing a SELECT query with LIMIT OFFSET
- Bug when generating data for tables with foreign keys (T312605)
- Issue with using the documentation on case sensitive operating systems (T317028)
- Error with opening text dictionary in Data Generator
- Error when generating a SQL Profiler document and closing Studio
- Displaying warnings as an error in Data Generator
- Incorrect generation of table columns if their names coincided with the reserved words in CRUD
- Incorrect error processing in Database Project (T315373)
- Error when analyzing index dependencies (T318093)
- Notification on possible data loss in certain cases of comparing the TINYINT types
- Missed calls of user scripts when assembling a database project (T318011)
- Critical error during syntax check of CREATE ROLE (T318011)
- Incorrect reading of the DEFAULT values if it was not specified as CURRENT_TIMESTAMP () (T317941)
- Incorrect reading of the DEFAULT values for the JSON type (T310136)
- The incorrect character was inserted instead of the ` character when typing Alt+96 in the SQL editor (T317193)
- Incorrect behavior of syntax check feature for MODIFY keywords within the ALTER TABLE clause (T318406)
- The application failed with a fatal error when trying to compile procedures containing identifiers with digital prefixes for debugging (T317744, T316666)
- Possibly incorrect script generation within Query Builder for queries containing date and time functions
- The 'AS NEW()' syntax was treated as invalid within INSERT statements (T314777)
- Incorrect CRUD and SELECT scripts generation for tables containing columns with names matching words that are reserved
dbForge Studio for MySQL Professional 9.0.391
Improvements:
- The disable animations option was implemented
Fixed:
- Incorrect foreign keys comparison in case of cross-database reference (T313064)
- Add 'lateral' as a reserved keyword (T311236)
- Error on an attempt to read the non-existing column from the metadata for SYSTEM VERSIONING tables in MariaDB (T313844, T314778, T314779)
- Error on processing variables with the same name in different scopes (T314318, T314318, T315270)
- Add schema comparison option to ignore triggers on the target (T314479)
- Incorrect precision of the TINYINT data type in schema synchronization script (T314157)
- Remove inconsistent escaping chars from columns expressions (T310136)
- Incorrect quotes of DEFAULT values (T313524)
- Save user formatting for procedures and functions parameters
- Incorrect decimal separator in Data Editor (T313296, T315422)
- Error on copying table data with virtual columns
- Incorrect data formatting in Data Editor (T310401)
- Incorrect shift of visible zone in Database Diagram when drag-and-dropping objects to the container (T312054)
- Parameters applied only to the first query during multiple queries in Data Report (T307560)
- Incorrect formatting of DATETIME in the Formatting options window for Data Editor (T310931)
- Critical error when loading application (T310150)
- Improved Data Editor behavior in the Filter Editor window (T309337)
- Incorrect export of the date format when exporting from the results grid (T313468, T314591)
- Trace information was added to further fix of the issue with exporting to Xls file (T309909)
- Issues when profiling queries (T310496)
- Showing a valid object as invalid in Find Invalid Objects
- Object duplicates error in object search
dbForge Studio for MySQL Professional 9.0.338
Bug fixes:
- Problem with lost connection after 30 sec is fixed
- Problems with cache file are fixed
- Problem with date and time format is fixed
- Problem with loosing DEFINER is fixed
dbForge Studio for MySQL Professional 9.0.304
Connectivity:
- Connectivity support for MariaDB 10.5 is added
- Display of server type in the Property window for MySQL, MariaDB, Percona, Amazon, Alibaba Cloud, and Tencent Cloud is added
- Display of server type in the Connections section of the System window for MySQL, MariaDB, Percona, Amazon, Alibaba Cloud, and Tencent Cloud is added
- Database Connection Properties and Test Connection windows are redesigned
- Connectivity support for SkySQL is added
Database Design:
- The Find Invalid Objects feature is implemented
Support for new objects:
- Working with the Packages and Sequences established in MariaDB 10.3 is supported
SQL Document:
- -- nowarn and -- endnowarn tags have been added to the Execution warnings functionality
- Exporting execution history in the CSV file format is added
Code Completion:
- Code completion is available in the body of triggers and events
Data Editor:
- Cached Updates mode is implemented
Schema Compare:
- Scripts Folder comparison is added
- Object Filter is implemented
- Schema Comparison Report window is redesigned
- HTML reports are redesigned.
- Pre and post script execution during data synchronization
- Ignore DEFINER and SQL SECURITY clauses option is modified
- Ignore row format table option is added
- Ignore AUTO_INCREMENT option is added
- DDL Diff control is redesigned
Data Compare:
- Scripts Folder comparison is added
- Data Compare control is redesigned
- Data Comparison Report window is redesigned
- Pre and post script execution during data synchronization
- Option to append timestamp to the name of the data sync script file is added to Data Synchronization Wizard
- Option to set default values is added to Data Synchronization Wizard
Data Generator:
- Pre and post script execution during data population.
Database Backup:
- Option to disable reference tables from the backup is added
Data Export and Import:
- Output tab is added to Data Import Wizard and Data Export Wizard
- Data Export, CSV tab is added to the Options window
- Display of selected data export format is added to all tabs of Data Export Wizard
Other Improvements:
- Command line prompt is expanded with a full list of available exit codes
- Activation of the tool via the command-line interface is implemented
User-reported bug fixes:
- Problem with precision for Update Timestamp on MariaDB 10.3 is fixed
- Problem with generating CREATE script 'curdate()' with quotes is fixed
- Problem with generating null is fixed
- Problem with error on backup is fixed
- Problem with increment update is fixed
- Problem with displaying multi-line comments is fixed
- Problem with scrolling fields is fixed
- Problem with error exporting .rdb report to DOCX is fixed
- Problem with options editing format is fixed
- Problem with Restore running is fixed
- Problem with "find and replace" window is fixed
- Problem with comparing projects and databases is fixed
- Problem with displaying warnings in Output is fixed
- Problem with displaying property AUTO_INCREMENT is fixed
- Problem with completion list in case of using JOIN is fixed
- Problem with highlighting error is fixed
- Problem with displaying of controls for 4K monitors is fixed
- Problem with generating backup scripts is fixed
- Other user reported bugs are fixed
dbForge Studio for MySQL Professional 8.2.23
- Fixed: problem with connection to Azure Database for MySQL is fixed
dbForge Studio for MySQL Professional 8.2.21
Improvements:
- Support for Check Constraints for MySQL
User reported bugs fixed:
- Problem with script generating is fixed
- Problem with incorrect foreign key creating is fixed
- Problem with procedure debugging is fixed
- Problems with data export to Excel is fixed
- Other user reported bugs are fixed
dbForge Studio for MySQL Professional 8.1.45
Bugs fixed:
- Problem with "Set Value To Null" is fixed
- Problem with incorrect display of page count is fixed
- Problem with incorrect utc_timestamp quotes is fixed
- Problem with AUTO_INCREMENT property loosing is fixed
- Problem with wrong status message is fixed
- Problem with wrong table rebuild is fixed
- Problem with date format is fixed
- Problem with procedure debugging when lower_case_table_names = 0 is fixed
- Problem with smart data generators list is fixed
- Other user reported bugs are fixed
dbForge Studio for MySQL Professional 8.1.22
Connectivity
- Support for MariaDB 10.4
User reported bugs fixed
- "PDF view" mode of Data Viewer issue is fixed
- A comparison of objects names with different case issue is fixed
- "Spatial view" mode of Data Viewer issue is fixed
- Problem in Data Population Wizard is fixed
- Problem in SQL Document is fixed
- Other user reported bugs are fixed
更新時間:2021-11-12
更新細節:
What's new in this version:
HitmanPro.Alert 3.8.18 Build 921
- Change log not available for this version
HitmanPro.Alert 3.8.17 Build 915
Added:
- LockdownLoadImage mitigation to applications under the Office protection category; mitigates e.g. CVE-2021-40444
- Extended information in alert when CookieGuard detects cookie grab by untrusted code in a web browser, e.g., hashes of remote owner process and owner module
Fixed:
- Compatibility of Enforce DEP with Norton Security
- Small memory leak that occurred when switching CryptoGuard modes
- Compatibility with Windows CET (Shadow Stack)
- Benefits Info button now lands on the correct page
Improved:
- HollowProcess (Main Thread Hijack; MTH) mitigation to detect Cobalt Strike Beacon installing over SMB
- CookieGuard, fixed some small issues
- Compatibility with Visual Studio triggering alerts
- Changed Re-enabled global Syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.14 Build 907
- Fixed a crash that could occur in Microsoft Office 365
- Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.
HitmanPro.Alert 3.8.13 Build 903
- Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
- Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390
- Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected
- Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations
- Improved detection of Chromium-based web browser for CookieGuard
- Added Thumbprint generation for remote-debugging-port CookieGuard detection
- Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.13 Build 901
- Fixed more compatibility issues between process hollowing and certain games
- Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build
- Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges
- Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile
- Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
- Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
- Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines
HitmanPro.Alert 3.8.12 Build 899
- Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added:
- New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
- DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2)
- SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
- CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
- an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed:
- stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content
- APC Violation mitigation so it now correctly identifies process injection from VMware
- Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA)
- Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio
Improved:
- CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
- threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
- Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
- Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
HitmanPro.Alert 3.8.9 Build 891
- Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
HitmanPro.Alert 3.8.8 Build 889
- Change log not available for this version
HitmanPro.Alert 3.8.8 Build 887
Added:
- HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
- Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu
- Automatic protection of Microsoft Access against exploitation
- DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation
Improved:
- Alert report now includes a list of services if a process runs as a service
- CryptoGuard-only now also enables anti-malware
- GUI: Added anti-malware menu item to settings menu
- GUI: EULA on install dialo
- Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost
- Windows on ARM: Fixed last scan timestamp
- AmsiGuard: Now supports unloading of AMSI.DLL
- ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application
- CredGuardSAM: Prevent registry command line tool from dumping credentials
- WipeGuard: Volume Boot Record (VBR) protection and alert details
- Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection
Fixed:
- CodeCave: coding error that could cause certain rare applications to crash
- CodeCave: False alarms when application is packed with boxedApp packer
- ACPProtection: False alarms when application is packed with boxedApp packer
- ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1
- CryptoGuard 5: False alarm in combination with Dropbox
- CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature
- HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack
- Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP)
- Italian string in Systray context menu
HitmanPro.Alert 3.8.6 Build 875
- Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
- Improved CryptoGuard detection
- Improved WoW64 mitigation
- Improved upgrade of build 7xx to a 8xx build
- Improved installer to detect partial old installation
- Improved the internal updater to check more frequent for updates
- Various minor improvements
- All binaries built with Visual C++ 16.6.1 with Spectre mitigations
HitmanPro.Alert 3.8.4 Build 871
- Change log not available for this version
HitmanPro.Alert 3.8.3 Build 869
Fixed:
- handle leak in Alert's service process
- compatibility with BoxedApp applications
- event log to show the timestamp in local time instead of UTC time
- a device reference counting issue in the driver related to WipeGuard mitigation
Improved:
- CryptoGuard 5 algorithms
- APC mitigation
- DEP mitigation
- HeapHeapProtect detection
- HeapSpray mitigation
- SysCall mitigation
- the update pending message to be shown more frequent instead of just once
All binaries built with Visual C++ 16.5.3 with Spectre mitigations
HitmanPro.Alert 3.8.2 Build 867
- Change log not available for this version
HitmanPro.Alert 3.8.1 Build 863
- Improved CryptoGuard 5 detection
- Improved minifilter performance
- Improved compatibility with VMware ThinApp applications
- Improved compatibility with BoxedApp applications
- Improved compatibility with Checkpoint
- Various minor improvements to alert reports
- Fixed CTF Guard false alarms on some computers
- Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
- Fixed HeapHeapProtect false alarms on Visual FoxPro applications
- Fixed APC mitigation false alarms on some .NET 1.1 applications
- Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
- All binaries built with Visual C++ 16.4.3 with Spectre mitigations
HitmanPro.Alert 3.8.0 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 793
- Change log not available for this version
HitmanPro.Alert 3.7.11 Build 791
- Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
- Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)
HitmanPro.Alert 3.7.10 Build 789
- Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
- Improved compatibility with Webroot security software, fixing application crashes
- Improved compatibility with Bitdefender security software, fixing application crashes
- Improved compatibility with Trend Micro security software, fixing application crashes
- Improved compatibility of CTFGuard with VMware ThinApp
HitmanPro.Alert 3.7.10 Build 787
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 779
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 777
- Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
- Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
- Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
- Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
- Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack
HitmanPro.Alert 3.7.9 Build 775
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 773
- Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
- Improved Heap Heap Protect
- Improved CodeCave
- Fixed Trend Micro Intruder/Safe Browsing incompatibility
HitmanPro.Alert 3.7.9 Build 771
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 759
- Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
- Added Compatibility with Windows 10 Redstone 5
- Improved WipeGuard mitigation handling VBR sectors
- Improved Asynchronous Procedure Call (APC) Mitigation
- Improved SEHOP mitigation performance improvement
- Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
- Improved Windows Vista code injection
- Fixed Compatibility with Windows XP Embedded POSReady 2009
- Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
- Fixed Compatibility with Microsoft Hyper-V failed to start
- Fixed Compatibility with F-Secure DeepGuard
- Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
- Fixed Security issue (CVE assigned)
- Updated Botan 2.7.0
- Updated Sqlite 3.24.0
- Updated All code compiled with Visual Studio C++ 15.8.4
- Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
- Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
HitmanPro.Alert 3.7.8 Build 751
- Change log not available for this version
HitmanPro.Alert 3.7.8 Build 750
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 739
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 738
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 737
- Change log not available for this version
HitmanPro.Alert 3.7.3 Build 729
- Change log not available for this version
HitmanPro.Alert 3.7.1 Build 723
- Added Real-Time Anti-Malware, which works with the HitmanPro cloud
- Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks
- Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process
- Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks
- Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence
- Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection)
- Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update)
- Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert
- Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard
- Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites
- Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code
- Improved Import Address Table Address Filtering (IAF) exploit mitigation
- Improved code injection of the HitmanPro.Alert Support Library (DLL)
- Improved upgrade when running in 'Anti-ransomware only' mode
- Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes
- Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security)
- Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office
- Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL
- Fixed a DEP mitigation triggered in some Microsoft Excel macro's
- Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update)
- Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation
- Many other minor fixes and improvements
HitmanPro.Alert 3.6.7 Build 604
- Fixed CryptoGuard false positive
HitmanPro.Alert 3.6.6 Build 593
- Change log not available for this version
HitmanPro.Alert 3.6.5 Build 592
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 588
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 586
- Fixed bug in CryptoGuard correlation
更新時間:2021-11-11
更新細節:
更新時間:2021-11-11
更新細節:
更新時間:2021-11-11
更新細節:
更新時間:2021-10-06
更新細節:
更新時間:2021-08-16
更新細節:
更新時間:2021-07-10
更新細節:
What's new in this version:
HitmanPro.Alert 3.8.14 Build 907
- Fixed a crash that could occur in Microsoft Office 365
- Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.
HitmanPro.Alert 3.8.13 Build 903
- Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
- Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390
- Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected
- Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations
- Improved detection of Chromium-based web browser for CookieGuard
- Added Thumbprint generation for remote-debugging-port CookieGuard detection
- Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.13 Build 901
- Fixed more compatibility issues between process hollowing and certain games
- Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build
- Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges
- Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile
- Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
- Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
- Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines
HitmanPro.Alert 3.8.12 Build 899
- Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added:
- New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
- DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2)
- SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
- CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
- an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed:
- stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content
- APC Violation mitigation so it now correctly identifies process injection from VMware
- Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA)
- Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio
Improved:
- CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
- threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
- Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
- Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
HitmanPro.Alert 3.8.9 Build 891
- Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
HitmanPro.Alert 3.8.8 Build 889
- Change log not available for this version
HitmanPro.Alert 3.8.8 Build 887
Added:
- HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
- Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu
- Automatic protection of Microsoft Access against exploitation
- DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation
Improved:
- Alert report now includes a list of services if a process runs as a service
- CryptoGuard-only now also enables anti-malware
- GUI: Added anti-malware menu item to settings menu
- GUI: EULA on install dialo
- Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost
- Windows on ARM: Fixed last scan timestamp
- AmsiGuard: Now supports unloading of AMSI.DLL
- ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application
- CredGuardSAM: Prevent registry command line tool from dumping credentials
- WipeGuard: Volume Boot Record (VBR) protection and alert details
- Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection
Fixed:
- CodeCave: coding error that could cause certain rare applications to crash
- CodeCave: False alarms when application is packed with boxedApp packer
- ACPProtection: False alarms when application is packed with boxedApp packer
- ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1
- CryptoGuard 5: False alarm in combination with Dropbox
- CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature
- HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack
- Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP)
- Italian string in Systray context menu
HitmanPro.Alert 3.8.6 Build 875
- Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
- Improved CryptoGuard detection
- Improved WoW64 mitigation
- Improved upgrade of build 7xx to a 8xx build
- Improved installer to detect partial old installation
- Improved the internal updater to check more frequent for updates
- Various minor improvements
- All binaries built with Visual C++ 16.6.1 with Spectre mitigations
HitmanPro.Alert 3.8.4 Build 871
- Change log not available for this version
HitmanPro.Alert 3.8.3 Build 869
Fixed:
- handle leak in Alert's service process
- compatibility with BoxedApp applications
- event log to show the timestamp in local time instead of UTC time
- a device reference counting issue in the driver related to WipeGuard mitigation
Improved:
- CryptoGuard 5 algorithms
- APC mitigation
- DEP mitigation
- HeapHeapProtect detection
- HeapSpray mitigation
- SysCall mitigation
- the update pending message to be shown more frequent instead of just once
All binaries built with Visual C++ 16.5.3 with Spectre mitigations
HitmanPro.Alert 3.8.2 Build 867
- Change log not available for this version
HitmanPro.Alert 3.8.1 Build 863
- Improved CryptoGuard 5 detection
- Improved minifilter performance
- Improved compatibility with VMware ThinApp applications
- Improved compatibility with BoxedApp applications
- Improved compatibility with Checkpoint
- Various minor improvements to alert reports
- Fixed CTF Guard false alarms on some computers
- Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
- Fixed HeapHeapProtect false alarms on Visual FoxPro applications
- Fixed APC mitigation false alarms on some .NET 1.1 applications
- Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
- All binaries built with Visual C++ 16.4.3 with Spectre mitigations
HitmanPro.Alert 3.8.0 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 793
- Change log not available for this version
HitmanPro.Alert 3.7.11 Build 791
- Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
- Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)
HitmanPro.Alert 3.7.10 Build 789
- Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
- Improved compatibility with Webroot security software, fixing application crashes
- Improved compatibility with Bitdefender security software, fixing application crashes
- Improved compatibility with Trend Micro security software, fixing application crashes
- Improved compatibility of CTFGuard with VMware ThinApp
HitmanPro.Alert 3.7.10 Build 787
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 779
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 777
- Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
- Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
- Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
- Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
- Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack
HitmanPro.Alert 3.7.9 Build 775
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 773
- Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
- Improved Heap Heap Protect
- Improved CodeCave
- Fixed Trend Micro Intruder/Safe Browsing incompatibility
HitmanPro.Alert 3.7.9 Build 771
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 759
- Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
- Added Compatibility with Windows 10 Redstone 5
- Improved WipeGuard mitigation handling VBR sectors
- Improved Asynchronous Procedure Call (APC) Mitigation
- Improved SEHOP mitigation performance improvement
- Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
- Improved Windows Vista code injection
- Fixed Compatibility with Windows XP Embedded POSReady 2009
- Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
- Fixed Compatibility with Microsoft Hyper-V failed to start
- Fixed Compatibility with F-Secure DeepGuard
- Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
- Fixed Security issue (CVE assigned)
- Updated Botan 2.7.0
- Updated Sqlite 3.24.0
- Updated All code compiled with Visual Studio C++ 15.8.4
- Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
- Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
HitmanPro.Alert 3.7.8 Build 751
- Change log not available for this version
HitmanPro.Alert 3.7.8 Build 750
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 739
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 738
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 737
- Change log not available for this version
HitmanPro.Alert 3.7.3 Build 729
- Change log not available for this version
HitmanPro.Alert 3.7.1 Build 723
- Added Real-Time Anti-Malware, which works with the HitmanPro cloud
- Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks
- Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process
- Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks
- Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence
- Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection)
- Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update)
- Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert
- Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard
- Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites
- Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code
- Improved Import Address Table Address Filtering (IAF) exploit mitigation
- Improved code injection of the HitmanPro.Alert Support Library (DLL)
- Improved upgrade when running in 'Anti-ransomware only' mode
- Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes
- Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security)
- Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office
- Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL
- Fixed a DEP mitigation triggered in some Microsoft Excel macro's
- Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update)
- Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation
- Many other minor fixes and improvements
HitmanPro.Alert 3.6.7 Build 604
- Fixed CryptoGuard false positive
HitmanPro.Alert 3.6.6 Build 593
- Change log not available for this version
HitmanPro.Alert 3.6.5 Build 592
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 588
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 586
- Fixed bug in CryptoGuard correlation