HitmanPro.Alert 歷史版本列表
HitmanPro.Alert 阻止核心技術和利用惡意軟件的用途從防病毒軟件隱藏。它還可以通過觀察這些威脅所顯示的行為來檢測入侵者,如銀行惡意軟件,遠程訪問工具和加密勒索軟件。它甚至可以讓沙箱感知的惡意軟件終止自己,通過接種或“隱藏”您的電腦作為病毒研究人員.HitmanPro.Alert,其中包括 HitmanPro 的發現和刪除能力,將您的計算機變成一個非常不受歡迎的受害者,實時自動停止和... HitmanPro.Alert 軟體介紹更新時間:2021-07-10
更新細節:
What's new in this version:
Atomic Email Hunter 15.16.0.469
- Change log not available for this version
Atomic Email Hunter 15.16.0.468
- The Yelp plugin has been restored
- Updating the browser library in the built-in browser for authentication
- Optimized search using the "Process JavaScript" option
- Fixed problem with multiple error notifications in Atomic Email Hunter after searching by URL
- Fixed bugs when researching
- The filter "Skip domain if no addresses were found on" has been fixed
- Fixed a bug by displaying only the first keyword searching through the list
Atomic Email Hunter 15.15.0.460
- Added the possibility of search through proxy servers for the “Parse JavaScript” option
- The Yelp plugin fixed
Atomic Email Hunter 15.11.0.457
- Proxy Checker Not Found error was fixed
- Access violation error after closing the program was fixed
- Invalid pointer operation error after closing the program was fixed
- Errors in search when using Javascript were fixed
Atomic Email Hunter 15.10.0.454
- Fixed a bug that didn’t handles long links in the program
- Fixed problem with incorrect navigation on relative links on web pages
- Fixed errors when working with the "Domain Search" plugin
- Fixed localization errors. Now the program determines the location with more precision
- Fixed problems in the program core
- Optimized address filtering, when Atomic Email Hunter consumed more resources
- Improved interface and fixed errors in displaying elements
Atomic Email Hunter 15.0.0.390
- Change log not available for this version
Atomic Email Hunter 14.4.0.372
- Change log not available for this version
Atomic Email Hunter 14.4.0.371
- Change log not available for this version
更新時間:2021-07-10
更新細節:
What's new in this version:
Added:
- Enable ruby to support path length >260 characters
- Add racc, rbs and typeprof to executables
Changed:
- Update to ruby-3.0.2, see release notes
- Update of the SSL CA certificate list
- Move CI and and release builds from Appveyor to Github Actions
- Move RunInstaller's pacman repository from Bintray to Github Releases
- Update bundled gpg keyring file for pacman to support new MSYS2 package signatures
更新時間:2021-07-10
更新細節:
What's new in this version:
Added:
- Enable ruby to support path length >260 characters
- Add racc to executables
Changed:
- Update to ruby-2.7.4, see release notes
- Update of the SSL CA certificate list
- Move CI and and release builds from Appveyor to Github Actions
- Move RunInstaller's pacman repository from Bintray to Github Releases
- Update bundled gpg keyring file for pacman to support new MSYS2 package signatures
更新時間:2021-07-10
更新細節:
What's new in this version:
Added:
- Enable ruby to support path length >260 characters
Changed:
- Update to ruby-2.6.8, see release notes
- Update of the SSL CA certificate list
- Move CI and and release builds from Appveyor to Github Actions
- Move RunInstaller's pacman repository from Bintray to Github Releases
- Update bundled gpg keyring file for pacman to support new MSYS2 package signatures
更新時間:2021-06-24
更新細節:
What's new in this version:
HitmanPro.Alert 3.8.13 Build 903
- Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
- Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390
- Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected
- Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations
- Improved detection of Chromium-based web browser for CookieGuard
- Added Thumbprint generation for remote-debugging-port CookieGuard detection
- Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
HitmanPro.Alert 3.8.13 Build 901
- Fixed more compatibility issues between process hollowing and certain games
- Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build
- Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges
- Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile
- Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
- Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
- Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines
HitmanPro.Alert 3.8.12 Build 899
- Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added:
- New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
- DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2)
- SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
- CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
- an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed:
- stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content
- APC Violation mitigation so it now correctly identifies process injection from VMware
- Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA)
- Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio
Improved:
- CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
- threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
- Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
- Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
HitmanPro.Alert 3.8.9 Build 891
- Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
HitmanPro.Alert 3.8.8 Build 889
- Change log not available for this version
HitmanPro.Alert 3.8.8 Build 887
Added:
- HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
- Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu
- Automatic protection of Microsoft Access against exploitation
- DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation
Improved:
- Alert report now includes a list of services if a process runs as a service
- CryptoGuard-only now also enables anti-malware
- GUI: Added anti-malware menu item to settings menu
- GUI: EULA on install dialo
- Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost
- Windows on ARM: Fixed last scan timestamp
- AmsiGuard: Now supports unloading of AMSI.DLL
- ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application
- CredGuardSAM: Prevent registry command line tool from dumping credentials
- WipeGuard: Volume Boot Record (VBR) protection and alert details
- Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection
Fixed:
- CodeCave: coding error that could cause certain rare applications to crash
- CodeCave: False alarms when application is packed with boxedApp packer
- ACPProtection: False alarms when application is packed with boxedApp packer
- ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1
- CryptoGuard 5: False alarm in combination with Dropbox
- CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature
- HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack
- Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP)
- Italian string in Systray context menu
HitmanPro.Alert 3.8.6 Build 875
- Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
- Improved CryptoGuard detection
- Improved WoW64 mitigation
- Improved upgrade of build 7xx to a 8xx build
- Improved installer to detect partial old installation
- Improved the internal updater to check more frequent for updates
- Various minor improvements
- All binaries built with Visual C++ 16.6.1 with Spectre mitigations
HitmanPro.Alert 3.8.4 Build 871
- Change log not available for this version
HitmanPro.Alert 3.8.3 Build 869
Fixed:
- handle leak in Alert's service process
- compatibility with BoxedApp applications
- event log to show the timestamp in local time instead of UTC time
- a device reference counting issue in the driver related to WipeGuard mitigation
Improved:
- CryptoGuard 5 algorithms
- APC mitigation
- DEP mitigation
- HeapHeapProtect detection
- HeapSpray mitigation
- SysCall mitigation
- the update pending message to be shown more frequent instead of just once
All binaries built with Visual C++ 16.5.3 with Spectre mitigations
HitmanPro.Alert 3.8.2 Build 867
- Change log not available for this version
HitmanPro.Alert 3.8.1 Build 863
- Improved CryptoGuard 5 detection
- Improved minifilter performance
- Improved compatibility with VMware ThinApp applications
- Improved compatibility with BoxedApp applications
- Improved compatibility with Checkpoint
- Various minor improvements to alert reports
- Fixed CTF Guard false alarms on some computers
- Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
- Fixed HeapHeapProtect false alarms on Visual FoxPro applications
- Fixed APC mitigation false alarms on some .NET 1.1 applications
- Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
- All binaries built with Visual C++ 16.4.3 with Spectre mitigations
HitmanPro.Alert 3.8.0 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 793
- Change log not available for this version
HitmanPro.Alert 3.7.11 Build 791
- Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
- Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)
HitmanPro.Alert 3.7.10 Build 789
- Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
- Improved compatibility with Webroot security software, fixing application crashes
- Improved compatibility with Bitdefender security software, fixing application crashes
- Improved compatibility with Trend Micro security software, fixing application crashes
- Improved compatibility of CTFGuard with VMware ThinApp
HitmanPro.Alert 3.7.10 Build 787
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 779
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 777
- Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
- Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
- Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
- Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
- Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack
HitmanPro.Alert 3.7.9 Build 775
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 773
- Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
- Improved Heap Heap Protect
- Improved CodeCave
- Fixed Trend Micro Intruder/Safe Browsing incompatibility
HitmanPro.Alert 3.7.9 Build 771
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 759
- Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
- Added Compatibility with Windows 10 Redstone 5
- Improved WipeGuard mitigation handling VBR sectors
- Improved Asynchronous Procedure Call (APC) Mitigation
- Improved SEHOP mitigation performance improvement
- Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
- Improved Windows Vista code injection
- Fixed Compatibility with Windows XP Embedded POSReady 2009
- Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
- Fixed Compatibility with Microsoft Hyper-V failed to start
- Fixed Compatibility with F-Secure DeepGuard
- Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
- Fixed Security issue (CVE assigned)
- Updated Botan 2.7.0
- Updated Sqlite 3.24.0
- Updated All code compiled with Visual Studio C++ 15.8.4
- Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
- Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
HitmanPro.Alert 3.7.8 Build 751
- Change log not available for this version
HitmanPro.Alert 3.7.8 Build 750
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 739
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 738
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 737
- Change log not available for this version
HitmanPro.Alert 3.7.3 Build 729
- Change log not available for this version
HitmanPro.Alert 3.7.1 Build 723
- Added Real-Time Anti-Malware, which works with the HitmanPro cloud
- Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks
- Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process
- Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks
- Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence
- Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection)
- Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update)
- Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert
- Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard
- Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites
- Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code
- Improved Import Address Table Address Filtering (IAF) exploit mitigation
- Improved code injection of the HitmanPro.Alert Support Library (DLL)
- Improved upgrade when running in 'Anti-ransomware only' mode
- Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes
- Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security)
- Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office
- Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL
- Fixed a DEP mitigation triggered in some Microsoft Excel macro's
- Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update)
- Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation
- Many other minor fixes and improvements
HitmanPro.Alert 3.6.7 Build 604
- Fixed CryptoGuard false positive
HitmanPro.Alert 3.6.6 Build 593
- Change log not available for this version
HitmanPro.Alert 3.6.5 Build 592
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 588
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 586
- Fixed bug in CryptoGuard correlation
更新時間:2021-06-23
更新細節:
更新時間:2021-06-09
更新細節:
更新時間:2021-05-26
更新細節:
What's new in this version:
HitmanPro.Alert 3.8.12 Build 899
- Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added:
- New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
- DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2)
- SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
- CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
- an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed:
- stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content
- APC Violation mitigation so it now correctly identifies process injection from VMware
- Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA)
- Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio
Improved:
- CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
- threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
- Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
- Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
HitmanPro.Alert 3.8.9 Build 891
- Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
HitmanPro.Alert 3.8.8 Build 889
- Change log not available for this version
HitmanPro.Alert 3.8.8 Build 887
Added:
- HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
- Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu
- Automatic protection of Microsoft Access against exploitation
- DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation
Improved:
- Alert report now includes a list of services if a process runs as a service
- CryptoGuard-only now also enables anti-malware
- GUI: Added anti-malware menu item to settings menu
- GUI: EULA on install dialo
- Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost
- Windows on ARM: Fixed last scan timestamp
- AmsiGuard: Now supports unloading of AMSI.DLL
- ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application
- CredGuardSAM: Prevent registry command line tool from dumping credentials
- WipeGuard: Volume Boot Record (VBR) protection and alert details
- Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection
Fixed:
- CodeCave: coding error that could cause certain rare applications to crash
- CodeCave: False alarms when application is packed with boxedApp packer
- ACPProtection: False alarms when application is packed with boxedApp packer
- ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1
- CryptoGuard 5: False alarm in combination with Dropbox
- CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature
- HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack
- Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP)
- Italian string in Systray context menu
HitmanPro.Alert 3.8.6 Build 875
- Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
- Improved CryptoGuard detection
- Improved WoW64 mitigation
- Improved upgrade of build 7xx to a 8xx build
- Improved installer to detect partial old installation
- Improved the internal updater to check more frequent for updates
- Various minor improvements
- All binaries built with Visual C++ 16.6.1 with Spectre mitigations
HitmanPro.Alert 3.8.4 Build 871
- Change log not available for this version
HitmanPro.Alert 3.8.3 Build 869
Fixed:
- handle leak in Alert's service process
- compatibility with BoxedApp applications
- event log to show the timestamp in local time instead of UTC time
- a device reference counting issue in the driver related to WipeGuard mitigation
Improved:
- CryptoGuard 5 algorithms
- APC mitigation
- DEP mitigation
- HeapHeapProtect detection
- HeapSpray mitigation
- SysCall mitigation
- the update pending message to be shown more frequent instead of just once
All binaries built with Visual C++ 16.5.3 with Spectre mitigations
HitmanPro.Alert 3.8.2 Build 867
- Change log not available for this version
HitmanPro.Alert 3.8.1 Build 863
- Improved CryptoGuard 5 detection
- Improved minifilter performance
- Improved compatibility with VMware ThinApp applications
- Improved compatibility with BoxedApp applications
- Improved compatibility with Checkpoint
- Various minor improvements to alert reports
- Fixed CTF Guard false alarms on some computers
- Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
- Fixed HeapHeapProtect false alarms on Visual FoxPro applications
- Fixed APC mitigation false alarms on some .NET 1.1 applications
- Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
- All binaries built with Visual C++ 16.4.3 with Spectre mitigations
HitmanPro.Alert 3.8.0 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 861
- Improved CryptoGuard 5 performance
- Improved suppress alert event user interface
- Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
- Fixed potential local privilege escalation (LPE)
HitmanPro.Alert 3.7.12 Build 793
- Change log not available for this version
HitmanPro.Alert 3.7.11 Build 791
- Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
- Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)
HitmanPro.Alert 3.7.10 Build 789
- Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
- Improved compatibility with Webroot security software, fixing application crashes
- Improved compatibility with Bitdefender security software, fixing application crashes
- Improved compatibility with Trend Micro security software, fixing application crashes
- Improved compatibility of CTFGuard with VMware ThinApp
HitmanPro.Alert 3.7.10 Build 787
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 779
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 777
- Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
- Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
- Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
- Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
- Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack
HitmanPro.Alert 3.7.9 Build 775
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 773
- Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
- Improved Heap Heap Protect
- Improved CodeCave
- Fixed Trend Micro Intruder/Safe Browsing incompatibility
HitmanPro.Alert 3.7.9 Build 771
- Change log not available for this version
HitmanPro.Alert 3.7.9 Build 759
- Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
- Added Compatibility with Windows 10 Redstone 5
- Improved WipeGuard mitigation handling VBR sectors
- Improved Asynchronous Procedure Call (APC) Mitigation
- Improved SEHOP mitigation performance improvement
- Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
- Improved Windows Vista code injection
- Fixed Compatibility with Windows XP Embedded POSReady 2009
- Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
- Fixed Compatibility with Microsoft Hyper-V failed to start
- Fixed Compatibility with F-Secure DeepGuard
- Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
- Fixed Security issue (CVE assigned)
- Updated Botan 2.7.0
- Updated Sqlite 3.24.0
- Updated All code compiled with Visual Studio C++ 15.8.4
- Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
- Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
HitmanPro.Alert 3.7.8 Build 751
- Change log not available for this version
HitmanPro.Alert 3.7.8 Build 750
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 739
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 738
- Change log not available for this version
HitmanPro.Alert 3.7.6 Build 737
- Change log not available for this version
HitmanPro.Alert 3.7.3 Build 729
- Change log not available for this version
HitmanPro.Alert 3.7.1 Build 723
- Added Real-Time Anti-Malware, which works with the HitmanPro cloud
- Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks
- Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process
- Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks
- Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence
- Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection)
- Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update)
- Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert
- Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard
- Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites
- Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code
- Improved Import Address Table Address Filtering (IAF) exploit mitigation
- Improved code injection of the HitmanPro.Alert Support Library (DLL)
- Improved upgrade when running in 'Anti-ransomware only' mode
- Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes
- Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security)
- Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office
- Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL
- Fixed a DEP mitigation triggered in some Microsoft Excel macro's
- Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update)
- Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation
- Many other minor fixes and improvements
HitmanPro.Alert 3.6.7 Build 604
- Fixed CryptoGuard false positive
HitmanPro.Alert 3.6.6 Build 593
- Change log not available for this version
HitmanPro.Alert 3.6.5 Build 592
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 588
- Change log not available for this version
HitmanPro.Alert 3.6.4 Build 586
- Fixed bug in CryptoGuard correlation
更新時間:2021-05-26
更新細節:
更新時間:2021-05-14
更新細節: