HITMANPRO.ALERT 3 - Aggiornamenti di versione.

In questa sezione del forum si parla di sicurezza, soluzioni antivirus, firewall, problematiche relative a malware in generale

Moderatore: Staff forum IlSoftware.it

Avatar utente
[Claudio]
Advanced Software
Advanced Software
Messaggi: 2558
Iscritto il: 12 giu 2009 10:09
Località: 45° 44' 54'' N; 7° 21' 22'' E

Re: HITMANPRO.ALERT 3 - Aggiornamenti di versione.

Messaggioda [Claudio] » 27 ott 2017 18:31

Interessante (HitmanPro.Alert 3.7 Build 708 Community Technology Preview 2 (CTP2)): protezione in real-time :regolamento: :approvato:

New Features in version 3.7

Real-time Anti-Malware
Works with the HitmanPro cloud.

Credential Theft Protection
Preventing theft of authentication passwords and hash information from memory, registry and disk. Prevents Mimikatz-style attacks.

Local Privilege Guard
Prevents exploits of the operating system kernel. Prevents an attacker from using the privilege information of another process.

Code Cave mitigation
Stops backdoors in trusted code.

Sticky Keys mitigation
Prevents misuse of the Microsoft sticky key feature. Usually used by attackers to gain persistence.

Asynchronous Procedure Call (APC) mitigation
Stops code injection via APC (ex. DoublePulsar and Atom Bombing attack).

Application Verifier mitigation
Prevents misuse of the Application Verifier feature of Windows (eg. Double Agent attack).

Malicious Process Migration
Detects remote reflective DLL injection used to move laterally between processes.


Mi attira parecchio .... ma, per ora evito (è sempre una BETA) ..... e sono sicuro che dovrei "smadonnare" con le mitigazioni per far avviare correttamente ProtonVPN

Comunque, se qualcuno è interessato: http://test.hitmanpro.com/hmpalert3b708.exe
PC Desktop ASUS: Windows 10 Pro
HitmanPro.Alert 3.6 HitmanPro Malwarebytes Antimalware ProtonVPN Chrome & Tor Browser

Avatar utente
[Claudio]
Advanced Software
Advanced Software
Messaggi: 2558
Iscritto il: 12 giu 2009 10:09
Località: 45° 44' 54'' N; 7° 21' 22'' E

Re: HITMANPRO.ALERT 3 - Aggiornamenti di versione.

Messaggioda [Claudio] » 24 nov 2017 12:44

Rilasciato HitmanPro.Alert 3.7.1 Build 723.

Changelog (piuttosto corposo):

Added Real-Time Anti-Malware, which works with the HitmanPro cloud.
Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks.
Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process.
Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks.
Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence.
Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection).
Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update).
Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites.
Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
Improved Import Address Table Address Filtering (IAF) exploit mitigation.
Improved code injection of the HitmanPro.Alert Support Library (DLL).
Improved upgrade when running in 'Anti-ransomware only' mode.
Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes.
Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security).
Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
Fixed a DEP mitigation triggered in some Microsoft Excel macro's.
Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
Many other minor fixes and improvements.


La novità più importante è lo scanner integrato (Anti-Malware) con protezione in real-time:

Added Real-Time Anti-Malware, which works with the HitmanPro cloud.


Immagine


Per ora non ha interfaccia di configurazione (esclusioni comprese); @erikloman ha confermato che ci stanno lavorando.

Link per il download: https://dl.surfright.nl/hmpalert3.exe
PC Desktop ASUS: Windows 10 Pro
HitmanPro.Alert 3.6 HitmanPro Malwarebytes Antimalware ProtonVPN Chrome & Tor Browser

deepdark
Junior Software
Junior Software
Messaggi: 114
Iscritto il: 31 mar 2015 11:19

Re: HITMANPRO.ALERT 3 - Aggiornamenti di versione.

Messaggioda deepdark » 27 nov 2017 08:44

Domanda: visto che l'antivirus microsoft ora integra pure emet, ha ancora senso prendere un software di questo tipo?

edit: segnalo che con questo coupon è possibile averlo a un prezzo molto conveniente: http://www.colormango.com/product/hitma ... 50483.html (accertatevi che vi reindirizzi sul sito di hitmanpro ovviamente).

Avatar utente
[Claudio]
Advanced Software
Advanced Software
Messaggi: 2558
Iscritto il: 12 giu 2009 10:09
Località: 45° 44' 54'' N; 7° 21' 22'' E

Re: HITMANPRO.ALERT 3 - Aggiornamenti di versione.

Messaggioda [Claudio] » 28 nov 2017 10:39

deepdark ha scritto:Domanda: visto che l'antivirus microsoft ora integra pure emet, ha ancora senso prendere un software di questo tipo?.

Se uno usa Windows Defender ed ha voglia di mettersi a smanettare con le funzionalità di EMET .... prego si accomodi 8)

Se uno (come me) non usa Windows Defender (ma, neppure, alcuna altra inutile soluzione antivirus) e non gli frega nulla di EMET .... HitmanPro.Alert + HitmanPro è fondamentale (dal mio punto di vista; certo c'è da mettere mano al portafoglio).
PC Desktop ASUS: Windows 10 Pro
HitmanPro.Alert 3.6 HitmanPro Malwarebytes Antimalware ProtonVPN Chrome & Tor Browser