HitmanPro.Alert BETA

Also 957.

 

+1. Win 10 as per signature.

 

HitmanPro.Alert 3.8.25 build 965 upgraded
OK with BlackFog 4.9.11

 

I'm still getting intermittent garbled text in Windows Mail because of Keystroke Encryption. Can we ever expect a permanent fix for this?

 

Windows 11 versie 23H2
HitmanPro.Alert Versie 3.8.25 build 965

Manually updated HitmanPro-Alert no problems.

 

What's the name of the executable of this one, seems they are rolling a newer version and/or replacing the old mail client

 

Mail?! It's a Windows store app and NOT a protected application. I've also seen this when typing in Search too.

 

HitmanPro.Alert 3.8.25 Build 967 (RC2)

Changelog (compared to 965)

• Improved KeyboardGuard
  
• Improved HeapHeapProtect

Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Download
https://dl.surfright.nl/hmpalert3b967.exe

Please let us know how this version runs on your machine
We're planning to promote this build to Stable if results are good in the coming week(s).

 

Can you remove the suppression and test with the new build?

 

Can you remove the suppression and test with the new build?

 

Can you keep an eye out if the improvements in 967 made any difference on your end?

 

No mitigation after removing the suppression and installing 967 RC2. Thanks.

 

After notification update Version 3.8.25 build 967 rebooted the PC and no problems.

 

+1

 

Also no issues so far with 967.

 

FI - No issues with Blackfog

 

This morning ...

Spoiler

Mitigation CookieGuard
Timestamp 2023-11-15T04:15:09

Platform 10.0.19045/x64 v967 06_8e
PID 16380
Feature 00FD3E745FBF91B6
Application C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Created 2023-11-11T05:05:59
Description Microsoft Edge 119

Cookie data retrieval performed by untrusted code in browser
Attempt to read protected Edge data
Caller originates from module: C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.58\msedge.dll
Certhash could not be obtained for owner-module
ErrorCode: 00000000

Loaded Modules (46)
-----------------------------------------------------------------------------
00007FF702410000-00007FF7027DC000 msedge.exe (Microsoft Corporation),
version: 119.0.2151.58
00007FFBC8ED0000-00007FFBC90C8000 ntdll.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7BF0000-00007FFBC7CAD000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6310000-00007FFBC6457000 hmpalert.dll (Sophos B.V.),
version: 3.8.25.967
00007FFBC6750000-00007FFBC6A46000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFB42D60000-00007FFB43183000 msedge_elf.dll (Microsoft Corporation),
version: 119.0.2151.58
00007FFBC81A0000-00007FFBC826D000 OLEAUT32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6C00000-00007FFBC6C9D000 msvcp_win.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC65B0000-00007FFBC66B0000 ucrtbase.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7070000-00007FFBC73C4000 combase.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6F40000-00007FFBC7066000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6CA0000-00007FFBC6D22000 bcryptprimitives.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBBC630000-00007FFBBC63A000 version.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7970000-00007FFBC7A0E000 msvcrt.dll (Microsoft Corporation),
version: 7.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7CB0000-00007FFBC7D5F000 ADVAPI32.dll (Microsoft Corporation),
version: 10.0.19041.3693 (WinBuild.160101.0800)
00007FFBC7A10000-00007FFBC7AAC000 sechost.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC55A0000-00007FFBC55D3000 ntmarta.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFB32B80000-00007FFB42D52000 msedge.dll (Microsoft Corporation),
version: 119.0.2151.58
00007FFB9FBB0000-00007FFB9FBD7000 WINMM.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC09C0000-00007FFBC0A5E000 uxtheme.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7ED0000-00007FFBC7EFC000 GDI32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC66B0000-00007FFBC66D2000 win32u.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6E10000-00007FFBC6F2A000 gdi32full.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC8270000-00007FFBC840E000 USER32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7EA0000-00007FFBC7ED0000 IMM32.DLL (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC73D0000-00007FFBC74FB000 ole32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC4CB0000-00007FFBC4CC2000 kernel.appcore.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC84F0000-00007FFBC8599000 clbcatq.dll (Microsoft Corporation),
version: 2001.12.10941.16384 (WinBuild.160101.080
00007FFB75EC0000-00007FFB75ED6000 Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6460000-00007FFBC648E000 USERENV.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC4CD0000-00007FFBC4CF3000 gpapi.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7B90000-00007FFBC7BE5000 SHLWAPI.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7DF0000-00007FFBC7E9D000 shcore.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC5580000-00007FFBC5599000 wkscli.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC5860000-00007FFBC586C000 netutils.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC6DE0000-00007FFBC6E07000 bcrypt.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC8620000-00007FFBC8734000 MSCTF.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC62C0000-00007FFBC630B000 powrprof.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC62A0000-00007FFBC62B2000 UMPDC.dll (),
version:
00007FFBB01F0000-00007FFBB046F000 dwrite.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC7AB0000-00007FFBC7B1B000 WS2_32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBA4B20000-00007FFBA4DBA000 COMCTL32.dll (Microsoft Corporation),
version: 6.10 (WinBuild.160101.0800)
00007FFBC6A50000-00007FFBC6BAD000 CRYPT32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
0000023A2DC40000-0000023A2E384000 SHELL32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFBC4500000-00007FFBC4C9B000 windows.storage.dll (Microsoft Corporation),
version: 10.0.19041.3693 (WinBuild.160101.0800)
00007FFBC5DD0000-00007FFBC5DFD000 Wldp.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)

Process Trace
1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [16380]
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
2 C:\Windows\explorer.exe [6868]

Dropped Files
1 C:\Users\pauld\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-655445AE-3FFC.pma
Dropped by \Device\HarddiskVolume5\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [16380]
2 C:\Users\pauld\AppData\Local\Microsoft\Edge\User Data\Variations
Dropped by \Device\HarddiskVolume5\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [16380]
1 C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [6868]
2 C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1080_POS1.jpg
Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [6868]
Read by \Device\HarddiskVolume5\Windows\explorer.exe [6868]

Thumbprints
N/A

 

Looks similar to this: https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-86#post-3170278

 

CookieGuard runs in so called "Hard-fail" else the protection is useless, the only down side is that if for whatever reason (OS cause or Alert code cause) the code-sign/certification checks fail we'll terminate the process.
"Certhash could not be obtained for owner-module"

That's what happened in this case, does this stick over a reboot?

 

Just tested here, does not survive a reboot.

 

Just to be sure the issue is gone after a reboot correct?

Because we're seeing an issue that needs fixing but that's not the one posted.
Caller originates from module: C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.58\msedge.dll

In the other cases the path is missing, and that needs more investigation.
Caller originates from module: msedge.dll

 

Yes the issue was gone after a reboot here.

 

Just got this when opening Edge:

Code:

Mitigation   CookieGuard
Timestamp    2023-11-16T21:49:30

Platform     10.0.19045/x64 v967 06_25
PID          12724
Feature      00FD3E745FBF91B6
Application  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Created      2023-11-10T18:50:27
Description  Microsoft Edge 119

Cookie data retrieval performed by untrusted code in browser
Attempt to read protected Edge data
Caller originates from module: msedge.dll
Certhash could not be obtained for owner-module
ErrorCode: 80092003

Loaded Modules (45)
-----------------------------------------------------------------------------
00007FF7309D0000-00007FF730D9C000 msedge.exe (Microsoft Corporation),
                                  version: 119.0.2151.58
00007FFAFD390000-00007FFAFD588000 ntdll.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC560000-00007FFAFC61D000 KERNEL32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFA7A0000-00007FFAFA8E7000 hmpalert.dll (Sophos B.V.),
                                  version: 3.8.25.967
00007FFAFADD0000-00007FFAFB0C6000 KERNELBASE.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAC7D00000-00007FFAC8123000 msedge_elf.dll (Microsoft Corporation),
                                  version: 119.0.2151.58
00007FFAFC350000-00007FFAFC41D000 OLEAUT32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFAA40000-00007FFAFAADD000 msvcp_win.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFB2C0000-00007FFAFB3C0000 ucrtbase.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFCC30000-00007FFAFCF84000 combase.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC9B0000-00007FFAFCAD6000 RPCRT4.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFAAE0000-00007FFAFAB62000 bcryptprimitives.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF5650000-00007FFAF565A000 version.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFCAE0000-00007FFAFCB7E000 msvcrt.dll (Microsoft Corporation),
                                  version: 7.0.19041.3636 (WinBuild.160101.0800)
00007FFAFB4D0000-00007FFAFB57F000 ADVAPI32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3693 (WinBuild.160101.0800)
00007FFAFB3C0000-00007FFAFB45C000 sechost.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFB580000-00007FFAFBCC4000 SHELL32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFBCD0000-00007FFAFBE6E000 USER32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFB0D0000-00007FFAFB0F2000 win32u.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC480000-00007FFAFC4AC000 GDI32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFB100000-00007FFAFB21A000 gdi32full.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC520000-00007FFAFC550000 IMM32.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF89B0000-00007FFAF914B000 windows.storage.dll (Microsoft Corporation),
                                  version: 10.0.19041.3693 (WinBuild.160101.0800)
00007FFAFA2C0000-00007FFAFA2ED000 Wldp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFCB80000-00007FFAFCC2D000 SHCORE.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC420000-00007FFAFC475000 shlwapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF9A30000-00007FFAF9A63000 ntmarta.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
000002A687AF0000-000002A697CC2000 msedge.dll (Microsoft Corporation),
                                  version: 119.0.2151.58
00007FFAEE160000-00007FFAEE187000 WINMM.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF82E0000-00007FFAF837E000 uxtheme.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFD1F0000-00007FFAFD31B000 ole32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF87B0000-00007FFAF87C2000 kernel.appcore.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC900000-00007FFAFC9A9000 clbcatq.dll (Microsoft Corporation),
                                  version: 2001.12.10941.16384 (WinBuild.160101.080
00007FFAF5D10000-00007FFAF5D26000 Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFA8F0000-00007FFAFA91E000 USERENV.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF9160000-00007FFAF9183000 gpapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF9A10000-00007FFAF9A29000 wkscli.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF9CF0000-00007FFAF9CFC000 netutils.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC700000-00007FFAFC814000 MSCTF.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFA750000-00007FFAFA79B000 powrprof.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFA730000-00007FFAFA742000 UMPDC.dll (),
                                  version:
00007FFAED190000-00007FFAED40F000 dwrite.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAFC2E0000-00007FFAFC34B000 WS2_32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFAF0970000-00007FFAF0C0A000 COMCTL32.dll (Microsoft Corporation),
                                  version: 6.10 (WinBuild.160101.0800)
00007FFAFABC0000-00007FFAFAD1D000 CRYPT32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)

Process Trace
1  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [12724]
   "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
2  C:\Windows\explorer.exe [7600]

Dropped Files
1  C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-65568E6A-31B4.pma
     Dropped by \Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [12724]
2  C:\Users\Dave\AppData\Local\Microsoft\Edge\User Data\Variations
     Dropped by \Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [12724]
1  C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\Transcoded_000
     Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [7600]
2  C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
     Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [7600]
3  C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1366_768_POS4.jpg
     Dropped by \Device\HarddiskVolume2\Windows\explorer.exe [7600]

Thumbprints
N/A

 

Yes that's the one we're working on, for now only disabling Cookie Guard during browser startup is a workaround.

 

Mitigation CookieGuard.