Fixed APC Violation mitigation so it now correctly identifies process injection from VMware.Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content. The message informs the user that the machine must be restarted before the update is actually applied. Added an extra message box when an update is pending, and the user clicks on the associated flyout.It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware.Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation.When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon. Added New Cobalt Strike single-stage mitigation.Fixed unexpected removal of Forza Horizon 5 under UWP exclusions.Fixed tray icon burning CPU cycles after install.Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed.Fixed issue with Lockdown inheritance when parent process is OpenWith.exe.Fixed false alarm by HollowProcess on Visual Studio.Fixed false alarm by CookieGuard if application starts from a RAM-drive.Fixed false alarm by APCViolation on Avast 'aswhook' DLL.Fixed several user interface inconsistencies.Fixed displaying icons of UWP applications.Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage.Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.Changed Sophos Privacy Notice and Terms of Service.Changed text for Benefits button to Help center.Changed Dynamic Heap Spray detection it is now disabled on 64-bit applications.Change reboot fly-out reminder interval from 1h to 8h.Improved the per app mitigation settings in the user interface.Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable.Previously, the offending action was only blocked. Improved WipeGuard to terminate the offending process.Previously, only the boot partition was protected. Improved WipeGuard to protection the Volume Boot Record of all mounted partitions.Improved CookieGuard so it now adds certificate validation information into the alert details.Improved CookieGuard alert with information about the application certificate, if any, in the alert.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |