Advertisement

CHANGELOG

What's New in version 15.1.1.0:

  • Added Next Scan date on dashboard
  • Removed scan notifications if UI is shown

Updated to core 6.1.4:

  • Fixed an issue with scheduled scans not starting
  • Added ability to cancel scan during archive scanning
  • New scheduler
  • Added EDGE scanner
  • Minor fixes

What's New in version 15.1.0:

  • New reporting
  • Fixed an issue when adding exclusions
  • Fixed a false detection on explorer / DocLock
  • Fixed an issue with scheduled scans not starting
  • Added ability to cancel scan during archive scanning

What's New in version 15.0.9:

  • Fixed possible issue with information update at startup
  • Re-enabled thanks page opening
  • Deactivated Cloud Upload windows (later integrated into own worker)
  • Added Proxy authentication settings

Updated to core 6.0.11:

  • Fixed self folder scanning issue
  • Asynchronous logging
  • Fixed possible deadlock
  • Fixed possible infinite loop in config migration
  • certificate update

What's New in version 15.0.8:

  • Disabled temporarily 'thanks page' opening (will be reworked later)
  • Updated to core 6.0.10
  • Fixed possible crashes when stopping

What's New in version 15.0.7:

  • Updated to core 6.0.9
  • Quarantine delete all
  • Minor fixes
  • Fixed issue where UI was showing inconsistent state during long initialization
  • Added locks during engine initialization
  • Added banner when there's too many quarantine items to display (> 1000)

What's New in version 15.0.6:

  • Updated to core 6.0.8
  • Fixed possible crash in pipe communication
  • Fixed issue when checking for updates (signatures state not refreshed)
  • Translations update

What's New in version 15.0.5:

  • Fixed possible deadlock (SecuredIPC) between scheduler / signatures_changed callback

What's New in version 15.0.4

  • Updated to core 6.0.6
  • Fixed another issue where dates are not saved properly in config file
  • Fixed service scan request (scheduler)
  • Fixed service signatures status update

What's New in version 15.0.3:

  • Updated to core 6.0.5
  • Fixed potential crash getting username from session ID
  • Updater 4.0.1
  • Fixed crash on certain cases (double download worker thread)
  • Fixed crash issue when old config is present (Config migration)
  • Fixed an issue where dates are not saved properly in config file
  • Fixed potential crash on Initialization

What's New in version 15.0.2:

  • Fixed potential crash on exporting portable config

What's New in version 15.0.0:

  • Fixed an issue where some settings in combobox where changing on page scroll (lang, theme)
  • Minor UI fixes

Updated to core 6.0.4:

  • Fixed an issue where context menu scan was not working when UI is started by the service
  • Fixed potential crash in getting computer name
  • Fixed issue with Windows Updates status
  • Fixed issue with ucheck progress counters
  • Refactored using safer memory management (smart pointers)
  • Refactored with asynchronous initialization (faster to start)
  • Updater 4.0
  • RK DLL 4.0
  • Minor fixes

What's New in version 14.8.6:

  • Updated to core 5.3.5
  • Fixed potential stack overflows
  • Reducing Cloud.Generic FPs by ignoring some 3rd parties
  • Translations update
  • Minor fixes
  • Augmenting contrast on detections results page

What's New in version 14.8.5:

  • Updated to core 5.3.4
  • Fixed possible hang on Zip
  • Fixed bad licensing error message in some cases
  • Now opens Update form if clicked on 'new version' notification
  • Now all notifications honor the 'no notification' user setting

What's New in version 14.8.0:

  • Fixed possible issue (small buffer) in filter com
  • Fixed VTScanner cache, not working in some conditions
  • Fixed FileMemoryScanner, archive not scanning in some conditions
  • Fixed DigisigScanner, suspicious CAs
  • Fixed multiple crashes in PE module
  • Fixed possible crashes (SO) in registry, path modules
  • Fixed possible crashes (except) in string, buffer, curl modules
  • Minor fixes
  • Added Chinese translation

What's New in version 14.7.4.0:

  • Added Archives scan configuration

Updated to core 5.1.4:

  • Fixed potential issue with broken Shell extension (explorer context menu)
  • Fixes for DocLock DLP FP mitigation
  • Minor fixes

What's New in version 14.6.3.0:

  • Updated to core 5.0.4
  • Fixed crash in PE parser
  • Fixed crash in config Migration
  • Minor fixes

What's New in version 13.4.1.0:

  • Fixed an issue with Shell extension on x64

What's New in version 13.3.2.0:

  • Updated to core 3.2.0
  • Signed files are whitelisted by default
  • Fixed an issue in scheduler
  • MalPE V2

What's New in version 13.2.1.0:

  • Updated to core 3.0.10
  • Bug fixes
  • Fixes for scheduler (grace period)
  • Added button to cleanup crash information
  • New registration form
  • New account form
  • Fixed issue with dashboard not reflecting scan status

What's New in version 12.0.3:

  • Added detections
  • Added indonesian language
  • Added more translators names
  • Fixed a bug in AutoStart/AutoDelete
  • Fixed a bug preventing to quit on Update
  • Added a link to Lost license form

What's New in version 12.0.1:

  • New user interface
  • Added detections

What's New in version 11.0.14.0:

  • introducing expert mode
  • moved IAT scanning into expert mode

What's New in version 11.0.13.0:

  • moved signatures loading at the beginning of the scan
  • core preparation for V12
  • Added detections

What's New in version 11.0.12.0:

  • Added detections
  • Fixed a bug in Files module
  • Fixed a bug in Web module

What's New in version 11.0.10.0:

  • Added detections
  • Updated translations

What's New in version 11.0.9.0

  • Added detections
  • Updater 2.1
  • Updater can now serves installable version
  • Updater can now skip licensing page if already registered

What's New in version 11.0.8.0

  • Added detections
  • TrueSight v2.0.2 (fixed digital certificate for SHA1)
  • Added Turkish language
  • Updated translations

What's New in version 11.0.7.0

  • Added detections
  • Added ADS whitelisting/blacklisting

What's New in version 11.0.6.0:

  • Added detections
  • Using new licensing API

What's new in version 11.0.5.0:

  • Added detections
  • Now setup will verify license key when entered

What's new in version 11.0.4.0:

  • Added detections

What's new in version 11.0.3.0:

  • Added detections
  • Added translations in setup
  • Updated translations

What's New in version 11.0.2.0:

  • Fixed a bug in Buffer search

What's New in version 11.0.0.0:

  • Added rating link in marketing window
  • Now detects ADS (Alternate Data Streams)
  • Qt 5.5
  • Moved Prescan into Scan
  • Now IAT scan is able to scan Microsoft Edge
  • Better hooks report for kernel hooks
  • Truesight v2
  • Now kernel hooks are scanned on userland

What's new in version 10.11.7.0:

  • Added detections
  • Fixed a possible hang issue on HTTP calls (timeout broken)
  • setup improvements, ability to deploy both version (32/64 bits)
  • setup improvements, banner and translations
  • fixed a possible crash in junctions data parsing

What's New in version 10.11.6.0:

  • Added detections
  • Fixed a bug that closed the app when closing child window when minimized in tray
  • added -reportpath command line parameter
  • UI tweaks

What's New in version 10.11.4.0:

  • Added detections
  • Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
  • Fixed a bug in processes module where main module was not good
  • Fixed a bug in processes module where Updater was crashing if a very long command line was passed

What's New in version 10.11.3.0:

  • Added detections
  • Added warning when driver is not loaded
  • Fixed Microsoft Security Client as legit parent for svchost
  • (Premium) Added Premium label in reports
  • Updated translations
  • (Premium) Added information for external scanner (tab in settings)
  • (Premium) Now application closes in tray and persist
  • (Premium) Now able to start a scan from the tray icon
  • Fixed a bug where services/windows were not scanned
  • Fixed a bug where filesystem was not properly scanned

What's New in version 10.11.1.0:

  • Added detections
  • Added filter on VirusTotal internal submit (no user file)
  • Improved shellcode module detection in inline hooks module
  • Fixed memory growth while scanning filesystem
  • IAT scan is now much faster because only scanning windows DLLs table
  • Table-based hooks have cleaner display in logs (module!export)
  • Fixed a bug in modules enumeration on 64 bits
  • Excluded wow64cpu enter from inline hooks detection
  • Now inline hooks architecture detection relies on import module architecture instead of process
  • RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)

What's New in version 10.10.9.0:

  • Fixed bug in Disk module
  • Fixed bug in IAT parser

What's New in version 10.10.7.0:

  • Added detections

What's New in version 10.10.6.0

  • Fixed bug in Disk module
  • New social icons
  • RogueKillerCMD: Added build number, licensing state

What's new in version 10.10.5.0:

  • Added detections

What's new in version 10.10.4.0:

  • Added detections
  • Updated links
  • (Premium) Added notification when license is about to expire
  • Fixed bug in Disks module

What's New in version 10.10.3.0:

  • Added detections
  • Now all legit antirootkit entries are hidden
  • fixed a bug in Process module
  • internal reorganization

What's New in version 10.10.2.0:

  • Added Detections
  • NEW! Added Processes list to json report
  • NEW! (Premium) Added -vtupload yes/no command line parameter
  • Updated EULA to reflect licensing terms
  • Updated translations
  • Added help button in '?' menu
  • Fixed way of reading disk serial
  • Fixed a bug in VT scanner

What's New in version 10.10.1.0:

  • Added detections
  • (Premium) Added message when Updater is not present and program is outdated
  • Updated translations
  • Added link to public Trello board
  • Added version check in about form
  • NEW! VirusTotal choice for upload
  • NEW! (Premium) VirusTotal choice setting
  • Fixed automatic updates when Updater is not present
  • NEW! EULA will show up again if a new version is present
  • Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
  • Now infection urls for antirootkit point to non technical posts
  • Resized main and about forms
  • (Premium) Added more information in licensing server check
  • (Premium) Prepared for annual subscription switch

What's New in version 10.9.3.0:

  • Fixed a crash when scanning Digital Certificate of some files
  • Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture)

What's New in version 10.9.2.0:

  • Added detections
  • NEW! HTML reports
  • NEW! HTML Open button
  • NEW! TXT Open button
  • NEW! HTML log setting + command line parameter
  • Fixed timeout for Curl operations (max 5 seconds)
  • NEW! signature database is now pre-compiled, will load much faster
  • Updated Yara engine to 3.4
  • Refactored Digisig engine, better performances
  • Added more information in Json log for killed processes
  • Fixed a bug where x64 processes names are not found when using x86 version
  • Fixed path whitelist priority on VT blacklist (processes scanner)
  • Updated translations
  • Fixed an issue where Floppy drives become very noisy during scan

What's New in version 10.9.1.0:

  • Added detections
  • NEW! Added Open Text button in Json log viewer.
  • NEW! Korean language
  • Updated translations
  • Fixed Scan randomly performed.
  • NEW! Command line parameter: -reportformat [txt|json]
  • NEW! Report format setting
  • Merged Txt report generation with Txt export

What's New in version 10.9.0.0:

  • Separate database for RogueKillerCMD / Updater
  • NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
  • NEW! RogueKillerCMD can now use automatic updates
  • NEW! RogueKillerCMD has now a version check
  • NEW! RogueKiller has now accessibility (JAWS compatibility)
  • Added detections
  • -autodelete implicit has been removed from -hide
  • Fixed a bug in RogueKillerCMD where command line isn't handled correctly
  • NEW! RogueKiller now uses JSON as root format for reporting
  • NEW! RogueKiller can open JSON logs into a new window
  • NEW! JSON logs can be exported in RAW text format
  • Updated translations
  • NEW! setup now embeds RogueKillerCMD
  • Fixed a bug in tasks scanner
  • Fixed certificate timestamp

What's New in version 10.8.7:

  • Removed AV.Killer definition (too many FPs)
  • Fixed a bug in mstring module, leading to infinite loop in certain circumstances
  • Now tasks scanner scans arguments too
  • Added detections

What's New in version 10.8.6:

  • Adjusted AV.Killer definition

What's New in version 10.8.5:

  • Added detections
  • NEW! External Scanner
  • Fixed a bug in Process Scanner
  • Fixed a bug in File Search
  • Fixed a bug in Registry Scanner
  • Now process paths are expanded
  • Fixed a bug in VT module
  • Fixed a bug in -autoscan

What's New in version 10.8.4.0:

  • Added Skype to exclusions for RunPE detections

What's New in version 10.8.3.0:

  • Added detections
  • NEW! RunPE heuristic detection
  • (Premium) Removed Paypal/Premium images
  • Refactored settings form
  • NEW! (Premium) - autoupdate command line parameter + setting
  • Updated translations
  • Fixed a bug in VT module
  • Fixed a bug in WebServer (Not starting sometimes)

What's New in version 10.8.2.0:

  • Using Licensing 2.0
  • Added detections

What's New in version 10.8.1.0:

  • Fixed a bug in Licensing
  • Fixed a bug in VirusTotal module
  • Now portable license generated file is read-only
  • Added GUI indicators when using portable license
  • Added detections
  • Extension checker optimizations

What's New in version 10.8.0.0:

  • Updated database
  • Fixed a bug in reporting
  • Disabled PUM.DesktopIcons (too confusing, and not critical)
  • Disabled PUM.Orphan (too confusing, not critical)
  • Better unit testing
  • Initialization optimizations
  • Updated translations
  • NEW! (Premium) Web service
  • NEW! Web service /info url (get version info)
  • NEW! Web service /scan/new url (start new scan)
  • NEW! Web service /scan/status url (get scan status)
  • NEW! Web service /report/last url (get last report)
  • NEW! (Premium) -pupismalware command line parameter + setting
  • NEW! (Premium) -pumismalware command line parameter + setting
  • Reverted portable fixed location in rk_config.ini
  • Fixed error message when too many instances
  • Setup now adds RogueKiller bin folder to 'PATH'
  • Updated userland certificate
  • NEW! Promotional nag.

What's New in version 10.7.0.0:

  • New configuration module, not compatible with old one. Able to use read-only medium for portable license.
  • NEW! no more rk_config.ini for technician license.
  • NEW! command line parameter: -portable-license
  • Updated languages

What's New in version 10.6.5.0:

  • Fixed a bug with KnownDLLs detection when value name starts with underscore (_)

What's New in version 10.6.4.0:

  • NEW! Preferred language is now saved
  • Added detections
  • Fixed processes scan aggressiveness
  • NEW! Logo can now be rebranded
  • Fixed a bug in Extensions Checked
  • Fixed a bug in CLSID scanner
  • Fixed Orphan detection level + vendor name => PUM.Orphan
  • Fixed License fallback state
  • Added new autostart locations
  • Added Transfert progressbar

What's New in version 10.6.2.0:

  • NEW! Breaking news banner
  • External libs update + optimizations (Zlib, SQLite, udis86)
  • Fixed a bug in Tab navigation

What's New in version 10.6.1.0:

  • Now VT file scan has minimum/maximum size
  • Refactored PUP/PUM classification to be clearer and more consistent
  • Fixed VT file scanner scanning LNK files instead of target
  • Now VT unknown s classified as PUP
  • Now VT cache has outdated date (fixed to 5 days)
  • Now VT scanner rescans pending items at initialization
  • Added detections

What's New in version 10.6.0.0:

  • Added detections
  • Moved version check before Prescan
  • Fixed a bug in IAT scanner, where call stack was not recorded correctly
  • Fixed a bug in IAT scanner, where unknown module was not displayed
  • Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
  • Fixed ShowLegitHooks command/setting
  • Fixed slow UI when a lot of entries are added to a table
  • Fixed a bad items insertion when sorting was enabled
  • Fixed a bug in MBR (GPT) module
  • Fixed missing Premium info when internet access is broken
  • Fixed a bug in libcurl library (X64)
  • Added new method to detect IAT inline hooks
  • New: VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
  • New: VT scan no more in beta
  • New: VT scan now scans all processes
  • New: VT scan has local caching

What's New in version 10.5.10.0:

  • Added detections
  • Now can register Premium with command line parameter: -register
  • Now displays remaining activations for Premium
  • All communications are now using SSL (HTTPS)
  • RogueKillerCMD: Added better colors
  • RogueKillerCMD: Now can recognize RogueKiller's command line parameters

What's New in version 10.5.9.0:

  • Added detections
  • Now logs are sorted by date
  • Now can attach last log even if a scan was not performed in the same session
  • Fixed a bug where registration form cannot upload last report
  • Removed Post Delete message asking for Premium buying when a user is already registered
  • Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck

What's New in version 10.5.8.0:

  • Added detections
  • Fixed a bug where config isn't reset after removing the license.
  • Fixed NoPop configuration bug
  • Added all command line parameters in Settings
  • Updated translations
  • Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
  • Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
  • Updated EULA to reflect VirusTotal integration rules.

What's New in version 10.5.7.0:

  • Fixed a crash when starting the application

What's New in version 10.5.5.0:

  • Added detections
  • PREMIUM: Added more settings options
  • Unhidden premium options, added Nag message
  • Updated translations
  • Moved Scan choices to settings

What's New in version 10.5.2.0:

  • PREMIUM: Technician License can now use portable config file
  • Added Premium logo
  • Fixed a bug when opening website

What's New in version 10.5.1.0:

  • Using new licensing system
  • Added detections

What's New in version 10.5.0.0:

  • NEW! Now RogueKiller is available with an installer
  • PREMIUM: Separate updater
  • PREMIUM: Trial of 30 days per machine
  • Added detections
  • Fixed a crash in jansson library

What's New in version 10.4.3.0:

  • Added detections

What's New in version 10.4.0.0:

  • Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives... but they will be fixed as people report them)
  • Fixed a bug in LNK signature detection
  • Fixed a buf in Time module
  • NEW! Better CLSID scanner
  • NEW! Now MBR scanner is EFI compatible
  • Updated italian translation
  • Fixed a bug in Path module

What's New in version 10.3.0.0:

  • Added detections
  • New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
  • Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
  • Big improvements in Extension Checker module
  • Arabic translation
  • Updated translations
  • Updated Yara engine to 3.3

What's New in version 10.2.0.0:

  • Added detections
  • Updated Italian translation
  • Added German translation
  • Added Chinese traditional translation
  • Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
  • Added MBR signature for FinFisher
  • Added MBR signature for TDL4
  • Added MBR signature for Rovnix
  • Fixed some bugs in MBR scanner
  • Improved low level disk access library
  • Added VBR (Volume Boot Record) scanner

What's new in version 10.1.2.0:

  • Added detections
  • Updated Spanish translation
  • Added Italian translation
  • Added hook signatures engine

What's New in version 10.1.1.0:

  • Added Dutch translation
  • Added Italian translation
  • Added sanity check for website opening

What's New in version 10.0.10.0:

  • Added detections
  • Fixed mbamservice false positive

What's New in version 10.0.9.0:

  • Fixed Xpaj false positive with DiskCryptor MBR
  • Added DiskCryptor MBR signature
  • Added detections
  • TrueSight 1.0.4: Better shellcode module detection
  • IAT Hooks: Better shellcode module detection

What's New in version 10.0.8.0:

  • Added detections
  • Fixed bug of processes not killed
  • Now process memory is scanned before path scan

What's New in version 10.0.7.0:

  • Now process pages are scanned for whitelist
  • Updated Yara engine
  • Added detections
  • Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty

What's New in version 10.0.6.0:

  • Fixed a bug in Process module (not enough rights to get process path)
  • Fixed a bug in AV whitelist detection
  • Added detections

What's New in version 10.0.5.0:

  • Now AV processes are whitelisted
  • Added language separator for 'Your language here'
  • Added Injected process heuristic detection
  • Fixed bad Zeus signature
  • More aggressive against Poweliks processes
  • Added detections
  • Updated links

What's New in version 10.0.4.0:

  • Added link to translations in language menu
  • Added Delay IAT in PE module
  • Added Delay IAT hooks in antirootkit
  • Now IAT hooks are printed to UI as they are scanned
  • Removed ctfmon from sensitive processes
  • Now detects Zeus variants
  • Now informative texts are not elided
  • Better choices (currency/amount) for Paypal form
  • Removed unused resources
  • Improvements in quarantine module
  • Now DNS entries show country IP in text report
  • PREMIUM: Added quarantine handler
  • Added detections

What's New in version 10.0.3.0:

  • New user-agent: Now sends extended vendor names for real time monitoring
  • Added detections

What's New in version 10.0.1.0:

  • Improvements in Process library
  • Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
  • Fixed Poweliks rule
  • Added detections
  • Fixed Bug in registry module
  • Fixed a bug in logging