(http://www.kaldata.net/images/news/logos/hitman_pro.gif)
Hitman Pro is a fast all-in-one tool to locate, identify and remove viruses, spyware, trojans, rootkits and other types of malware. The executable can be downloaded and run straight from a USB Flash Drive, CD/DVD, local or network attached hard drive and will quickly reveal the presence of any malware. Hitman Pro uses innovative cloud computing techniques to detect and remove potential malware threats with minimal impact on system performance. A further benefit of this technology is that you need never again download definitions on a hourly / daily basis as this is all managed in the cloud further reducing the impact on your PC. Hitman Pro will work alongside any existing anti-virus/anti-spyware or security suite and can be simply run whenever required to give a second opinion or be called upon to remove threats missed by your existing software. Scanning your PC is free for the life of the product and in addition removal of malware is also free for the first 30 days, thereafter, users can take a paid for subscription to cover malware removal in the future. The innovative Early Warning Scoring (EWS) technology allows users without internet to remove potential malware - no subscription required.
Licence: Freeware
Version 5.38 Build 121 (2011-05-04)
Added detection and removal of latest TDL4 bootkit.
Improved behavioral scan.
Improved removal engine.
Added Indonesian language.
Updated Czech language.
http://www.hitmanpro.nl/
Changelog
Added CryptoGuard 4th generation
Added DLL hijack mitigation on downloaded binaries
Added WipeGuard mitigation
Added Hardware-assisted IAT filtering
Added Import and Export of Settings
Improved ROP mitigation
Improved CallerCheck mitigation
Improved Heap Spray mitigation
Improved Hollow Process mitigation
Improved Application Lockdown
Improved colored window border
Improved overall mitigation performance
Improved reporting details
Improved compatibility hooks
Improved 3rd party trampoline handling
Improved support for binaries with Intel MPX instructions
Fixed SoftwareRadar incorrectly detecting 64-bit applications
Various minor improvements
http://www.surfright.nl/en/products/
Changelog
Added Real-Time Anti-Malware, which works with the HitmanPro cloud.
Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks.
Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process.
Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks.
Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence.
Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection).
Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update).
Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites.
Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
Improved Import Address Table Address Filtering (IAF) exploit mitigation.
Improved code injection of the HitmanPro.Alert Support Library (DLL).
Improved upgrade when running in 'Anti-ransomware only' mode.
Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes.
Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security).
Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
Fixed a DEP mitigation triggered in some Microsoft Excel macro's.
Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
Many other minor fixes and improvements.
https://www.hitmanpro.com/en-us/alert.aspx
Changelog
Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
Added Compatibility with Windows 10 Redstone 5
Improved WipeGuard mitigation handling VBR sectors
Improved Asynchronous Procedure Call (APC) Mitigation
Improved SEHOP mitigation performance improvement
Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
Improved Windows Vista code injection
Fixed Compatibility with Windows XP Embedded POSReady 2009
Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
Fixed Compatibility with Microsoft Hyper-V failed to start
Fixed Compatibility with F-Secure DeepGuard
Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
Fixed Security issue (CVE assigned)
Updated Botan 2.7.0
Updated Sqlite 3.24.0
Updated All code compiled with Visual Studio C++ 15.8.4
Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
Removed Network Lockdown mitigation (deprecated) / hmpnet.sys
https://www.hitmanpro.com/en-us/alert.aspx
Changelog
Build 304 (2019-05-17)
ADDED: Removal of Chromium based Tracking Cookies on Opera Browser
CHANGED: Tracking Cookie scan is now part of the "Quick scan" profile
FIXED: Scheduler failing to start a scan in rare cases
FIXED: Detection of Tracking Cookies on Brave Browser
Build 302 (2019-05-16)
ADDED: Detection of Spelevo Malware
ADDED: Removal of Chromium based Tracking Cookies on Edge Browser (Stable, Dev & Canary)
ADDED: Removal of Chromium based Tracking Cookies on Brave, Dragon, Iridium and Vivaldi Browsers
FIXED: Suspicious detections on Microsoft Update Files
FIXED: Scheduler Service Registration
http://www.hitmanpro.nl/
Changelog
Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
Improved compatibility with Webroot security software, fixing application crashes
Improved compatibility with Bitdefender security software, fixing application crashes
Improved compatibility with Trend Micro security software, fixing application crashes
Improved compatibility of CTFGuard with VMware ThinApp
https://www.hitmanpro.com/en-us/alert.aspx
Changelog
Added HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
Added Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu.
Added Automatic protection of Microsoft Access against exploitation.
Added DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation.
Improved Alert report now includes a list of services if a process runs as a service.
Improved CryptoGuard-only now also enables anti-malware.
Improved GUI: Added anti-malware menu item to settings menu.
Improved GUI: EULA on install dialog
Improved Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost.
Improved Windows on ARM: Fixed last scan timestamp.
Improved AmsiGuard: Now supports unloading of AMSI.DLL.
Improved ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application.
Improved CredGuardSAM: Prevent registry command line tool from dumping credentials.
Improved WipeGuard: Volume Boot Record (VBR) protection and alert details.
Improved Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection.
Fixed CodeCave: coding error that could cause certain rare applications to crash.
Fixed CodeCave: False alarms when application is packed with boxedApp packer.
Fixed ACPProtection: False alarms when application is packed with boxedApp packer.
Fixed ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1.
Fixed CryptoGuard 5: False alarm in combination with Dropbox.
Fixed CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature.
Fixed HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack.
Fixed Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP).
Fixed Italian string in Systray context menu.
https://www.hitmanpro.com/en-us/alert.aspx
Release Notes
Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.
https://www.hitmanpro.com/en-us/alert.aspx
Release Notes
Added New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon.
Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory.
Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2).
Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment.
Added CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium.
Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied.
Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content.
Fixed APC Violation mitigation so it now correctly identifies process injection from VMware.
Fixed Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA).
Fixed Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio.
Improved CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders.
Improved threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s).
Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation).
Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load.
https://www.hitmanpro.com/en-us/alert.aspx
Release Notes
Fixed more compatibility issues between process hollowing and certain games.
Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build.
Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges.
Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile.
Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines.
https://www.hitmanpro.com/en-us/alert.aspx
Release Notes
Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390.
Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected.
Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations.
Improved detection of Chromium-based web browser for CookieGuard.
Added Thumbprint generation for remote-debugging-port CookieGuard detection.
Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).
https://www.hitmanpro.com/en-us/alert.aspx