HitmanPro.Alert Logo


You will be redirected to sophos.com to complete the download process.


Please allow a few days for your machine to receive the latest build automatically. We're gradually updating users as part of our phased roll-out program.

Build 983 (2024-04-05)

  • Added UI - EventLog - Clear event data dialog, use right mouse click on "Last events"
  • Added UI - EventLog - Show only Suppressed events
  • Added UI - EventLog - Copy details to clipboard button
  • Added Several code preparations for upcoming changes/additions
  • Fixed Exclusions - UWP exclusions browser for Windows 11
  • Fixed BSOD - CryptoGuard5
  • Improved HeapHeapProtect
  • Improved SoftwareRadar - No longer removes UWP Exclusions at startup
  • Improved PrivGuard - Now also prints the current and expected userSID's
  • Improved Kernel32Trap
  • Improved SyscallX64

Build 979 (2024-02-07)

  • Fixed Intruder/Safe Browsing compatibly issue introduced by a recent Bitdefender update.
  • Improved HeapHeapProtect, improved handing in code and added more whitelisting options to alerts.
  • Improved SendKeysGuard, switched the main thumbprint to handle whitelisting more easy.
  • Improved HWBGuard (Silent).
  • Improved HollowProcess/HWBGuard, to prevent exception pointer abuse.

* Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Build 977 (2023-12-18)

  • Fixed HWBGuard (Silent) excessive alert reporting, now limited to max 2 alerts per process.

* Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Build 975 (2023-12-14)

  • Added HWBGuard (Silent), A technique heavily used by red-teams to bypass Syscall protections is to set a HardwareBreakPoint, we now detect these breakpoints
  • Added New Process Protection panel for Risk Reduction
  • Added RDPGuard Icon under Risk Reduction button
  • Added SendKeyGuard
  • Fixed BSOD in StickyKeys
  • Fixed Driver BSOD under specific circumstances
  • Fixed KernelTrap compatibility issues with Kaspersky and GenshinImpact
  • Fixed Lockdown Bypass when loading files over UNC paths
  • Improved AMSIGuard
  • Improved APC Game detection
  • Improved Bitdefender Compatibility
  • Improved CiGuard
  • Improved CookieGuard
  • Improved CryptoGuard5
  • Improved DrWeb Compatibility CallerCheck/SysCall
  • Improved DrWeb Compatibility CallerCheck/SysCall
  • Improved HeapHeapProtect Cobalt Strike detection
  • Improved HeapHeapProtect prevents Powershell scripts from patching AMSI for bypass
  • Improved HollowProcess
  • Improved KeyboardGuard u.a. compatibility with ESET protected browsers, Windows search
  • Improved Lockdown Now allows WMIC GET 'only' commands without interference
  • Improved PrivGuard
  • Improved StackPivot
  • Removed ReflectiveDLL As it has become obsolete in it's current implementation
  • Several other changes under the hood

* Beware this build is signed with a new code-signing certificate by Sophos LTD, this might take some 3rd party vendors to have "trust" issues as it's a rather fresh certificate.

Build 947 (2022-09-19)

  • Improved HollowProcess
  • Improved Syscall
  • Improved StackPivot
  • Improved RemoteThreadGuard
  • Improved CryptoGuard 5
  • Fixed rare BSOD's in CryptoGuard 5
  • Fixed HollowProcess incompatibility with PC-Matic/Pitstop
  • Several other changes under the hood

Build 945 (2022-06-20)

  • Improved Syscall
  • Improved WipeGuard
  • Improved CryptoGuard5
  • Improved HollowProcess
  • Improved ROP detection on crashing processes
  • Improved HeapHeapHooray also covers powershell_ise now
  • Changed Lockdown Added MSDT.EXE as LOLBIN to proactively block Follina exploitation attempts
  • Several other changes under the hood

Build 943 (2022-05-17)

  • Fixed Keystroke Encryption and BadUSB Protection which caused a BSOD (APC_INDEX_MISMATCH) on Windows 11 with update KB5013943.
  • Added system-wide protection against 'Hell's Gate' defense evasion via direct system calls, or SysCall, on 64-bit applications
  • Added protection against cloning of LSASS process to Credential Theft Protection
  • Added support for ReFS file system to CryptoGuard
  • Added NOTEPAD.EXE to Office template
  • Added GPT partition support to WipeGuard
  • Added NVMe support to WipeGuard
  • Added MITRE ATT&CK references to the CookieGuard, SysCall and RemoteThreadGuard mitigations
  • Added alerting to our protection of sticky key abuse (and other accessibility features)
  • Added EA Digital Illusions CE AB to game detection
  • Improved protection against direct system calls, or SysCall, on 32-bit applications
  • Improved handling of certificates on code-signed applications
  • Improved CookieGuard alert with information about the application certificate, if any, in the alert
  • Improved CookieGuard so it now adds certificate validation information into the alert details
  • Improved WipeGuard to protection the Volume Boot Record of all mounted partitions. Previously, only the boot partition was protected.
  • Improved WipeGuard to terminate the offending process. Previously, the offending action was only blocked.
  • Improved HollowProcess to protect against PEB manipulation in a remote process where PEB is writable
  • Improved Lockdown mitigation to isolate modules (DLLs) dropped in attacks via Office documents.
  • Improved the per app mitigation settings in the user interface. It now has room for extra checkboxes.
  • Change reboot fly-out reminder interval from 1h to 8h
  • Changed Dynamic Heap Spray detection; it is now disabled on 64-bit applications
  • Changed text for Benefits button to Help center
  • Changed Sophos Privacy Notice and Terms of Service
  • Fixed issue that prevented restarting of some protected applications when using the 'restart' function from the ApplicationPanel (Running applications) when changing a setting.
  • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
  • Fixed displaying icons of UWP applications
  • Fixed several user interface inconsistencies
  • Fixed false alarm by APCViolation on Avast 'aswhook' DLL
  • Fixed false alarm by CookieGuard if application starts from a RAM-drive
  • Fixed false alarm by HollowProcess on Visual Studio
  • Fixed issue with Lockdown inheritance when parent process is OpenWith.exe
  • Fixed issue when a user tries to install HitmanPro.Alert on machine where Sophos Home Premium is already installed
  • Fixed tray icon burning CPU cycles after install
  • Fixed unexpected removal of Forza Horizon 5 under UWP exclusions
  • Updated third-party libraries
  • Several other changes under the hood

Build 923 (2021-11-30)

  • Improved Game detection.
  • Improved LockdownLoadImage whitelisting.

Build 921 (2021-11-17)

  • Added cmdl32.exe as LOLBin so Application Lockdown will block it when used by protected applications.
  • Improved CookieGuard that prevents arbitrary decryption of web browser secrets (protects session cookies and login data).
  • Improved Thumbprint generation for DLLs dropped by protected applications (LockdownLoadImage).
  • Improved detection of games to boost compatibility.
  • Fixed a minor bug in the Syscall mitigation; this mitigation stop bypasses via unsupervised system calls.
  • Several other minor fixes.

Build 915 (2021-10-22)

  • Added LockdownLoadImage mitigation to applications under the Office protection category; mitigates e.g. CVE-2021-40444.
  • Added Extended information in alert when CookieGuard detects cookie grab by untrusted code in a web browser, e.g., hashes of remote owner process and owner module.
  • Fixed Compatibility of Enforce DEP with Norton Security.
  • Fixed Small memory leak that occurred when switching CryptoGuard modes.
  • Fixed Compatibility with Windows CET (Shadow Stack).
  • Fixed Benefits Info button now lands on the correct page.
  • Improved HollowProcess (Main Thread Hijack; MTH) mitigation to detect Cobalt Strike Beacon installing over SMB.
  • Improved CookieGuard, fixed some small issues.
  • Improved Compatibility with Visual Studio triggering alerts.
  • Changed Re-enabled global Syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).

Build 907 (2021-07-09)

  • Fixed a crash that could occur in Microsoft Office 365.
  • Fixed an issue that could result our tray icon to take up to 25% CPU usage.
  • Improved the StackPivot mitigation.
  • Fixed the License expired flyout, which - when clicked - showed a request for reboot instead of going to the Activation panel.
  • Improved HollowProcess MTH mitigation, solving incompatibility with certain games.
  • Temporarily removed the system-level Syscall mitigation due to compatibility issues with some third-party security software. This new mitigation will return in an upcoming release.

Build 903 (2021-06-23)

  • Fixed the Software Radar that could cause it to not notice a just installed web browser, or adding it to the wrong mitigation template. This issue caused our new CookieGuard protection to generate false alarms.
  • Fixed an issue in the CryptoGuard anti-ransomware engine that could cause a BSOD on Windows 10 Insider Build 21390.
  • Improved support for Windows on ARM. We noticed that since build 895 we always shipped the ARM64 driver of that release. This has been corrected.
  • Improved Stack Pivot exploit mitigation to support adjacent stack range in certain situations.
  • Improved detection of Chromium-based web browser for CookieGuard.
  • Added Thumbprint generation for remote-debugging-port CookieGuard detection.
  • Added checkbox to our new system-wide syscall mitigation. You can find in in the Advanced interface, under Risk reductions > Process Protection > Unexpected system calls (Stop evasion of security hooks).

Build 901 (2021-06-02)

  • Fixed more compatibility issues between process hollowing and certain games.
  • Fixed an issue with three CryptoGuard 5 Thumbprints that were not working in the previous build.
  • Fixed a potential security issue where specifically crafted malware on the machine could craft and manipulate a file structure to elevate privileges.
  • Improved compatibility of CookieGuard with browsers that are attached to the Office mitigation profile.
  • Temporarily disabled the fix that detects Cobalt Strike delivery over SMB. The fix appears to be incompatible with many game launchers that actually perform main thread hijacking.
  • Temporarily disabled system-wide Syscall mitigation as certain third-party security products, like Cylance, actually attempt to bypass API calls by directly jumping to kernel functions via a syscall.
  • Temporarily set CookieGuard's Remote Debugger Port detection to silent as it causes issues with some web developer machines.

Build 899 (2021-05-25)

  • Added New Cobalt Strike single-stage mitigation. When Cobalt Strike Beacon temporary de-cloakes in memory to retrieve new commands from the adversary, HitmanPro.Alert will hold and inspect the decrypted memory area for the presence of Beacon. 
  • Note: In a normal multi-stage scenario, Cobalt Strike Beacon is already proactively blocked by our patented HeapHeapProtect mitigation. This new Cobalt Strike mitigation now also thwarts the single-stage scenario. And upon detection of Beacon it also extracts and reports the full Cobalt Strike C2 profile configuration from memory. 
  • Added DNS stager detection, when – for example – Cobalt Strike Beacon communicates over DNS with command-and-control (C2). 
  • Added SysCall mitigation to every process so it now also blocks the Heaven’s Gate defense evasion technique in malware. The Heaven's Gate technique allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. 
  • Added CookieGuard mitigation. It protects (MFA) session cookies and passwords stored in popular Chromium based web browsers, like Google Chrome and Microsoft Edge on Chromium. 
  • Added an extra message box when an update is pending, and the user clicks on the associated flyout. The message informs the user that the machine must be restarted before the update is actually applied. 
  • Fixed stack pivot exploit mitigation so it no longer triggers incorrectly on Internet Explorer loading a digital rights management (DRM) related library for streaming DRM protected content. 
  • Fixed APC Violation mitigation so it now correctly identifies process injection from VMware. 
  • Fixed Code Cave mitigation so it now plays nice with DRM code from gaming company Electronic Arts (EA). 
  • Fixed Kernel32Trap mitigation so it no longer causes issues with certain code compiled with Visual Studio. 
  • Improved CryptoGuard 5 anti-ransomware engine. For example, the note spray evaluator is more tolerant when installers drop the same text file across many folders. 
  • Improved threat termination. It's now even more robust, especially when the threat runs with high privileges outside of user session(s). 
  • Improved compatibility with certain games that perform tricks that trigger our main thread hijacking protection (part of Hollow Process Mitigation). 
  • Note: We no longer support or update HitmanPro.Alert builds running on Windows 7 RTM (no service pack), Windows Vista and Windows XP. This is because Microsoft mandates the use of SHA-2 to sign our code. These older versions of Windows only support SHA-1 and would not allow our new driver to load. 

Build 891 (2021-04-12)

Special maintenance release: this is the last build that supports Windows XP, Windows Vista and Windows 7 RTM (no service pack). These Windows versions only support SHA-1 for code-signing certificates. Microsoft decided to require SHA-2 for new drivers while it did not release SHA-2 support for these Windows versions. So, in other words, we cannot release new kernel-mode drivers (with new functionality) for these older operating systems. If you run one of these old Windows versions we urge you to upgrade. On these Windows versions, HitmanPro.Alert will no longer update itself after this build.Both 32-bit and 64-bit versions of Microsoft Windows 7 SP1, Windows 8, Windows 8.1 and Windows 10 remain supported and will soon receive a new HitmanPro.Alert version with new features.

Build 889 (2020-12-21)

  • Fixed False alarm on Chrome 88 and higher by the Stack Pivot exploit mitigation
  • Improved Heap Heap Protect shellcode detection

Build 887 (2020-11-24)

  • Added HeapHeapProtect: Code running in dynamic memory, in RUNDLL32.EXE and REGSVR32.EXE, can no longer manipulate other dynamic memory. This proactively helps against many backdoor tools, trojans and ransomware families.
  • Added Tamper Protection by filtering process and thread handles against terminate, suspend and injection. Also added menu item to settings menu.
  • Added Automatic protection of Microsoft Access against exploitation.
  • Added DLL Hijacking protection on HitmanPro malware scanner to prevent privilege escalation.
  • Improved Alert report now includes a list of services if a process runs as a service.
  • Improved CryptoGuard-only now also enables anti-malware.
  • Improved GUI: Added anti-malware menu item to settings menu.
  • Improved GUI: EULA on install dialog
  • Improved Windows on ARM: Now offloads SHA-256 calculation to hardware via NEON instructions, resulting in 7 times performance boost.
  • Improved Windows on ARM: Fixed last scan timestamp.
  • Improved AmsiGuard: Now supports unloading of AMSI.DLL.
  • Improved ApplicationLockdown: Prevent execution of an Visual Basic file via EXPLORER.EXE from an Office application.
  • Improved CredGuardSAM: Prevent registry command line tool from dumping credentials.
  • Improved WipeGuard: Volume Boot Record (VBR) protection and alert details.
  • Improved Minifilter driver altitude, lowered from 345800 to 221600, to prevent third party minifilters from adversely affecting ransomware detection.
  • Fixed CodeCave: coding error that could cause certain rare applications to crash.
  • Fixed CodeCave: False alarms when application is packed with boxedApp packer.
  • Fixed ACPProtection: False alarms when application is packed with boxedApp packer.
  • Fixed ApiSetGuard: False alarms on a standard DLLMain implementation that does nothing but returning 0 or 1.
  • Fixed CryptoGuard 5: False alarm in combination with Dropbox.
  • Fixed CryptoGuard 5: False alarm when deleting many files on and endpoint protected by Bitdefender’s CryptoStore feature.
  • Fixed HeapHeapProtect: Applications under attack could crash when the used shellcode caused an unaligned stack.
  • Fixed Crash in Equation Editor when under attack, caused by Data Execution Prevention (DEP).
  • Fixed Italian string in Systray context menu.

Build 875 (2020-07-02)

  • Updated CryptoGuard to version 5.5. This new version offers improved performance on systems with high-end hardware (e.g. NVMe M.2 SSDs)
  • Improved CryptoGuard detection
  • Improved WoW64 mitigation
  • Improved upgrade of build 7xx to a 8xx build
  • Improved installer to detect partial old installation
  • Improved the internal updater to check more frequent for updates
  • Various minor improvements
  • All binaries built with Visual C++ 16.6.1 with Spectre mitigations

Build 871 (2020-04-20)

  • Fixed BSOD occurring on some computers with Windows 10 version 2004 (20H1)
  • Improved Lockdown mitigation
  • Improved False positive handling
  • All binaries built with Visual C++ 16.5.4 with Spectre mitigations

Build 869 (2020-04-13)

  • Fixed handle leak in Alert's service process
  • Fixed compatibility with BoxedApp applications
  • Fixed event log to show the timestamp in local time instead of UTC time
  • Fixed a device reference counting issue in the driver related to WipeGuard mitigation
  • Improved CryptoGuard 5 algorithms
  • Improved APC mitigation
  • Improved DEP mitigation
  • Improved HeapHeapProtect detection
  • Improved HeapSpray mitigation
  • Improved SysCall mitigation
  • Improved the update pending message to be shown more frequent instead of just once
  • All binaries built with Visual C++ 16.5.3 with Spectre mitigations

Build 867 (2020-03-11)

  • Fixed an issue with CryptoGuard 5 when it handles very large files, that could've lead to a BSOD
  • Added Prevent token privilege manipulation to Local Privilege Mitigation (PrivGuard)
  • Improved Credential Theft Protection (CredGuard) when an attacker attempts to export the Security Account Manager (SAM) database from the Windows Registry for offline password dumping (e.g. via Mimikatz)

Build 865 (2020-03-05)

  • Added CiGuard (part of PrivGuard) that prevents Driver Signing Enforcement (DSE) code integrity abuse
  • Improved CryptoGuard 5 detection and reporting
  • Improved APC Mitigation detection
  • Improved HeapHeapProtect detection
  • Improved Restart application when changing a mitigation
  • Improved Tray icon to indicate when service is no longer running
  • Improved CodeCave mitigation
  • Fixed SysCall mitigation
  • Fixed Memory issue when event could not be written to Excalibur
  • Fixed Thumbprint suppression issue
  • Fixed Detection of signed applications that start before Cryptography Service has started
  • Fixed HeapHeapProtect was shown as exploit instead of behavior in event list
  • All binaries built with Visual C++ 16.4.5 with Spectre mitigations

Build 863 (2020-02-04)

  • Improved CryptoGuard 5 detection
  • Improved minifilter performance
  • Improved compatibility with VMware ThinApp applications
  • Improved compatibility with BoxedApp applications
  • Improved compatibility with Checkpoint
  • Various minor improvements to alert reports
  • Fixed CTF Guard false alarms on some computers
  • Fixed RDP Guard showing a flyout on non-RDP sessions on Windows 7
  • Fixed HeapHeapProtect false alarms on Visual FoxPro applications
  • Fixed APC mitigation false alarms on some .NET 1.1 applications
  • Fixed Generic.Ransom.E false alarms on LSASS.exe on 64-bit computers
  • All binaries built with Visual C++ 16.4.3 with Spectre mitigations

Build 861 (2020-01-10)

  • Improved CryptoGuard 5 performance
  • Improved suppress alert event user interface
  • Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
  • Fixed potential local privilege escalation (LPE)

Build 859 (2019-12-30)

  • Added CryptoGuard v5, a completely new anti-ransomware engine. It offers increased performance and reduced I/O overhead – which is specifically noticeable in low-bandwidth network scenarios and on endpoints where many documents or other files change frequently.
  • CryptoGuard can run in either v4 or the new v5 mode.
  • CryptoGuard v5 block modes: Terminate, Isolate and Audit
    • Terminate: terminates and isolates the ransomware process (new default)
    • Isolate: detects and isolates the ransomware by revoking write access (old default)
    • Audit: detects ransomware, but takes no action on it (new)
  • Added RDP Lockdown to isolate Remote Desktop (RDP) sessions. It prevents attackers, that brute-forced or otherwise obtained a correct logon credentials, from installing new programs like ransomware. It blocks access to new binaries that are introduced in RDP sessions, strips administrator privileges from new processes and allows to generate a 2-factor token file to unlock an RDP session (automatically enforced when enabling mitigation).
  • Added APISetGuard, part of DLL Hijacking mitigation, to prevent adversaries from using a malicious ApiSet Stub DLL alongside a trusted application.
  • Added FileProtection to block replacement of accessibility tools from remote (like StickyKeys and Utilman). This mitigation also protects the Anti-Malware Scan Interface (AMSI.DLL) in memory against tampering.
  • Added JIT Guard that prevents the use of Win32 API calls from within just-in-time (JIT) memory in Chrome and Firefox based web browser applications.
  • Added Safe Mode support to stop ransomware that forces Windows to (re-)boot into a diagnostic mode and encrypt the system from there – in Safe Mode.
  • Added Event List panel to the user interface to view previous alerts and the involved MITRE ATT&CK TTPs. This replaces the use of the Windows Event Viewer (alerts are still recorded to the Windows Event Log, of course).
  • Added Event Process Tree panel to provide a graphical timeline revealing how an attack took place. Includes clickable objects, view dropped files per process, show time between processes, their exit state and hyperlinked SHA-256 hashes that opens a report on VirusTotal (when it has one).
  • Added Protected Volumes list panel to view the local and removable volumes as well as the network shares that are protected by CryptoGuard from ransomware.
  • Added ability to suppress subsequent alerts on the same application, mitigation and condition (from the Event List).
  • Added license expiration reminder. Users that renew their license will receive a discount of 15% on a new license when buying one via the new reminder message.
  • Added Anti-Malware now relies on a new network manager module to detect when internet connection is lost or restored.
  • Added Excalibur.db is regularly truncated to prevent the file to become too large on high activity machines).
  • Added Alert Events are now also stored in excalibur.db, the local event trace database.
  • Improved Heap Heap Protect to also block malicious process migration and .NET attack code that spawns from PowerShell.
  • Improved Application Lockdown to block the use of specific critical DCOM functions by VBA macros in Office applications.
  • Improved CodeCave mitigation.
  • Improved HeapSpray mitigation.
  • Improved CryptoGuard 4 and 5 now also handles ransomware attacks that leverage EFS (Windows Encrypting File System).
  • Improved CryptoGuard 4 and 5 can now handle a deficiency in Windows leveraged by the RIPlace evasion technique.
  • Improved WipeGuard inadvertently protected USB drives that were already connected during boot.
  • Improved Keystroke Encryption was default enabled on the first window that was visible after install.
  • Improved Inner workings of the Keystroke Encryption engine.
  • Improved Keystroke encryption engine now correctly handles the Windows 10 Emoji Picker (shortcut Win + . )
  • Improved Service is now hardened against an unsolicited stop commands.
  • Improved Alert processes are now additionally hardened by enabling several Windows 10 exploit mitigations.
  • Fixed initial dashboard when installing product in CryptoGuard-only mode.
  • Fixed Alt-Tab window could get stuck when the foreground process had keystroke encryption active.
  • Removed Credential Theft Protection no longer shields the Security Accounts Manager (SAM) database on the disk (CredGuard SAM). Too many legitimate applications access the SAM database for no apparent reason.

Build 797 (2020-05-29)

  • Fixed a BSOD in Windows 10 version 2004 (20H1)
  • Fixed a handle leak in the service
  • Fixed a reference count in the driver

Build 795 (2020-02-10)

  • Fixed Security issue (CVE pending)
  • Improved Application panel scrolling

Build 793 (2019-12-04)

  • Improved CryptoGuard to handle a deficiency in Windows leveraged by the RIPlace evasion technique
  • Fixed a CryptoGuard EFS false positive on LSASS (Local Security Authority Sub System)

Build 791 (2019-10-14)

  • Improved CryptoGuard 4 anti-ransomware module

Build 789 (2019-09-06)

  • Fixed rare stack alignment issue on Windows 10 build 1903 (19H1) caused by recent Keystroke Encryption change
  • Improved compatibility with Webroot security software, fixing application crashes
  • Improved compatibility with Bitdefender security software, fixing application crashes
  • Improved compatibility with Trend Micro security software, fixing application crashes
  • Improved compatibility of CTFGuard with VMware ThinApp

Build 787 (2019-08-29)

  • Improved compatibility with Webroot security software
  • Improved compatibility with Bitdefender security software

Build 785 (2019-08-23)

  • Added CTF Guard under Risk Reductions, which validates CTF protocol callers. This new system-level exploit mitigation protects against abuse of the undocumented Windows CTF protocol as mentioned in CVE-2019-1162, discovered by Tavis Ormandy. More details: https://news.sophos.com/en-us/2019/08/22/blocking-attacks-against-windows-ctf-vulnerabilities/
  • Improved Keystroke Encryption on Windows 10 version 1903 (19H1). For example, renaming a file in a Save As dialog of a web browser should now work as expected
  • Improved Keystroke Encryption compatibility with ESET Internet Security

Build 781 (2019-07-15)

  • Improved compatibility with third-party security applications on Windows 10 version 1903 (19H1). The latest Windows 10 update applies extra exploit protections on fontdrvhost.exe, which could cause the machine to freeze into a black screen when logging off
  • Improved Application Lockdown compatibility with the Microsoft .NET Visual C# command-line compiler (csc.exe)
  • Improved exclusion capability of the Kernel32Trap mitigation (part of Process Hollowing mitigation). This system-wide exploit mitigation blocks applications that disrespect module load order
  • Improved Heap Heap Protect – our system-wide dynamic shellcode mitigation – to handle third-party hooks and compatibility with binaries packed with PECompact
  • Improved compatibility with return-oriented programming (ROP) exhibited in the OfficeTabLoader

Build 779 (2019-04-24)

  • We've switched from audit to termination of malicious software that violate our novel signature-less heap memory protection: Heap Heap Protect. This means that rampant malware like Emotet, Dridex, BitPaymer and other families can now be stopped based on the threat's runtime memory allocation behavior caused by multi-layer obfuscation and packing techniques to bypass machine learning (ML) and AV checking. It also universally blocks active multi-stage backdoors employed in supply chain attacks embedded in trusted applications, like the CCleaner incident
  • Improved Heap Heap Protect mitigation, boosting compatibility with games and certain compressed binaries. In addition, we've improved detection of threats that allocate memory in another running application (code injection / process migration)
  • Improved detection of binaries backdoored by Shellter Pro (part of Code Cave mitigation)
  • Improved Hardware Assisted Control Flow Integrity (HA-CFI) on mainstream Intel microprocessor hardware
  • Differentiated between exploits that trigger CallerCheck (a per-application mitigation) and packers that blindly call kernel32, which also triggers CallerCheck but are now reported as Kernel32Trap (a system-wide mitigation)
  • Improved compatibility with Windows System Restore
  • Improved Enforce DEP (Data Execution Prevention) as it previously did not set a flag correctly
  • Classified more trusted binaries as LOLbin (Living-of-the-Land binary), which means attackers cannot abuse them in attacks via Browsers and productivity applications
  • Improved handling of crashing application as they could previously trigger one or more exploit mtigations (i.e. KiUserExceptionDispatcher on Windows 10 was not correctly recognized)
  • Fixed a potential BSOD when the HitmanPro.Alert Service shuts down
  • Fixed memory corruption in PipeWorker which could be triggered when the user manually added a large amount of other applications under exploit protection
  • Fixed compatibility with the Windows Store version of Forza Horizon 4
  • Fixed compatibility with Windows Vista
  • Fixed some false positives occurring in the Firefox web browser, which were caused by our hardware assisted ROP mitigation that employs Last Branch Record (LBR) in Intel microprocessor hardware. On Firefox version 57 and up, HitmanPro.Alert will no longer enforce control-flow integrity using hardware registers
  • Fixed a bug in the Code Cave mitigation involving a NOP sled that inadvertently could overwrite code placed by a third party security application
  • Fixed another conflict with Universal Windows Platform (UWP) applications and our Code Cave mitigation, when running HitmanPro.Alert alongside F-Secure / Ziggo Internetbeveiliging / KPN Veilig

Build 775 (2019-02-01)

  • Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly
  • Improved Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications
  • Improved Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs
  • Improved Alert info regarding our real-time Anti-Malware and Code Cave mitigation
  • Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack

Build 773 (2019-01-16)

  • Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
  • Improved Heap Heap Protect
  • Improved CodeCave
  • Fixed Trend Micro Intruder/Safe Browsing incompatibility

Build 771 (2018-12-15)

  • Added Dynamic Shellcode Mitigation aka Heap Heap Protect, which helps prevent threat actors from loading unsafe code into memory). This mitigation is still in silent detection mode.
  • Added Reduction of false-positives for DEP alerts in case of crashing applications
  • Added New LoLBin to Application Lockdown
  • Added OpenWith.exe to the Office Template to help mitigate the CVE-2018-8495 exploit attack
  • Improved Shellcode mitigation (system-wide) to detect backdoor stage/payload on the heap
  • Improved Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasion technique
  • Improved CryptoGuard to block specific variants of the Dharma ransomware, that include a specific needless action to thwart behavior monitoring
  • Improved Dynamic Heap Spray Mitigation to allow certain memory block patterns
  • Improved Dynamic Heap Spray compatibility issue's with .NET applications
  • Improved Code Cave mitigation (system-wide) to detect rare Shellter Pro binaries configured with uncommon evasions technique
  • Improved CryptoGuard compatibility on Windows 10 19H1 (i.e. current Windows Insider preview builds)
  • Improved 64-bit call stack parsing (improves stability)
  • Improved Code Cave Mitigation, now showing SHA-256 of the process in the Alert Info
  • Fixed Compatibility issue with ESET Smart Security in combination with Google Chrome
  • Fixed WipeGuard can now handle disks with other sector sizes than 512
  • Fixed Rare BSOD in WipeGuard when it was running out of stack
  • Fixed Process Protection user interface menu now correctly disables the features when no valid license is present
  • Fixed Automatic update when running HitmanPro.Alert in Anti-Ransomware (CryptoGuard) only
  • Fixed Issue when Anti-Malware is enabled/disabled; the service stopped responding/system became unstable
  • Fixed Minor update problem in CryptoGuard UI when an attack had occurred
  • Fixed Issue with pipe communication between service and client when volume name is changed
  • Fixed Hollow Process Mitigation false positive with VMware ThinApps
  • Fixed Issue that caused Visual Studio's vswhere.exe not to start correctly
  • Fixed IAT/IAF hardcoded whitelisting not working properly
  • Fixed Stability issue when report files get corrupted
  • Removed Menu option to enable/disable SMB CryptoGuard protection (crypto-ransomware attack from remote machine); it is always enabled on supported systems, i.e. 64-bit Windows

Build 759 (2018-09-17)

  • Added Mitigation of local privilege escalation via Task Scheduler (CVE-2018-8440 / @SandboxEscaper)
  • Added Compatibility with Windows 10 Redstone 5
  • Improved WipeGuard mitigation handling VBR sectors
  • Improved Asynchronous Procedure Call (APC) Mitigation
  • Improved SEHOP mitigation performance improvement
  • Improved Compatibility with 3rd party products that use PUSH/RET in their API hooks
  • Improved Windows Vista code injection
  • Fixed Compatibility with Windows XP Embedded POSReady 2009
  • Fixed Compatibility with Microsoft Edge Application Guard (WDAG) failed to start
  • Fixed Compatibility with Microsoft Hyper-V failed to start
  • Fixed Compatibility with F-Secure DeepGuard
  • Fixed False positive ROP detection (stack-based) in Google Chrome 69 caused by (DRM) widevinecdm.dll
  • Fixed Security issue (CVE assigned)
  • Updated Botan 2.7.0
  • Updated Sqlite 3.24.0
  • Updated All code compiled with Visual Studio C++ 15.8.4
  • Disabled hardware-assisted ROP mitigation on Chrome 67 (or newer) due to their use of RETpoline
  • Removed Network Lockdown mitigation (deprecated) / hmpnet.sys

Build 751 (2018-08-24)

  • Fixed issue with cloud communication component.

Build 750 (2018-07-11)

  • Improved Intruder detection (Safe Browsing) on Trickbot trojan
  • Improved compatibility with Microsoft Office and Internet Explorer 11
  • Improved process startup performance of applications protected with Exploit Mitigations
  • Improved Hardware Assisted Control-Flow Integrity (HA-CFI) performance by increasing the LBR stack-pool
  • Improved Code Cave Mitigation
  • Improved Asynchronous Procedure Call (APC) Mitigation
  • Improved Credential Theft Protection, LSASS protection
  • Improved Java exploit mitigation profile; removed obsolete protections for Java processes
  • Improved Thumbprint technology on the CallerCheck exploit mitigation, which now allows us to whitelist e.g. a CreateProcess from the 1Password just-in-time .NET code running inside a web browser or Outlook as a plug-in
  • Fixed a crash occurring during a specific ROP exploit, e.g. during attack on CVE-2018-9958
  • Fixed issue with Microsoft Edge browser on Windows 10 Redstone 4 32-bit (x86)
  • Fixed a false positive in Chrome caused by the Dynamic Heap Spray exploit mitigation
  • Fixed Bug in mono (.NET xPlatform lib) causing a CallerCheck
  • Fixed VBScript God Mode false positives in Internet Explorer
  • Fixed potential BSOD caused by CryptoGuard
  • Fixed LoadLib Alert in Firefox when loading NPAPI plugin(s)
  • Fixed Windows 7 hanging on shutdown
  • Fixed WipeGuard running inside Hyper-V guest systems
  • Added a workaround for an issue with Chrome 67 (and newer) which triggered our Hardware Assisted Control-Flow Integrity (HA-CFI) now Chrome generates ROP chains on the fly for a legitimate reason. Note that the workaround is we disabled the use of LBR records during ROP checks on Chrome 67 (and newer).
  • Added list of loaded modules to the alert details of the WipeGuard and CryptoGuard modules, to help with triaging attacks originating from trusted processes
  • Added wmic.exe to Application Lockdown to block abuse in a SquiblyTwo attack; like PowerShell, MSHTA, regsvr32.exe, wmic.exe is a LOLbin – a Living of the Land binary, that can be abused by attackers
  • Added Japanese language to user interface

Build 739 (2018-03-29)

  • Improved activation, solves issue occurring during an error
  • Improved Webcam Notifier so it records additional details in the Windows Event Log
  • Improved Asynchronous Procedure Call (APC) mitigation
  • Improved Intruder alert; added platform details, limited hooked APIs and partial hex dump of trampolines
  • Fixed issue with Symantec's NtProtectVirtualMemory hook, which caused our shellcode and Symantec's shellcode to call each other in an infinite loop
  • Fixed CryptoGuard unblock blocked process
  • Fixed Intruder false positive when Malwarebytes and other products are detouring critical functions in the web browser; introduced since build 738
  • Fixed not showing of Intruder true positive when alert info was too big (pipe communication can now handle very large messages)
  • Fixed false positives with Credential Theft Protection (LSASS)

Build 738 (2018-03-13)

  • Improved Credential Theft Protection mitigation (LSASS shielding) so it no longer alerts on non-committed memory that caused false positive alerts
  • Added /qspectre compile flag on main hmpalert.exe binary

Build 737 (2018-03-07)

  • Improved Credential Theft Protection, which now terminates applications that attempt to access LSASS in an offending way
  • Improved error handling when activating a trial or product key
  • Improved CryptoGuard to handle a new technique used by SamSam ransomware
  • Improved mini-filter performance which speeds-up CryptoGuard
  • Improved CryptoGuard to handle compressed PDF files more accurately
  • Improved Application Lockdown with detailed thumbprint generation for script-based attacks and to block abuse of CertUtil and Python
  • Improved event logging of APC mitigation alerts
  • Improved Code Cave mitigation
  • Improved startup time of the HitmanPro.Alert Service
  • Added Event ID 800 (malware detected) to the custom HitmanPro.Alert view in the Windows Event Log
  • Added malware detections to the "Number of alerts" counter on the HitmanPro.Alert user interface
  • Added support for Spectre mitigations; i.e. our binaries are now compiled with /Qspectre compiler switch
  • Added offline indicator when the HitmanPro Anti-Malware Cloud is unreachable
  • Fixed the "Scan failed" issue which could occur when pressing the "Scan Computer" or "Scan with HitmanPro" button
  • Fixed unexpected behavior of Safe Browsing to improve detection and prevent false positives
  • Fixed issue that prevented proper disabling of Exploit Mitigations on Java binaries
  • Fixed rare issue that caused a hanging thread (locked a file) when CryptoGuard creates a file backup
  • Fixed an issue with code injection on Windows XP
  • Fixed an issue with the Reflective DLL Injection mitigation (part of Load Library mitigation)
  • Fixed an issue with the Windows 10 Start Menu
  • Fixed an issue when importing previously exported settings
  • Fixed a rare issue that could cause a BSoD mentioning partmgr.sys
  • Several other minor fixes and improvements

Build 729 (2018-01-08)

  • Improved CodeCave, HeapSpray, CryptoGuard, HollowProcess Mitigations
  • Added PrivGuard: mitigate MS16-032 (CVE-2016-0099)
  • Added Application lockdown for Microsoft office Equation Editor (CVE-2017-11882)
  • Fixed BadUSB Alert during boot while BadUSB was disabled
  • Fixed IAF FP in Nero Media player
  • Fixed Windows System Image Backup failing with locked EFI/ESP
  • Fixed Antimalware won't (stay) enable(d)

Build 723 (2017-11-22)

  • Added Real-Time Anti-Malware, which works with the HitmanPro cloud.
  • Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks.
  • Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process.
  • Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks.
  • Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence.
  • Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection).
  • Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update).
  • Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
  • Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
  • Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites.
  • Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
  • Improved Import Address Table Address Filtering (IAF) exploit mitigation.
  • Improved code injection of the HitmanPro.Alert Support Library (DLL).
  • Improved upgrade when running in 'Anti-ransomware only' mode.
  • Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes.
  • Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security).
  • Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
  • Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
  • Fixed a DEP mitigation triggered in some Microsoft Excel macro's.
  • Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
  • Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
  • Many other minor fixes and improvements.

Build 604 (2017-06-22)

  • Added Asynchronous Procedure Call (APC) mitigation which protects against the DoublePulsar code injection. This mitigation is part of Risk Reductions > Process Protection.
  • Improved CryptoGuard
  • Improved compatibility with Steam
  • Improved path translation for thumbprints
  • Improved DLL injection to respect Protected Process and Trustlets
  • Fixed compatibility when installing inside QEMU/KVM hypervisor
  • Fixed compatibility with Symantec Endpoint Protection on Windows XP
  • Fixed compatibility with Firefox 52 (or newer) on Windows XP

Build 592 (2017-05-11)

  • Fixed CryptoGuard false positive

Build 588 (2017-03-30)

  • Fixed IAT Filtering (IAF) false positive when starting an application (occurred randomly)
  • Fixed Intruder false positive caused when DLLs are frequently loaded/unloaded
  • Fixed ROP while handling an exception in 64-bit applications
  • Fixed 32-bit binaries no longer require an SSE capable CPU
  • Improved CryptoGuard by adding support for additional file types

Build 586 (2017-02-10)

  • Fixed bug in CryptoGuard correlation

Build 584 BETA (2017-02-07)

  • Improved installer/uninstaller
  • Improved compatibility with MBAE, MBAM v3 and EMET
  • Improved CallerCheck mitigation
  • Improved DEP mitigation
  • Improved compatibility with software using delay-loaded user32.dll
  • Fixed issue with Forza Horizon 3 failing to start
  • Fixed issue with Enpass UWP failing to start
  • Fixed rare crash in Mozilla Firefox when running with Norton
  • Fixed rare crash in conhost.exe
  • Fixed rare BSOD in WipeGuard in combination with some USB fixed disks
  • Fixed small memory leak
  • The issue with Overwatch was fixed by Blizzard

Build 580 BETA (2017-01-20)

  • Fixed BSOD in CryptoGuard
  • Fixed BSOD in WipeGuard

Build 579 BETA (2017-01-18)

  • Microsoft co-signed both hmpnet.sys and hmpalert.sys drivers

Build 578 BETA (2017-01-16)

  • Improved compatibility with third-party applications trying to modify our DLL in-memory
  • Improved compatibility with Turbo.net (or Spoon.net) applications
  • Improved Self Protection
  • Improved ROP exploit mitigation
  • Improved CryptoGuard
  • Added tamper protection to CryptoGuard minifilter
  • Added Hangul Word Processor to Software Radar
  • Fixed rare crash in Firefox caused by misaligned stack
  • Fixed compatibility with Trusteer Rapport on 32-bit browsers
  • Updated Network Filtering component
  • Updated Libpng library to latest version
  • Updated sqlite3 library to latest version

Build 574 (2016-11-29)

  • Added thumbprint based suppression technology
  • Improved CryptoGuard
  • Improved BadUSB enable/disable
  • Improved Application Lockdown
  • Improved DEP mitigation reporting details
  • Improved LoadLib mitigation
  • Improved WipeGuard
  • Improved SEHOP mitigation
  • Improved compatibility with 32-bit Java desktop applications requiring 1GB+ memory
  • Improved colored window border to support app windows (eg. KeePass)
  • Fixed support for Windows XP
  • Fixed Intruder detection on Websense DLL in 64-bit browser processes
  • Fixed ROP detection in Photoshop Elements Editor
  • Several minor improvements

Build 562 (2016-09-23)

  • Added CryptoGuard 4.5
  • Improved LoadLib mitigation technical details
  • Fixed LoadLib mitigation false positive on computers with specific old Hewlett Packard printer driver
  • Fixed typo in Dutch language
  • Updated Danish language

Build 558 (2016-09-09)

  • Added compatibility for computers running Windows 10 Anniversary Update with SecureBoot enabled
  • Improved CryptoGuard ransomware detection
  • Improved CryptoGuard on Distributed File Systems (DFS)
  • Improved compatibility with Norton Security
  • Improved compatibility with Trend Micro
  • Improved compatibility with Bitdefender on 64-bit computers
  • Improved compatibility with Trusteer Rapport on 64-bit computers
  • Fixed CryptoGuard false positive while previewing many Excel files
  • Fixed BSOD caused by WipeGuard resource locking

Build 546 (2016-07-22)

  • Version 3.5
  • Added CryptoGuard 4th generation
  • Added WipeGuard mitigation
  • Added DLL hijack mitigation on downloaded binaries
  • Added Hardware-Assisted IAT filtering
  • Added Import and Export of Settings
  • Improved Hardware-Assisted Control-Flow Integrity (CFI) mitigation
  • Improved ROP mitigation
  • Improved CallerCheck mitigation
  • Improved Heap Spray mitigation
  • Improved Hollow Process mitigation
  • Improved Application Lockdown
  • Improved Colored Window Border
  • Improved overall mitigation performance
  • Improved reporting details
  • Improved compatibility hooks
  • Improved 3rd party trampoline handling
  • Improved support for binaries with Intel® MPX instructions
  • Fixed Software Radar incorrectly detecting 64-bit applications
  • Various minor improvements

Build 374 (2016-06-21)

  • Improved CryptoGuard to detect Zyklon ransomware.
  • Improved CryptoGuard handling of network based renames.
  • Improved callstack report.
  • Fixed rare BSOD when local ransomware encrypts local file share.
  • Fixed off-by-one issue in command line parser.
  • Fixed ROP mitigation caused urlmon false negative.
  • Fixed ROP mitigation caused advapi32 false positive.
  • Several minor improvements.

Build 373 (2016-05-30)

  • Improved compatibility with Firefox 46.
  • Improved compatibility with Bitdefender 2016.
  • Improved Attack Surface Reduction compatibility with System Mechanic.
  • Improved ROP mitigation.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Fixed code injection issue with Windows 7 KB3146706.

Build 368 (2016-04-27)

  • Improved compatibility with Firefox 46.
  • Improved SysCall mitigation (part of Control-Flow Integrity) on Windows 10 Redstone.
  • Improved Colored Window Border.
  • Improved hardware-assisted ROP mitigation performance.

Build 367 (2016-04-26)

  • Added mitigation to prevent regsvr32.exe abuse via COM scriptlets.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Improved Skype detection in software radar.
  • Improved short filename (8.3) handling in software radar.

Build 364 (2016-04-08)

  • Fixed an issue with Application Lockdown mitigation on browsers.

Build 363 (2016-04-06)

  • Fixed an issue related to trial activation (bug introduced in build 351).
    If you wanted to try HitmanPro.Alert before but received the error message "This computer already had a free trial", you may want to try again with this new build.

Build 362 (2016-04-04)

  • Improved CryptoGuard mitigation (Anti-Ransomware) to fix a bug introduced with build 357.
  • Improved ROP mitigations.
  • Improved keystroke scrambling of Keystroke Encryption.
  • Fixed compatibility with VirtualBox hardening.
  • Fixed compatibility with Microsoft Edge 31.14279 (Redstone).
  • Fixed compatibility with Microsoft OneNote' e-mail function.
  • Updated embedded libpng library.

Build 360 (2016-02-25)

  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved user interface icon strip double click handling.
  • Fixed rare BSOD in hmpnet.sys.

Build 357 (2016-02-12)

  • Added support for Windows 10 Insider Preview build 14251 (Redstone).
  • Fixed hmpnet.sys not enabling on Windows 8 (or newer).
  • Fixed crash when passing additional argument along /install command line switch.
  • Fixed SelfProtection false positive.
  • Fixed Teredo Tunneling Adapter. It is no longer disabled.
  • Changed Vaccination default from Active to Passive on fresh installs.
  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved upgrade of BadUSB and Vaccination settings.
  • Improved compatibility with Emsisoft Internet Security
  • Improved compatibility with Avast! on Windows 8.1 x64.
  • Improved compatibility with Kaltura.
  • Improved uninstall information.
  • Improved uninstall of hmpnet.sys on 32-bit systems.
  • Added protection against DLL preloading attacks.
  • Updated several translations.

Build 351 (2016-01-19)

  • Added Silent Audit feature.
  • Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files.
  • Improved Webcam Notifier to support Windows Hello.
  • Improved feedback to user when failing to activate a product key.
  • Improved keystroke encryption when BadUSB is disabled.
  • Improved settings upgrade from old version of Alert.
  • Fixed keystroke encryption compatibility with Trusteer Rapport.
  • Fixed race condition when specifying both /install and /lic command line switches.
  • Fixed rare BSOD in hmpnet driver on some Windows 10 computers (build 10586).
  • Changed BadUSB protection default to off for new installs.
  • Updated network component for improved compatibility and performance.

Build 344 (2015-12-11)

  • Improved ROP mitigations.
  • Fixed compatibility with Telegram Desktop.
  • Fixed compatibility with Sophos Web Interceptor.
  • Fixed compatibility with Sophos SafeGuard Encryption.
  • Added Swedish language.
  • Updated Polish language.
  • Updated Indonesian language.

Build 343 (2015-12-08)

  • Improved hardware-assisted ROP mitigation.
  • Improved DEP mitigation.
  • Improved BadUSB mitigation.
  • Improved upgrade procedure.
  • Improved hooking engine.
  • Fixed compatibility with Avast! on 64-bit systems.
  • Fixed keystroke encryption compatibility with Trusteer Rapport.

Build 340 (2015-11-25)

  • Added full support for Windows 10, including TH2.
  • Added support for Microsoft Edge browser.
  • Added Exploit Mitigation support for Windows Apps (Metro applications).
  • Added Anti-Ransomware install mode.
    This mode supports Windows Server 2008 R2 (or newer) environments. Requires Server license.
  • Added support for 6th generation Intel® Core™ processors (codename Skylake).
  • Added SysCall mitigation (thanks Niels Warnars).
  • Added WoW64 mitigation.
  • Added untrusted font mitigation for computers running Windows 10.
  • Added VTable Hijack mitigation on Adobe Flash.
  • Added new Colored Window Border implementation to support Windows Apps (Metro applications).
  • Added new Keystroke Encryption implementation.
  • Added GUI access to alert logs in Windows Event Viewer (on Windows Vista and newer).
  • Added Control Flow Guard support.
    All binaries of HitmanPro.Alert have been compiled with Control Flow Guard (CFG).
  • Improved DEP mitigation.
  • Improved ROP mitigation (thanks Niels Warnars).
  • Improved Heap Spray mitigation.
  • Improved Stack Exec mitigation.
  • Improved Stack Pivot mitigation.
  • Improved Safe Browsing intruder detection.
  • Improved USB keyboard handling.
  • Improved Installer/uninstaller.
  • Added Arabic language.
  • Added Danish language.
  • Added Indonesian language.

Build 209 (2015-11-03)

  • Improved Safe browsing intruder scanner.
  • Improved Heap Spray mitigation.
  • Updated network filtering component.

Build 208 (2015-10-21)

  • Fixed compatibility with Spotify 1.0.16.

Build 207 (2015-10-14)

  • Improved Windows 10 compatibility.
  • Improved compatibility with Kaspersky 16.
  • Improved compatibility with Norton Security 22.5.4.
  • Improved compatibility with Comodo IceDragon browser.
  • Improved colored windows border on Windows 10.
  • Improved network filtering.

Build 196 (2015-07-07)

  • Improved Load Library mitigation.
  • Improved CryptoGuard.
  • Fixed compatibility with Distributed File Servers (DFS).
  • Fixed network issue with Windows Offline Folders failing to synchronize.
  • Fixed keystroke encryption with backslash key on numeric keypad and dedicated volume up/down keys.
  • Fixed DEP mitigation false positive on 32-bit processes (eg. Firefox).

Build 193 (2015-06-18)

  • Improved upgrade experience from HitmanPro.Alert version 2 to version 3.
  • Improved Keystroke Encryption in combination with browser add-ons running as separate process.
  • Improved Keystroke Encryption which sometimes dropped out due to race condition triggered by 3rd party security products performing arbitrary thread injection.

Build 190 (2015-05-29)

  • Improved Stack Pivot exploit mitigation (kudos to Niels Warnars for reporting).
  • Improved Application Lockdown exploit mitigation (kudos to Niels Warnars for reporting).
  • Improved VBScript God Mode exploit mitigation now honors security zone settings.
  • Improved rendering of icons of protected applications on computers with Display on Larger DPI setting.
  • Fixed memory leak in HitmanPro.Alert service.
  • Added Turkish language (thanks to Bekir Ucarci).

Build 187 (2015-05-01)

  • Added application exclusion to Exploit mitigations. Scroll to the far right on the 'Your applications' panel to access this new feature, which should only be used for rare occasions when an application is incompatible with Alert's library.
  • Improved CryptoGuard mitigation.
  • Improved BadUSB compatibility with OEM keyboards.
  • Improved BadUSB compatibility with the Surface Home Button on Microsoft Surface Pro tablets.
  • Improved BadUSB compatibility with keyboards with macro functionality.
  • Improved Keystroke Encryption which sometimes dropped out after using Windows-key.
  • Improved compatibility with Microsoft Office add-ins based on .NET, e.g. gSyncit.
  • Improved Network Lockdown compatibility with the Malwarebytes Anti-Malware Web Access Control driver on Windows 8.
  • Improved Software Radar to detect web browsers that do not immediately register themselves as browser upon installation, e.g. Cyberfox.
  • Improved Dynamic Heap Spray mitigation.
  • Improved compatibility with Trusteer Rapport.
  • Improved VBScript God Mode mitigation (part of Application Lockdown).
  • Fixed Application Lockdown false positive on SharePoint based websites.
  • Fixed rare BSOD in HitmanPro.Alert driver.
  • Updated language strings.

Build 183 (2015-04-17)

  • Improved DEP mitigation.
  • Improved HeapSpray mitigation.
  • Improved Control-Flow Integrity mitigation.
  • Improved Lockdown mitigation.
  • Improved Shellcode mitigation.
  • Improved compatibility with RapidMiner.
  • Improved compatibility with Kaltura.
  • Fixed false positive on streaming sites using Silverlight; eg. Netflix.com and itvonline.nl.
  • Fixed apostrophe and quote character encryption in Internet Explorer on Windows 7.
  • Fixed right-click properties alert in Internet Explorer.
  • Fixed flyout not appearing when an update is pending.

Build 181 (2015-04-08)

  • Improved Shellcode mitigation.
  • Improved Keystroke Encryption on applications in the Other category.
  • Fixed loss of Keystroke Encryption which could occur when the HitmanPro.Alert service was restarted.
  • Changed default flyout to 'Once per logon session'.
  • Changed default Live Keystroke Encryption in Colored window border to Off.

Build 180 (2015-04-07)

  • Initial public release of HitmanPro.Alert 3.0.

Build 63 (2014-07-10)

Community Technology Preview 1
World's first Anti-Exploit solution with Hardware-Assisted Control-Flow Integrity (CFI).
Return-Oriented Programming (ROP) mitigations for both 32-bit and 64-bit COTS binaries.

Version 2.5.6 (2013-11-22)

Added CryptoGuard support for Windows File Sharing (SMB).
CryptoGuard now protects documents and files shared on the network against remote crypto-ransomware attacks.

Version 2.5 (2013-11-05)

World's first Anti-Ransomware solution incorporating CryptoGuard technology.