Protect against ransomware and hacking during the holidays. Save 30% on HitmanPro products!

HitmanPro Release History

Build 739 (2018-03-29)

  • Improved activation, solves issue occurring during an error
  • Improved Webcam Notifier so it records additional details in the Windows Event Log
  • Improved Asynchronous Procedure Call (APC) mitigation
  • Improved Intruder alert; added platform details, limited hooked APIs and partial hex dump of trampolines
  • Fixed issue with Symantec's NtProtectVirtualMemory hook, which caused our shellocde and Symantec's shellcode to call each other in an infinite loop
  • Fixed CryptoGuard unblock blocked process
  • Fixed Intruder false positive when Malwarebytes and other products are detouring critical functions in the web browser; introduced since build 738
  • Fixed not showing of Intruder true positive when alert info was too big (pipe communication can now handle very large messages)
  • Fixed false positives with Credential Theft Protection (LSASS)

Build 738 (2018-03-13)

  • Improved Credential Theft Protection mitigation (LSASS shielding) so it no longers alerts on non-commited memory that caused false positive alerts
  • Added /qspectre compile flag on main hmpalert.exe binary

Build 737 (2018-03-07)

  • Improved Credential Theft Protection, which now terminates applications that attempt to access LSASS in an offending way
  • Improved error handling when activating a trial or product key
  • Improved CryptoGuard to handle a new technique used by SamSam ransomware
  • Improved mini-filter performance which speeds-up CryptoGuard
  • Improved CryptoGuard to handle compressed PDF files more accurately
  • Improved Application Lockdown with detailed thumbprint generation for script-based attacks and to block abuse of Certutil and Python
  • Improved event logging of APC mitigation alerts
  • Improved Code Cave mitigation
  • Improved startup time of the HitmanPro.Alert Service
  • Added Event ID 800 (malware detected) to the custom HitmanPro.Alert view in the Windows Event Log
  • Added malware detections to the "Number of alerts" counter on the HitmanPro.Alert user interface
  • Added support for Spectre mitigations; i.e. our binaries are now compiled with /Qspectre compiler switch
  • Added offline indicator when the HitmanPro Anti-Malware Cloud is unreachable
  • Fixed the "Scan failed" issue which could occur when pressing the "Scan Computer" or "Scan with HitmanPro" button
  • Fixed unexpected behavior of Safe Browsing to improve detection and prevent false positives
  • Fixed issue that prevented proper disabling of Exploit Mitigations on Java binaries
  • Fixed rare issue that caused a hanging thread (locked a file) when CryptoGuard creates a file backup
  • Fixed an issue with code injection on Windows XP
  • Fixed an issue with the Reflective DLL Injection mitigation (part of Load Library mitigation)
  • Fixed an issue with the Windows 10 Start Menu
  • Fixed an issue when importing previously exported settings
  • Fixed a rare issue that could cause a BSoD mentioning partmgr.sys
  • Several other minor fixes and improvements

Build 729 (2018-01-08)

  • Improved CodeCave, HeapSpray, CryptoGuard, HollowProcess Mitigations
  • Added PrivGuard: mitigate MS16-032 (CVE-2016-0099)
  • Added Application lockdown for Microsoft office Equation Editor (CVE-2017-11882)
  • Fixed BadUSB Alert during boot while BadUSB was disabled
  • Fixed IAF FP in Nero Media player
  • Fixed Windows System Image Backup failing with locked EFI/ESP
  • Fixed Antimalware won't (stay) enable(d)

Build 723 (2017-11-22)

  • Added Real-Time Anti-Malware, which works with the HitmanPro cloud.
  • Added Credential Theft Protection, which prevents theft of authentication passwords and hash information. Prevents Mimikatz-style attacks.
  • Added Local Privilege Guard, which stops specific exploitation of the operating system kernel. Prevents an attacker from using the privilege information of another process.
  • Added Code Cave mitigation, which stops backdoors in trusted code. Prevents e.g. Backdoor Factory and Shellter-style attacks.
  • Added Sticky Keys mitigation, which prevents abuse of the Microsoft sticky key feature and is typically used by attackers to gain persistence.
  • Added Application Verifier mitigation, which prevents abuse of the Application Verifier feature of Windows (eg. Double Agent code-injection).
  • Improved Asynchronous Procedure Call (APC) mitigation to improve compatibility with third-party security solutions on Windows 10 version 1709 (Fall Creators Update).
  • Added protection against dropping shellcode straight into memory from VBA macro code. This mitigation is part of Load Library and triggers a Shellcode alert.
  • Added protection against compilation of arbitrary code straight into memory from an application under exploit mitigations, like Office. Such attacks can bypass whitelisting based protection like Windows Defender Device Guard.
  • Added automatic protection of Microsoft Outlook (under the Office category) to defend against e.g. DDE attacks embedded in the body of malicious emails or calendar invites.
  • Improved Hollow Process mitigation to block hijacking of a remote main thread to run arbitrary code.
  • Improved Import Address Table Address Filtering (IAF) exploit mitigation.
  • Improved code injection of the HitmanPro.Alert Support Library (DLL).
  • Improved upgrade when running in 'Anti-ransomware only' mode.
  • Improved DLL hijack mitigation which loaded an incorrect DLL on WoW64 processes.
  • Fixed Intruder alert in Firefox when Norton is installed (e.g. Norton Security).
  • Fixed a ROP technique detection on pidgenx.dll when trying to activate Microsoft Office.
  • Fixed a CallerCheck alert associated with Microsoft Power Query and CLR.DLL.
  • Fixed a DEP mitigation triggered in some Microsoft Excel macro's.
  • Fixed a compatibility issue with Microsoft Hyper-V on Windows 10 version 1709 (Fall Creators Update).
  • Fixed a minor memory leak originating from the CryptoGuard anti-ransomware mitigation.
  • Many other minor fixes and improvements.

Build 604 (2017-06-22)

  • Added Asynchronous Procedure Call (APC) mitigation which protects against the DoublePulsar code injection. This mitigation is part of Risk Reductions > Process Protection.
  • Improved CryptoGuard
  • Improved compatibility with Steam
  • Improved path translation for thumbprints
  • Improved DLL injection to respect Protected Process and Trustlets
  • Fixed compatibility when installing inside QEMU/KVM hypervisor
  • Fixed compatibility with Symantec Endpoint Protection on Windows XP
  • Fixed compatibility with Firefox 52 (or newer) on Windows XP

Build 592 (2017-05-11)

  • Fixed CryptoGuard false positive

Build 588 (2017-03-30)

  • Fixed IAT Filtering (IAF) false positive when starting an application (occurred randomly)
  • Fixed Intruder false positive caused when DLLs are frequently loaded/unloaded
  • Fixed ROP while handling an exception in 64-bit applications
  • Fixed 32-bit binaries no longer require an SSE capable CPU
  • Improved CryptoGuard by adding support for additional file types

Build 586 (2017-02-10)

  • Fixed bug in CryptoGuard correlation

Build 584 BETA (2017-02-07)

  • Improved installer/uninstaller
  • Improved compatibility with MBAE, MBAM v3 and EMET
  • Improved CallerCheck mitigation
  • Improved DEP mitigation
  • Improved compatibility with software using delay-loaded user32.dll
  • Fixed issue with Forza Horizon 3 failing to start
  • Fixed issue with Enpass UWP failing to start
  • Fixed rare crash in Mozilla Firefox when running with Norton
  • Fixed rare crash in conhost.exe
  • Fixed rare BSOD in WipeGuard in combination with some USB fixed disks
  • Fixed small memory leak
  • The issue with Overwatch was fixed by Blizzard

Build 580 BETA (2017-01-20)

  • Fixed BSOD in CryptoGuard
  • Fixed BSOD in WipeGuard

Build 579 BETA (2017-01-18)

  • Microsoft co-signed both hmpnet.sys and hmpalert.sys drivers

Build 578 BETA (2017-01-16)

  • Improved compatibility with third-party applications trying to modify our DLL in-memory
  • Improved compatibility with (or applications
  • Improved Self Protection
  • Improved ROP exploit mitigation
  • Improved CryptoGuard
  • Added tamper protection to CryptoGuard minifilter
  • Added Hangul Word Processor to Software Radar
  • Fixed rare crash in Firefox caused by misaligned stack
  • Fixed compatibility with Trusteer Rapport on 32-bit browsers
  • Updated Network Filtering component
  • Updated Libpng library to latest version
  • Updated sqlite3 library to latest version

Build 574 (2016-11-29)

  • Added thumbprint based suppression technology
  • Improved CryptoGuard
  • Improved BadUSB enable/disable
  • Improved Application Lockdown
  • Improved DEP mitigation reporting details
  • Improved LoadLib mitigation
  • Improved WipeGuard
  • Improved SEHOP mitigation
  • Improved compatibility with 32-bit Java desktop applications requiring 1GB+ memory
  • Improved colored window border to support app windows (eg. KeePass)
  • Fixed support for Windows XP
  • Fixed Intruder detection on Websense DLL in 64-bit browser processes
  • Fixed ROP detection in Photoshop Elements Editor
  • Several minor improvements

Build 562 (2016-09-23)

  • Added CryptoGuard 4.5
  • Improved LoadLib mitigation technical details
  • Fixed LoadLib mitigation false positive on computers with specific old Hewlett Packard printer driver
  • Fixed typo in Dutch language
  • Updated Danish language

Build 558 (2016-09-09)

  • Added compatibility for computers running Windows 10 Anniversary Update with SecureBoot enabled
  • Improved CryptoGuard ransomware detection
  • Improved CryptoGuard on Distributed File Systems (DFS)
  • Improved compatibility with Norton Security
  • Improved compatibility with Trend Micro
  • Improved compatibility with Bitdefender on 64-bit computers
  • Improved compatibility with Trusteer Rapport on 64-bit computers
  • Fixed CryptoGuard false positive while previewing many Excel files
  • Fixed BSOD caused by WipeGuard resource locking

Build 546 (2016-07-22)

  • Version 3.5
  • Added CryptoGuard 4th generation
  • Added WipeGuard mitigation
  • Added DLL hijack mitigation on downloaded binaries
  • Added Hardware-Assisted IAT filtering
  • Added Import and Export of Settings
  • Improved Hardware-Assisted Control-Flow Integrity (CFI) mitigation
  • Improved ROP mitigation
  • Improved CallerCheck mitigation
  • Improved Heap Spray mitigation
  • Improved Hollow Process mitigation
  • Improved Application Lockdown
  • Improved Colored Window Border
  • Improved overall mitigation performance
  • Improved reporting details
  • Improved compatibility hooks
  • Improved 3rd party trampoline handling
  • Improved support for binaries with Intel® MPX instructions
  • Fixed Software Radar incorrectly detecting 64-bit applications
  • Various minor improvements

Build 374 (2016-06-21)

  • Improved CryptoGuard to detect Zyklon ransomware.
  • Improved CryptoGuard handling of network based renames.
  • Improved callstack report.
  • Fixed rare BSOD when local ransomware encrypts local file share.
  • Fixed off-by-one issue in command line parser.
  • Fixed ROP mitigation caused urlmon false negative.
  • Fixed ROP mitigation caused advapi32 false positive.
  • Several minor improvements.

Build 373 (2016-05-30)

  • Improved compatibility with Firefox 46.
  • Improved compatibility with Bitdefender 2016.
  • Improved Attack Surface Reduction compatibility with System Mechanic.
  • Improved ROP mitigation.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Fixed code injection issue with Windows 7 KB3146706.

Build 368 (2016-04-27)

  • Improved compatibility with Firefox 46.
  • Improved SysCall mitigation (part of Control-Flow Integrity) on Windows 10 Redstone.
  • Improved Colored Window Border.
  • Improved hardware-assisted ROP mitigation performance.

Build 367 (2016-04-26)

  • Added mitigation to prevent regsvr32.exe abuse via COM scriptlets.
  • Fixed ROP false positive in Microsoft Office (occurs on some computers).
  • Improved Skype detection in software radar.
  • Improved short filename (8.3) handling in software radar.

Build 364 (2016-04-08)

  • Fixed an issue with Application Lockdown mitigation on browsers.

Build 363 (2016-04-06)

  • Fixed an issue related to trial activation (bug introduced in build 351).
    If you wanted to try HitmanPro.Alert before but received the error message "This computer already had a free trial", you may want to try again with this new build.

Build 362 (2016-04-04)

  • Improved CryptoGuard mitigation (Anti-Ransomware) to fix a bug introduced with build 357.
  • Improved ROP mitigations.
  • Improved keystroke scrambling of Keystroke Encryption.
  • Fixed compatibility with VirtualBox hardening.
  • Fixed compatibility with Microsoft Edge 31.14279 (Redstone).
  • Fixed compatibility with Microsoft OneNote' e-mail function.
  • Updated embedded libpng library.

Build 360 (2016-02-25)

  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved user interface icon strip double click handling.
  • Fixed rare BSOD in hmpnet.sys.

Build 357 (2016-02-12)

  • Added support for Windows 10 Insider Preview build 14251 (Redstone).
  • Fixed hmpnet.sys not enabling on Windows 8 (or newer).
  • Fixed crash when passing additional argument along /install command line switch.
  • Fixed SelfProtection false positive.
  • Fixed Teredo Tunneling Adapter. It is no longer disabled.
  • Changed Vaccination default from Active to Passive on fresh installs.
  • Improved CryptoGuard mitigation (Anti-Ransomware).
  • Improved BadUSB mitigation.
  • Improved upgrade of BadUSB and Vaccination settings.
  • Improved compatibility with Emsisoft Internet Security
  • Improved compatibility with Avast! on Windows 8.1 x64.
  • Improved compatibility with Kaltura.
  • Improved uninstall information.
  • Improved uninstall of hmpnet.sys on 32-bit systems.
  • Added protection against DLL preloading attacks.
  • Updated several translations.

Build 351 (2016-01-19)

  • Added Silent Audit feature.
  • Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files.
  • Improved Webcam Notifier to support Windows Hello.
  • Improved feedback to user when failing to activate a product key.
  • Improved keystroke encryption when BadUSB is disabled.
  • Improved settings upgrade from old version of Alert.
  • Fixed keystroke encryption compatibility with Trusteer Rapport.
  • Fixed race condition when specifying both /install and /lic command line switches.
  • Fixed rare BSOD in hmpnet driver on some Windows 10 computers (build 10586).
  • Changed BadUSB protection default to off for new installs.
  • Updated network component for improved compatibility and performance.

Build 344 (2015-12-11)

  • Improved ROP mitigations.
  • Fixed compatibility with Telegram Desktop.
  • Fixed compatibility with Sophos Web Interceptor.
  • Fixed compatibility with Sophos SafeGuard Encryption.
  • Added Swedish language.
  • Updated Polish language.
  • Updated Indonesian language.

Build 343 (2015-12-08)

  • Improved hardware-assisted ROP mitigation.
  • Improved DEP mitigation.
  • Improved BadUSB mitigation.
  • Improved upgrade procedure.
  • Improved hooking engine.
  • Fixed compatibility with Avast! on 64-bit systems.
  • Fixed keystroke encryption compatibility with Trusteer Rapport.

Build 340 (2015-11-25)

  • Added full support for Windows 10, including TH2.
  • Added support for Microsoft Edge browser.
  • Added Exploit Mitigation support for Windows Apps (Metro applications).
  • Added Anti-Ransomware install mode.
    This mode supports Windows Server 2008 R2 (or newer) environments. Requires Server license.
  • Added support for 6th generation Intel® Core™ processors (codename Skylake).
  • Added SysCall mitigation (thanks Niels Warnars).
  • Added WoW64 mitigation.
  • Added untrusted font mitigation for computers running Windows 10.
  • Added VTable Hijack mitigation on Adobe Flash.
  • Added new Colored Window Border implementation to support Windows Apps (Metro applications).
  • Added new Keystroke Encryption implementation.
  • Added GUI access to alert logs in Windows Event Viewer (on Windows Vista and newer).
  • Added Control Flow Guard support.
    All binaries of HitmanPro.Alert have been compiled with Control Flow Guard (CFG).
  • Improved DEP mitigation.
  • Improved ROP mitigation (thanks Niels Warnars).
  • Improved Heap Spray mitigation.
  • Improved Stack Exec mitigation.
  • Improved Stack Pivot mitigation.
  • Improved Safe Browsing intruder detection.
  • Improved USB keyboard handling.
  • Improved Installer/uninstaller.
  • Added Arabic language.
  • Added Danish language.
  • Added Indonesian language.

Build 209 (2015-11-03)

  • Improved Safe browsing intruder scanner.
  • Improved Heap Spray mitigation.
  • Updated network filtering component.

Build 208 (2015-10-21)

  • Fixed compatibility with Spotify 1.0.16.

Build 207 (2015-10-14)

  • Improved Windows 10 compatibility.
  • Improved compatibility with Kaspersky 16.
  • Improved compatibility with Norton Security 22.5.4.
  • Improved compatibility with Comodo IceDragon browser.
  • Improved colored windows border on Windows 10.
  • Improved network filtering.

Build 196 (2015-07-07)

  • Improved Load Library mitigation.
  • Improved CryptoGuard.
  • Fixed compatibility with Distributed File Servers (DFS).
  • Fixed network issue with Windows Offline Folders failing to synchronize.
  • Fixed keystroke encryption with backslash key on numeric keypad and dedicated volume up/down keys.
  • Fixed DEP mitigation false positive on 32-bit processes (eg. Firefox).

Build 193 (2015-06-18)

  • Improved upgrade experience from HitmanPro.Alert version 2 to version 3.
  • Improved Keystroke Encryption in combination with browser add-ons running as separate process.
  • Improved Keystroke Encryption which sometimes dropped out due to race condition triggered by 3rd party security products performing arbitrary thread injection.

Build 190 (2015-05-29)

  • Improved Stack Pivot exploit mitigation (kudos to Niels Warnars for reporting).
  • Improved Application Lockdown exploit mitigation (kudos to Niels Warnars for reporting).
  • Improved VBScript God Mode exploit mitigation now honors security zone settings.
  • Improved rendering of icons of protected applications on computers with Display on Larger DPI setting.
  • Fixed memory leak in HitmanPro.Alert service.
  • Added Turkish language (thanks to Bekir Ucarci).

Build 187 (2015-05-01)

  • Added application exclusion to Exploit mitigations. Scroll to the far right on the 'Your applications' panel to access this new feature, which should only be used for rare occasions when an application is incompatible with Alert's library.
  • Improved CryptoGuard mitigation.
  • Improved BadUSB compatibility with OEM keyboards.
  • Improved BadUSB compatibility with the Surface Home Button on Microsoft Surface Pro tablets.
  • Improved BadUSB compatibility with keyboards with macro functionality.
  • Improved Keystroke Encryption which sometimes dropped out after using Windows-key.
  • Improved compatibility with Microsoft Office add-ins based on .NET, e.g. gSyncit.
  • Improved Network Lockdown compatibility with the Malwarebytes Anti-Malware Web Access Control driver on Windows 8.
  • Improved Software Radar to detect web browsers that do not immediately register themselves as browser upon installation, e.g. Cyberfox.
  • Improved Dynamic Heap Spray mitigation.
  • Improved compatibility with Trusteer Rapport.
  • Improved VBScript God Mode mitigation (part of Application Lockdown).
  • Fixed Application Lockdown false positive on SharePoint based websites.
  • Fixed rare BSOD in HitmanPro.Alert driver.
  • Updated language strings.

Build 183 (2015-04-17)

  • Improved DEP mitigation.
  • Improved HeapSpray mitigation.
  • Improved Control-Flow Integrity mitigation.
  • Improved Lockdown mitigation.
  • Improved Shellcode mitigation.
  • Improved compatibility with RapidMiner.
  • Improved compatibility with Kaltura.
  • Fixed false positive on streaming sites using Silverlight; eg. and
  • Fixed apostrophe and quote character encryption in Internet Explorer on Windows 7.
  • Fixed right-click properties alert in Internet Explorer.
  • Fixed flyout not appearing when an update is pending.

Build 181 (2015-04-08)

  • Improved Shellcode mitigation.
  • Improved Keystroke Encryption on applications in the Other category.
  • Fixed loss of Keystroke Encryption which could occur when the HitmanPro.Alert service was restarted.
  • Changed default flyout to 'Once per logon session'.
  • Changed default Live Keystroke Encryption in Colored window border to Off.

Build 180 (2015-04-07)

  • Initial public release of HitmanPro.Alert 3.0.

Build 137 (2015-01-16)

Release Candidate 2

Build 120 (2014-10-03)

Release Candidate 1

Build 90 (2014-10-03)

Community Technology Preview 4

Build 79 (2014-09-02)

Community Technology Preview 3

Build 73 (2014-07-25)

Community Technology Preview 2

Build 63 (2014-07-10)

Community Technology Preview 1
World's first Anti-Exploit solution with Hardware-Assisted Control-Flow Integrity (CFI).
Return-Oriented Programming (ROP) mitigations for both 32-bit and 64-bit COTS binaries.

Version 2.5.6 (2013-11-22)

Added CryptoGuard support for Windows File Sharing (SMB).
CryptoGuard now protects documents and files shared on the network against remote crypto-ransomware attacks.

Version 2.5 (2013-11-05)

World's first Anti-Ransomware solution incorporating CryptoGuard technology.


About Us

SurfRight, the creators of HitmanPro, joined the Sophos family in 2015. We are innovators in online security, focused on developing new applicable technologies to fight malware, spam, phishing and other forms of cybercrime with experience and products stretching back over 30 years. Today our products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba.