HitmanPro.Alert 3 Community Technology Preview 1 is now available!

[Dacko]

With version 3 we deliver comprehensive exploit protections and anti-espionage technologies to both home users and IT professionals. The software works in real-time and does not rely on signatures or the cloud.

NOTE: HitmanPro.Alert 3 CTP1 is pre-release software and should not be used in production environments.

Hardware-Assisted Control-Flow Integrity (CFI)
Alert version 3 introduces hardware-assisted control-flow integrity, which leverages special Intel CPU hardware registers to monitor how software executes on the CPU. This allows Alert 3 to detect sophisticated return-oriented programming (ROP) attacks. Read chapter 2.5 of the Exploit Test Tool manual (provided in the download below) for supported Intel CPUs.

New Features (compared to version 2)

Exploit Mitigation
Active Vaccination
Keystroke Encryption
Webcam Notifier
Hollow Process blocker
Integrates with HitmanPro

Exploit Test Tool
To verify the correct working of HitmanPro.Alert we have developed an Exploit Test Tool. This safe and easy-to-use tool can perform over a dozen exploit techniques that attackers currently use to compromise computers from remote. The Exploit Test Tool can also act like a keylogger and access the webcam. A manual is provided in the download below.

License
Exploit Mitigation requires a valid HitmanPro license. A trial license is available from within the application. The regular HitmanPro paid license will work as well and is available from our online shop.
HitmanPro.Alert 3 is free software if you already own a license for the HitmanPro on-demand anti-malware software.

Users who would like to try the software beyond the trial period can send me a PM for an extended trial key.

Known Issues

Malwarebytes Anti-Exploit is currently incompatible with HitmanPro.Alert, but the Exploit Test Tool is compatible.
AutoIt applications like AdwCleaner show a warning when started. Temporarily disable Active Vaccination allows the AutoIt application to run.
Webcam Notifier works with standard webcams. Webcams using vendor specific drivers are currently not yet supported.
Alert counters in the UI are currently disabled but exploit detections are logged in the Windows Event Log.
Alert 3 is currently incompatible with Emsisoft Anti-Malware on 64-bit versions of Windows.

More here: http://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-71

 

[RmG152]

Not free, not lifetime, meh.

30 minutes after install:

Works well on ie, chrome and ff, but doesn't work in opera (opera appears in safe browsing), maxthon and cyberfox.

Slow Down my browser opera (yes doesn't detect it but slow down it), like hell. Slow all functions, open new TAB, browsing etc etc).(Emet compatibility?)

Keystroke encryption fail vs Zemana test (like 360TS ¬¬).

 

[Oxygen]

Where do I download this?

 

[Koroke San]

Where do I download this?

http://test.hitmanpro.com/hmpalert3ctp1.zip

 

[markloman]

Not free, not lifetime, meh.

30 minutes after install:

Works well on ie, chrome and ff, but doesn't work in opera (opera appears in safe browsing), maxthon and cyberfox.

Slow Down my browser opera (yes doesn't detect it but slow down it), like hell. Slow all functions, open new TAB, browsing etc etc).(Emet compatibility?)

Keystroke encryption fail vs Zemana test (like 360TS ¬¬).

Hi, thanks for trying our Community Technology Preview.

Compared to other web browsers, Opera loads completely different and therefor doesn't directly fall under the Exploit mitigations yet. This is because the Opera browser itself is not registered as browser in the Windows Registry but starts through a separate launcher: "C:\Program Files\Opera\Launcher.exe". Maxthon is supported and all other browsers are supported as well as long as these browsers are installed and registered as web browser in Windows -- portable browsers are not supported as of yet.

The Keystroke Encryption is only enabled in web browsers and should not fail against the Zemana Keylogger Simulation Test. Please try again by typing something in e.g. Internet Explorer, Chrome or Firefox.

I am curious though about the slow down in Opera. What version of Windows, Opera and EMET are you using?

Thanks again!
Mark

 

[RmG152]

Clean install of HM.A.

Safe Browsing:​

Opera 22.0.1471.70: Doesn't work and slow down
Opera 24.0.1555.0*: Doesn't work and slow down (killed 1 time by EMET "DEP check failed")
Internet Explorer 11: Work
Chrome 35.0.1916.114 m - 35.0.1916.153 m: Work
Chrome 37.0.2037.0 canary: 1 time Killed by EMET just opened. another time Work
Yandex 14.5.1847.18825: Work, Killed by Emet 1 time random (DEP check failed)
Firefox 30.0: Work
Cyberfox intel 30.0: Doesn't work
360 Browser 7.5.2: Work
*Try to run out of Emet, safe browsing and exploit mitigations, slow down continue

Keystroke Encryption:
​

Opera 22.0.1471.70: Fail
Opera 24.0.1555.0: Fail
Internet Explorer 11: Work
Chrome 35.0.1916.114 m - 35.0.1916.153 m: Work (Just after update browser, fail. I restart Chrome and work)
Chrome 37.0.2037.0 canary: Work
Yandex 14.5.1847.18825: Work
Firefox 30.0: Work
Cyberfox intel 30.0: Fail
360 Browser 7.5.2: Work

Emet 4.1.5228.513: All browsers with all mitigations (IE some time doesn't appear running in EMET, I don't now why).
Windows 8.1U1 x64 Full update By windows update.

Browsers detected by HP.A:

Do you need more information?

 

[Ink]

HitmanPro.Alert 3 is a free download to use, but Exploit Mitigation isn't available without a license?

 

[RmG152]

HitmanPro.Alert 3 is a free download to use, but Exploit Mitigation isn't available without a license?

Exploit Mitigation is only paid function (in current version)

 

[markloman]

Exploit Mitigation is only paid function (in current version)

All features in HitmanPro.Alert are signature-less and cloud-less and are based on detecting active threats. The following technologies in HitmanPro.Alert 3 are free features:

• Web browser intrusion detection (our signature-less detection of banking Trojans and other man-in-the-browser malware)
• CryptoGuard, our universal solution against crypto-ransomware (i.e. CryptoLocker and CryptoWall)
• System Vaccination against sandbox-aware malware
• Webcam Notifier (new in version 3)
• Keystroke Encryption (new in version 3)

These features are and remain for free because the malware already bypassed antivirus protection (i.e. Norton, McAfee, etc.) and successfully compromised the machine. HitmanPro.Alert immediately warns the user about this and also aims to thwart the malware (e.g. protect your data, passwords, identity) until the threat is removed. A HitmanPro anti-malware license would be needed to cleanup these 'early-life' malware.

This is not the case with our new exploit protection features. The computer would practically not become infected in the first place. Fortunately, the license for Exploit Mitigations is the same license as one for the HitmanPro on-demand malware scanner and a 30 day trial license is available from within the software. After the trial you still have the free features. And for the users who already paid for our on-demand anti-malware, the Exploit Mitigations in HitmanPro.Alert 3 are for free as well -- basically you get two products for the price of one.

I'd like to point out that the Exploit Mitigations in HitmanPro.Alert cannot be compared to other similar offerings. E.g., on Intel Core i3/i5/i7 the Exploit Mitigations feature can program the processor to help Alert's detection of return-oriented programming attacks (ROP). This allows HitmanPro.Alert to see and stop attacks that other exploit mitigation / anti-exploit tools are unable to detect (e.g. try ROP 4 in the 32-bit version of our Exploit Test Tool against other anti-exploit tools). Some additional info on our unique technology can be found in the manual of our Exploit Test Tool and here: http://www.wilderssecurity.com/thre...discussion-thread.324841/page-72#post-2390200

Hope this helps.

 

[markloman]

Clean install of HM.A.

Safe Browsing:​

Opera 22.0.1471.70: Doesn't work and slow down
Opera 24.0.1555.0*: Doesn't work and slow down (killed 1 time by EMET "DEP check failed")
Chrome 37.0.2037.0 canary: 1 time Killed by EMET just opened. another time Work
Yandex 14.5.1847.18825: Work, Killed by Emet 1 time random (DEP check failed)
Cyberfox intel 30.0: Doesn't work
*Try to run out of Emet, safe browsing and exploit mitigations, slow down continue

Keystroke Encryption:​

Opera 22.0.1471.70: Fail
Opera 24.0.1555.0: Fail
Cyberfox intel 30.0: Fail

Thanks for the elaborate list, much appreciated! Below some remarks regarding your findings:

• Currently, Opera is not supported because it uses a separate launcher to start. This is way different compared to Internet Explorer, Chrome or Firefox. HitmanPro.Alert 3 comes with built-in support for practically all web browsers, as long as they register themselves as a web browser in the Windows Registry. This means that the current build of HitmanPro.Alert 3 does not protect so-called portable browsers either.
• The development build of Chrome Canary is currently not compatible with EMET and can indeed be killed by EMET.
• The Cyberfox browser does not register itself as a web browser and is therefor not automatically supported.
• Regarding the Keystroke Encryption, because Opera and Cyberfox are not automatically supported this feature is not available in these browsers. Watch for the green flyout when you open a browser to know if it is protected or not.

We're currently working on most of the issues mentioned, so stay tuned. Thanks again!

 

[Rogueabc]

Why does HM.A 3 doesn't detect Opera Next 31.0 browser ?