NEDERLANDS
NEDERLANDS
ENGLISH
Home
Producten
Shop
Support
Downloads

Protect your PC, data, identity and money

The unique technologies in HitmanPro.Alert 3 are designed to stop threats before they emerge and aims to protect your vulnerable software, data and identity against current and future attacks, without requiring prior knowledge of the attack or malicious program.


Download Now Datasheet

Supports 32-bit and 64-bit versions of Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista and Windows XP


Disrupting the cyber threat lifecycle

Alternative endpoint security solutions only focus on blocking malware delivery from web pages and email attachments, but HitmanPro.Alert also recognizes the capabilities of more devious attackers. It is purpose-built to disrupt attacks in real-time across the entire cyber attack lifecycle. With exemplary exploit technique prevention and proactive malware detection and remediation, HitmanPro.Alert not only prevents breaches: its many Risk Reduction features also limit motivated and skilled attackers' abilities when they do succeed in compromising your pc.




HitmanPro.Alert disrupts individual chains of the cyber threat life-cycle with multiple signature-less technologies

CryptoGuard stops ransomware

The exclusive Risk Reduction features of HitmanPro.Alert include behavior-based protection against high-impact crypto-ransomware, a prolific threat that slips by web filters and antivirus defenses every day. This type of infection—also generalized as cryptoware and cryptolocker—goes after images, documents, and other personal and critical data on local disks, connected USB drives and shared folders on servers. Cryptolocker malware encrypts the computer files of its victims and demands ransom money for the decryption key. The signature-less operation of HitmanPro.Alert's CryptoGuard technology universally prevents spontaneous encryption of data by cryptolockers. Even when trusted files or processes are hijacked for unsolicited encryption—as observed in cryptolockers "VaultCrypt", "CryptoWall" and "CTB-Locker"—it is stopped and reverted by HitmanPro.Alert, without interaction from users or IT support personnel.


HitmanPro.Alert proactively protects your data against ransomware

Advanced user interface for power users and IT professionals

Risk reduction

Other Risk Reduction features focus e.g. on anti-espionage, such as kernel-level Keystroke Encryption, Webcam Notifier and BadUSB Protection. Moreover, Vaccination and Process Protection will deter or make malware self-terminate, where Safe Browsing and Application Lockdown reveal malware that hide inside or attempt to piggyback on trusted programs to gain persistence or hoist in additional payloads.
Whether computers are targeted indiscriminately or singled out in a watering-hole or spear-phishing attack, HitmanPro.Alert offers high-performance protection without requiring prior knowledge of attacks.

MRG Effitas Real World Exploit Prevention Test March 2015

MRG Effitas, an independent IT security research organization from the United Kingdom, reviewed and compared HitmanPro.Alert 3 with other security software. Their conclusion:
HitmanPro.Alert 3 multi-layer protection, combined with its small footprint, provides excellent exploit protection against both in-the-wild and zero-day exploits. Moreover, even if malware is able to infect the machine, HitmanPro.Alert 3 can protect the browser, the privacy of the user, the integrity of the documents and pictures, and the confidentiality of the passwords, while not causing any noticeable performance impact.
Read the entire report: MRG Effitas Real World Exploit Prevention Test March 2015 (PDF)

Hardware-assisted Control-Flow Integrity

HitmanPro.Alert further raises the bar for exploit attacks. Its innovative hardware-assisted Control-Flow Integrity (CFI) technology is a new approach to prevent attackers from hijacking control-flow of internet-facing applications, like web browsers, Office and other productivity software. To defeat security technologies like DEP and ASLR, control-flow attacks are nowadays common practice. These attacks are invisible to antivirus and other cyber-defenses as there are no malicious files involved. Instead, the attack is constructed in real-time by combining short pieces of benign code, that are part of existing applications, like Internet Explorer and Adobe Flash Player—a so-called code-reuse or return-oriented programming (ROP) attack. HitmanPro.Alert achieves this new capability by leveraging an unused hardware feature in mainstream Intel® processors to track code execution, assisting detection of advanced exploit attacks in real-time. Employing hardware-traced records has a significant security benefit over software stack-based approaches. Stack-based solutions (like Microsoft EMET, Malwarebytes Anti-Exploit and Palo Alto Networks Traps) rely on stack data, which is—especially in case of a ROP attack—under control of the attacker, who in turn can mislead the defender. In contrast, the hardware-traced data examined by HitmanPro.Alert is more reliable and tamper resistant—a definite edge over other solutions.
Description EMET 5.5 MBAE 1.08 Traps 3.2 Alert 3.1
Enforce Data Execution Prevention (DEP)
Prevents exploit code running from data memory
Yes
Yes 1 Yes
Yes
Mandatory Address Space Layout Randomization (ASLR)
Prevents predictable code locations
Yes
OS Limited
-
Bottom-up2
Yes
Including XP
Yes
Including XP
Null Page
Stops exploits that jump via page 0
Yes
-
Yes
Yes
Dynamic Heap Spray
Stops attacks that spray suspicious sequences on the heap
-
Pre-allocated
-
Pre-allocated3
Yes
Yes
Stack-based Anti-ROP
Stops return-oriented programming attacks (ROP)
Yes
32-bit only
Yes
Yes
Yes
Hardware-assisted Control-Flow Integrity (CFI)
Stops advanced ROP attacks
-
-
-
Yes
Intel® only
Import Address Table Filtering (IAF)
Stops attackers that lookup API addresses in the IAT
-
EAF, EAF+
-
-
Yes
Stack Pivot
Stops abuse of the stack pointer
Yes
Yes
Yes
Yes
Stack Exec
Stops attacker's code on the stack
Yes
Yes
-
Yes
Load Library
Blocks libraries that load reflectively or from UNC paths
Yes
UNC path only
Yes
UNC path only
-
Yes
Shellcode
Stops code execution in the prescense of exploit shellcode
-
-
-
Yes
Application Lockdown
Stops logic-flaw attacks that bypass mitigations
-
ASR
Yes
Yes
Manually
Yes
Incl. regsvr32
Process Protection
Stops attacks that perform process hijacking or replacement
-
-
Yes
Replacement only
Yes
Anti-Ransomware (CryptoGuard)
Stops malware that encrypt documents for extortion
-
-
-
Yes
Privacy and Espionage Protection
Proactively encrypts keystrokes and secures the webcam
-
-
-
Yes
Man-in-the-Browser Detection (Safe Browsing)
Reveals intruders that manipulate critical browser functions
-
-
-
Yes
Malware Remediation
Integrated Anti-Malware Scanner
-
-
-
WildFire
Yes

Remarks regarding Malwarebytes Anti-Exploit Premium 1.08:
1 DEP is not enabled on Media Players and Other
2 BottomUP ASLR is not enabled on Browsers, Chrome Browsers, PDF Readers, Media Players and Other
3 Dynamic Anti-Heapspraying is not true dynamic and not enabled on Chrome Browsers, PDF Readers, MS Office, Media Players and Other


Feature Overview, Comparison

DESCRIPTION Antivirus and Antimalware
Antivirus
Malwarebytes Anti-Exploit
MBAE
Microsoft Enhanced Mitigation Experience Toolkit
EMET
Palo Alto Networks Traps
Traps
SurfRight HitmanPro.Alert
Alert
On-demand Malware Detection and Remediation
Integrated Anti-Malware scanner
Multilingual User Interface English, Brazilian Portuguese, Chinese (Traditional and Simplified), Dutch, French, German, Italian, Korean, Polish, Russian, Spanish
Safe Browsing (Man-in-the-Browser Detection)
Warns when malware manipulates the browser; behavior-based
Active Vaccination
Makes sandbox-aware malware self-terminate
CryptoGuard
Protects your data against Cryptolocker-like ransomware; behavior-based
Webcam Notifier
Blocks the webcam when it is (secretly) accessed
Keystroke Encryption
Protects credentials against keyloggers in the browser
Process Protection
Protects the main executable of a process against unmapping
BadUSB Protection
Blocks malicious USB devices that pose as a keyboard
Exploit Mitigations
Aims to stop attackers from exploiting software vulnerabilities
Fine-grained Per-Application Mitigation Settings
Allows advanced users to change individual mitigations
Pseudo Address Space Layout Randomization (ASLR)
Prevents predictable code locations of modules, incl. on Windows XP
Network Lockdown
Helps to stop attacks that connect back to command-and-control
Full 64-bit Support
Offers 64-bit applications same protection as 32-bit applications
Software Radar
Automatically protects new browsers, plug-ins, media and office applications
High DPI User Interface
Suitable for Home Users, Power Users and IT Pros
Advanced Threat Reporting
Reports advanced technical data for forensic threat analysis


Exploit Protection Comparison

The following overview is based on tests performed by our Exploit Test Tool in a non-virtual environment.

TECHNIQUE DESCRIPTION Antivirus and Antimalware
Antivirus
Malwarebytes Anti-Exploit
MBAE
Microsoft Enhanced Mitigation Experience Toolkit
EMET
Palo Alto Networks Traps
Traps
SurfRight HitmanPro.Alert
Alert
Stack Pivot
Points stack pointer to heap allocated memory: XCHG ESP, EAX
Stack Exec
Marks the stack executable: PAGE_EXECUTE_READWRITE
Unpivot Stack
Executes ROP-chain on both pivoted and native stack
ROP – WinExec()
Runs Calculator via Return-Oriented Programming
ROP – VirtualProtect()
Runs Calculator via Return-Oriented Programming
ROP – CALL preceded VirtualProtect()
Runs Calculator via Return-Oriented Programming
ROP – NtProtectVirtualMemory()
Runs Calculator via Return-Oriented Programming
ROP – VirtualProtect() via CALL gadget
Runs Calculator via Return-Oriented Programming
ROP – WinExec() via anti-detour
Runs Calculator via Return-Oriented Programming
IAT Filtering
Get address of VirtualProtect() from IAT
Null Page
Runs Calculator via NULL pointer dereference
SEHOP
Runs Calculator by overwriting Structered Exception Handler
Heap Spray 1
Runs Calculator via single-byte NOP sled
Heap Spray 2
Runs Calculator via polymorphic NOP sled
Heap Spray 3
Fill heap with prepared Flash-Vector objects
Heap Spray 4
Fill heap with prepared JavaScript ArrayBuffer objects
Hollow Process
Start another exe in a trusted process
Load Library
Load a library from an UNC path
URLMon
Download a file via urlmon.dll, called from anonymous memory
URLMon 2
Download a file via urlmon.dll, called via ROP chain
URLMon 3
Download a file via urlmon.dll, called via ROP chain
Lockdown 1
Create calc.exe and execute
Lockdown 2
Create calc.tmp, rename to calc.exe and execute


Last Review: April 26, 2016

© SurfRight 2015  |  Disclaimer  |  Sitemap