HitmanPro.Alert is a product by Surfright, the makers of the excellent HitmanPro security application, that has been designed to mitigate exploits, and here specifically browser attacks.
We reviewed it back in 2012 when it was first launched by the company and came to the conclusion that it was quite good at what it had been designed for.
The program supports all major web browsers but acts as an anti-exploit tool on the whole system much like Microsoft EMET or Malwarebytes Anti-Exploit do.
While initially designed to protect against banking trojans and other malicious code affecting web browsers, it has since then been improved to provide protection against other forms of malware.
HitmanPro.Alert
You can download the most recent version of HitmanPro.Alert, currently version 3.1.8, from the official website.
You may try it for 30-days by requesting a trial product key when you run the program for the first time, or enter a Hitman.Pro product key to activate it. That’s right, you only need to purchase HitmanPro and get this program as an extra free of charge on top of it. The program itself is not available for purchase as a standalone.
First thing you may want to do is click on the settings icon and there on the “advanced interface” option to display all options in the interface.
HitmanPro.Alert is an exploit mitigation tool which steps in when attacks target vulnerabilities in programs or the Windows operating system that have not been patched yet.
The program supports features that EMET or Malwarebytes Anti-Exploit don’t support currently such as Process Protection, Man in the middle browser detection, or anti-ransomware functionality.
The program interface lists four main areas of interest:
- Scan Computer runs a malware scan using the same antivirus engines that HitmanPro ships with.
- Safe Browsing protects against man in the middle attacks while browsing.
- Exploit Mitigation identifies and mitigates attacks that use exploits.
- Risk Reduction includes several additional protective features.
Exploit Mitigation
HitmanPro.Alert protects important applications automatically against exploits when it is running. You can add any running process to the list of protected programs which can be useful if the program has not been identified by HitmanPro.Alert automatically. That’s the case for portable apps for instance.
You may exclude programs from being protected. This is only recommended if you notice that a program does not function properly anymore because of the exploit protection.
A click on a protected application displays options to enable or disable mitigations individually. The following mitigations are available currently:
- Application Lockdown – Stops attacks that bypass mitigations.
- Control-Flow Integrity – Stops ROP attacks.
- IAT Filtering – Prevents abuse of Import Address Table.
- Stack Pivot – Stops abuse of the stack pointer.
- Stack Exec – Stops attacker’s code on the stack.
- SEHOP – Stops abuse of the exception handler.
- Enforce DEP – Prevents abuse of buffer overflows.
- Mandatory ASLR – Prevents predictable code locations.
- Bottom up ASLR – Improves code location randomization.
- Null Page – Stops exploits that jump via page 0.
- Dynamic Heap Spray – Stops exploits that start via the heap.
Risk Reduction
Another area where HitmanPro.Alert outshines other solutions is its selection of risk reduction tools. The security program ships with the following tools included:
- Vaccination – Stops sandbox-aware malware.
- CryptoGuard – Stops crypto-ransomware.
- Webcam Notifier – Warns you when your webcam is being accessed.
- Keystroke Encryption – protects against keyloggers.
- Process Protection – Prevents process hollowing.
- Network Lockdown – Stops backdoor traffic.
- BadUSB – Stops malicious USB devices.
- Block Untrusted Fonts – Stops elevation of privilege attacks.
You can disable any of those easily if you don’t require them.
Protection against ransomware
HitmanPro.Alert version 2.5 introduced protection against so called crypto ransomware. This type of malware encrypts data on the PC so that it cannot be accessed anymore by the user unless money is being paid for the decryption.
We have recently looked at Cryptolocker, a ransomware that is currently making the rounds on the Internet.
While there may be ways to restore files if malware did encrypt files on the system, for instance through backups or file versioning, it is fair to say that this is not always a possibility.
HitmanPro.Alert 2.5 introduced protection against these kind of attacks and the feature has been part of the application ever since.
The protection is enabled by default. According to Surfright, it protects against all kinds of crypto ransomware. There is no need to configure anything, the part of the program runs autonomously in the background.
HitmanPro.Alert 2.5 contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm.
HitmanPro.Alert will display a notification on the screen that a computer virus has been discovered, and that the threat has been intercepted and blocked from execution.
Note: The files are not removed from your system by HitmanPro.Alert. You can click on the scan with HitmanPro button to run a scan with that application to have it removed. If it is not installed on your system, you are redirected to the website where you can download it to your PC.
Demonstration Video
Verdict
HitmanPro.Alert runs silently in the background for the most part. The process is light on resources — it used only about 4 Megabytes of RAM while running in the background.
The program is fully compatible with all supported versions of the Windows operating system — 32-bit and 64-bit — and fully compatible with full disk encryption software such as BitLocker or TrueCrypt.
The only thing that may keep you from installing it right away is that it is currently listed as beta. Nothing speaks against installing the application once the final version has been released.