![[Image: QSt1oeB.png]](https://i.imgur.com/QSt1oeB.png)
We at Geeks For Your Information are very pleased to announce our
HitmanPro.Alert Christmas 2019 Giveaway
HitmanPro.Alert Christmas 2019 Giveaway
![[Image: H4OJgtl.gif]](https://i.imgur.com/H4OJgtl.gif)
We would like to thank Mr. Mark Loman and Mr. Victor van Hillo for sponsoring us the giveaway prizes
HitmanPro.Alert is a solution that provides real-time protection for home and business PCs to guard against prevalent and zero-day software exploits, drive-by downloads, crypto-ransomware, online fraud, espionage and identity theft. It protects your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware solutions.
![[Image: yp9hpCJ.gif]](https://i.imgur.com/yp9hpCJ.gif)
![[Image: LuLcVSA.gif]](https://i.imgur.com/LuLcVSA.gif)
- HitmanPro's Advanced Malware Removal
All the features found in HitmanPro are also included in HitmanPro.Alert, including a powerful, professional-grade virus cleaner. While most traditional virus cleaners simple remove offending malware files, our deep scan and clean goes the extra mile by eradicating all traces and remnants of the malware that previous security software may have left on your computer transforming your computer to a state where it was never infected.
- Ransomware Protection
Ransomware encrypts your files, making them unusable until a ransom is paid to the hackers who spread it. And there is no guarantee that they will be decrypted once the ransom is paid. Ransomware is one of the fastest growing malware infections in the world and has been making headlines through massive, worldwide outbreaks. It has become so lucrative, that business organizations have sprung up in the criminal world selling ransomware as a product or service to newbie hackers.
HitManPro Alert vs Ransomware
HitmanPro.Alert watches for ransomware-style behavior, not just know ransomware, allowing it to catch brand new variants that other security software cannot recognize. If a file gets encrypted, HitmanPro.Alert makes a backup file. If other files continue to be encrypted, HitmanPro.Alert recognizes this behavior as potential ransomware and stops the process. It then rolls back the encryption by replacing the encrypted files with the saved backups and then removes the ransomware itself. HitmanPro.Alert also blocks unwanted encryption of the boot drive, another tactic used by hackers to get money. All this is done without any needed user interaction.
See how hitmanpro:alerts protect you from ransomware! *HitmanPro:Alert - Preventing Program Exploits
HitmanPro.Alert adds an additional layer of security around vulnerable programs, watching behavior that is malicious in nature. Infections are found and promptly removed. HitmanPro.Alert then replaces the infected Windows resources with safe, original versions. This prevents these programs from being exploited and used against the user.
HitmanPro.Alert vs. WannaCry DoublePulsar
HitmanPro Alert vs a Keylogger - Keeping Your Privacy
Webcams, keyboards and web browsers are also susceptible to hacking. Simple infection techniques could give hackers access to the passwords and the credit card numbers you type, the web pages you visit, and anything that's happening in the front of your webcam. HitmanPro.Alert monitors unauthorized access to your webcam, keeping your private life "private". It beefs up browser security and warns you if the browser has been compromised in anyway. It also encrypts keystrokes, rendering the keyloggers useless and keeping what you type safe. These advanced privacy features led MRG Effitas to award HitmanPro.Alert their Secure Online Banking Certification.
![[Image: VJpgZMb.gif]](https://i.imgur.com/VJpgZMb.gif)
![[Image: h86vAaS.gif]](https://i.imgur.com/h86vAaS.gif)
![[Image: Rwf0nX2.gif]](https://i.imgur.com/Rwf0nX2.gif)
Disrupting the Cyber Kill Chain®
Alternative endpoint security solutions only focus on blocking malware delivery from web pages and email attachments, but HitmanPro.Alert also recognizes the capabilities of more devious attackers. HitmanPro.Alert is purpose-built to disrupt attacks in real-time across the entire threat life-cycle or Cyber Kill Chain®.
HitmanPro.Alert not only offers exemplary exploit technique prevention and advanced malware remediation, its many "Risk Reduction" features also limit motivated and skilled attackers' abilities when they do succeed in compromising the endpoint.
![[Image: 6T422Us.png]](https://i.imgur.com/6T422Us.png)
CryptoGuard stops ransomware
The exclusive "Risk Reduction" features of HitmanPro.Alert include behavior based protection against high-impact crypto-ransomware, a prolific threats that slips by web filters and antivirus defenses every day. This type of infection --also generalized as "cryptolocker" --goes after images, documents, and other personal and critical data on local disks and networked drives. Cryptolocker malware encrypts the computer files of its victims and demands ransom money for the decryption key. The signature-less operation of HitmanPro.Alert's CryptoGuard technology universally prevents spontaneous encryption of data by cryptolockers. Even when trusted files or processes are hijacked for unsolicited encryption --as observed in cryptolockers "Vaultcrypt", "CryptoWall" and "CTB-Locker" --it is stopped and reverted by HitmanPro.Alert, without interaction from users or IT support personnel.
![[Image: wmAyBhN.gif]](https://i.imgur.com/wmAyBhN.gif)
Risk Reduction
Other Risk Reduction features focus e.g. on anti-espionage, such as kernel-based Keystroke Encryption, Webcam Notifier and BadUSB Protection. Moreover, Vaccination and Process Browsing and Application Lockdown reveal malware that hide inside or attempt to piggyback on trusted programs to gain persistence or hoist additional payloads.
Latest Build is HitmanPro.Alert 3.8.0 Build 859 30-December-2019)
What's NEW - HitmanPro.Alert 3.8.0 Build 859 Released (30-December-2019)
CryptoGuard v5 (default On, system level)
Complete redesign and rewrite of the award winning and world's first anti-ransomware module (est. 2013). It now also monitors unknown file types, offers increased performance and reduced I/O overhead – which is specifically noticeable in low-bandwidth network scenarios and on endpoints where many documents or other files change frequently.
Heap Heap Protect (default On, system level)
We have identified an operational behavior of many multi-stage backdoors, like CobaltStrike and Meterpreter, and created a detection that will catch their so-called staged behavior. Specifically, we look at their memory allocation behavior at runtime.
In addition, the memory allocation behavior observed in variants of prominent malware like Emotet and Trickbot (caused by the use of code obfuscation and multi-layer packing techniques), consequently result in typical behavioral traits the Heap Heap Protect will also notice and block – before malicious actions are executed. For malware authors it may be easy to obfuscate their malware, but it is a lot harder for them to change the associated memory behavior.
We have been testing an early version of this system-wide mitigation since December 2018 (build 771) and the initial mitigation went into action with build 779 (April 2019). For this build (859 and higher) we’ve further enhanced Heap Heap Protect to also block malicious process migration and .NET attack code that spawns from PowerShell.
APISetGuard (default On, system level)
A Windows ApiSet Stub DLL is a dynamically loaded module that Windows side-loads to help an application to be compatible with newer Windows platform versions. Such modules, like “api-ms-win-core-fibers-l1-1-1.dll”, act as a proxy to ensure compatibility with functionality that has changed in Windows compared to older versions of the operating system. For example, a specific Windows API function that used to require 4 arguments on Windows 7, could now require 5 arguments on Windows 10. In this example, the ApiSet Stub DLL will act as a proxy and add the 5th argument to ensure compatibility.
In an attack scenario, an adversary may place a malicious ApiSet Stub DLL alongside an application, to manipulate its functionality, or in case of endpoint defense software bypass tamper protection and terminate protection.
APISetGuard and is an integral part of the DLL Hijacking mitigation under Advanced interface > Risk Reductions > Process Protection.
FileProtection (default On, system level)
This mitigation prevents replacement of accessibility tools (like StickyKeys) from a remote machine. This is specifically useful against attacks like BlueKeep, that target RDP-enabled servers and endpoints. In such an attack scenario, a remote attacker could replace an accessibility tool like the Utility Manager (UTILMAN.EXE) that is available on every Windows logon screen, including via RDP. Then, on the logon screen, the attacker can simply click on the accessibility tool to spawn his malware or a command prompt with SYSTEM privileges, without needing to provide any credentials. For more details and a demo, see: https://news.sophos.com/en-us/2019/07/01...p-exploit/
In addition, this mitigation protects the AMSI.DLL (Anti-Malware Scan Interface) when it is loaded by processes into memory. Defenses that use AMSI benefit from this protection as AMSI bypasses that rely on modifying the AMSI.DLL in memory will fail.
JIT Guard (default On, app level)
This new exploit mitigation prevents the use of Win32 API calls from within just-in-time (JIT) memory in web browser applications. This new mitigation is default enabled on Chrome-based and Firefox-based web browsers, and thwarts attacks on vulnerabilities like CVE-2019-9810.
Lockdown DCOM (default On, app level)
Part of Application Lockdown, this mitigation prevents the use of specific critical DCOM functions by VBA macros in Office applications.
Safe Mode support
We’ve added support for Windows in Safe Mode. This will stop ransomware that forces Windows to (re-)boot into a diagnostic mode and encrypt the system from there – in Safe Mode. This thwarts ransomware like GoSnatch, as described and demoed here: https://news.sophos.com/en-us/2019/07/01...p-exploit/
New user interface panels
- Event List panel to view the alerts (finally replaces the standard Windows Event Viewer). The list offers a menu on each alert where you can suppress subsequent alerts on the same application, mitigation and condition. Details of alert events also include involved MITRE ATT&CK techniques.
- Event Process Tree panel provides a timeline that graphically shows how an attack took place. Includes clickable objects, view dropped files per process, show time between processes, their exit state and hyperlinked SHA-256 hashes that opens a report on VirusTotal (when it has one). Also allows you to go back and forth in time using the time slider. And zooming in and out of parent and child processes using your mouse scroll wheel. Pressing Print Screen offers you to export the timeline to an image file.
- Protected Volumes list panel to view the local and removable volumes as well as the network shares that are protected by CryptoGuard from ransomware.
RDP Lockdown (default Off, system level)
Locks down Remote Desktop (RDP) sessions to prevent attackers (that brute-forced or otherwise obtained a correct logon credential) from installing new programs like ransomware. Features:
- Blocks access to new binaries that are introduced in RDP sessions
- Strips administrator privileges from new processes
- Allows to generate 2 factor token file to unlock an RDP session (automatically enforced when enabling mitigation)
RDP Lockdown also includes a new shell extension that shows an overlay icon on binaries that have been introduced in a RDP session. The extension also helps with unlocking the RDP session via a token file located on a drive shared with the RDP session.
Added
- CryptoGuard can run in either v4 or the new v5 mode.
- CryptoGuard v5 block modes: Terminate, Isolate and Audit
- Terminate: terminates and isolates the ransomware process (new default)
- Isolate: detects and isolates the ransomware by revoking write access (old default)
- Audit: detects ransomware, but takes no action on it (new)
- Terminate: terminates and isolates the ransomware process (new default)
- Added license expiration reminder. Users that renew their license will receive a discount of 15% on a new license when buying one via the new reminder message.
- Anti-Malware now relies on a new network manager module to detect when internet connection is lost or restored.
- Excalibur.db is regularly truncated to prevent the file to become too large on high activity machines).
- Alert Events are now also stored in excalibur.db, the local event trace database.
Improved
- Improved CodeCave mitigation.
- Improved HeapSpray mitigation.
- CryptoGuard 4 and 5 now also handles ransomware attacks that leverage EFS (Windows Encrypting File System).
- CryptoGuard 4 and 5 can now handle a deficiency in Windows leveraged by the RIPlace evasion technique.
- WipeGuard inadvertently protected USB drives that were already connected during boot.
- Keystroke Encryption was default enabled on the first window that was visible after install.
- Inner workings of the Keystroke Encryption engine.
- Keystroke encryption engine now correctly handles the Windows 10 Emoji Picker (shortcut Win + . )
- Service is now hardened against an unsolicited stop commands.
- Alert processes are now additionally hardened by enabling several Windows 10 exploit mitigations.
Fixed
- Fixed initial dashboard when installing product in CryptoGuard-only mode.
- Alt-Tab window could get stuck when the foreground process had keystroke encryption active.
Removed
- Credential Theft Protection no longer shields the Security Accounts Manager (SAM) database on the disk (CredGuard SAM). Too many legitimate applications access the SAM database for no apparent reason.
Further Info HERE
HitmanPro.Alert licenses for this giveaway/contest
HitmanPro/SurfRight has provided Geeks For Your Information Forum five (5) x 1 year licenses of HitmanPro.Alert as Christmas 2019 giveaway/contest prize
CONTEST RULES
To boost forum participation/contribution, all who wish to participate MUST have created a minimum of 3 threads and 5 posts (threads in sections: (i) Giveaways / Contests (ii) Deals and (iii) Geeks FYI > Feedback are NOT INCLUDED). Entries not meeting the requirement will be deleted. WE WILL BE CHECKING!
1. Please answer the question below.
"WHAT makes HitmanPro.Alert the best and effective ransomware/antimalware solution?"
Post your reply as contest entry WITH your social media share. Please see sample entry below.
![[Image: WscGVJx.png]](https://i.imgur.com/WscGVJx.png)
2. REQUIRED: Please share this giveaway by pasting the code below in your Facebook/Twitter/Google+ Account.
(Share is NOT limited to popular social media sites like Facebook, Twitter, Google+, and Instagram.)
Code:
Geeks For Your Information Forum [Official] HitmanPro.Alert Christmas 2019 Giveaway
[url]https://www.geeks.fyi/showthread.php?tid=9406[/url]Optional: You may want to like/follow Surfright's social networking sites as added support.
3. One entry per IP address ONLY. WE WILL BE CHECKING!
Only one entry per member is allowed. Dual entries will both be deleted and user will be banned from giveaway so please be careful.
If there are any questions / concerns pertaining to the giveaway/contest please get in touch with me through PM. Do not post it in this thread. Doing so will merit a warning and ultimately be banned from entering further giveaway/contests.
WINNERS WILL RECEIVE
Five (5) winners will each receive one (1) year license of HitmanPro.Alert
Winners will be selected by HitmanPro.Alert Sponsor Mr. Victor van Hillo and once posted,
winners will only have 5 days to send a PM to claim their prize.
winners will only have 5 days to send a PM to claim their prize.
Please include your details (Name / Email) in your PM claim.
NO CONFIRMATION FOR THOSE WITH INSUFFICIENT/INCOMPLETE DETAILS.
Prize will be FORFEIT if a PM claim is not received within the specified timeframe.
Prize will be FORFEIT if a PM claim is "not confirmed".
The Giveaway will run
from December 15, 2019 to January 15, 2020
from December 15, 2019 to January 15, 2020
Good luck to all!!!
![[Image: Lo6bbiT.gif]](https://i.imgur.com/Lo6bbiT.gif)
![[-]](https://www.geeks.fyi/images/collapse.png)
