WiseVector Stop-X

I have reported that TOR browser is (hopefully) a False Positive.

 

You are correct.

 

I don't think .NET 3.5 is a problem. It is widely used and Microsoft has released multiple patches to fix its known vulnerabilities.

WVSX can detect Malicious Use of .NET, like:

1. Inject .NET code to system processes (DotnetToJscript, SharpShooter)
2. Run PowerShell without PowerShell.exe (UnmanagedPowershell, PowerShell Empire)
3. Assembly.Load() abuse.

 

Sorry, maybe I didn't express myself clearly.
We disabled our real-time protection in our test. Nothing about Cylance.

 

Thanks for your feedback.
Since we had observed that TOR was abused to let the malware to connect the CC server that it was not able to connect, WVSX detected it as malicious.
For now TOR is rarely abused, so we have removed the detection.

 

Hi,
The way to test an AV by loading lots of malware samples in a VM and running them one after another is not in line with reality.
We think it's more professional to run a few of fresh malware samples and keep testing for one week at least, since this way is more similar to the actual situation that encountered by the users.

 

Yes, but you would at least hope that it's not all hype. Why on earth would BlackBerry pay 1 billion dollar for this stuff. I wonder if Cylance is still being tested, performs they have made improvements, who knows.

OK, I see what you mean. But what I meant is, that HMPA will always block stuff like process hollowing and APC injection (see screenshot) because it's almost always used by only malware, not by goodware. It will also present you with a clear alert when this stuff is blocked. I'm guessing WVSX doesn't do this? The reason I ask is because I'm mostly interested in WVSX's behavior blocking part.

OK cool, I hope that you guys will be tested against a decent amount of malware samples, like itman said perhaps the PC Security Channel can help with this.

 

Interesting and not expected response.

I will begin with non-withstanding PC Security Channel's borked test methodology; i.e. not simulating real-word attack scenarios, most of the major AV products tested scored reasonable well. That is in the 2 - 3 range. In fact, Avast, F-Secure, Kaspersky, Norton, SecureAPlus, and SentinelOne received the highest average protection score of 3.

I believe it prudent that prior to recommending that one's existing AV protection be disabled or uninstalled and relying solely on WV protection, WV protection capability be independently verified to be equal to or exceed that of one's current security solution. Also as far as the Malware Hub testing of WV over at malwaretips.com to date, I view that as stated on the preface of many test results posted there - "Take this with a grain of salt."

 

I still favor the layered approach. IMO, either (1) WVSX + VoodooShield OR (2) WVSX + SecureA+ (my setup) are very close to bullet-proof.

 

Since ditching AV's for years now and going purely 3rd party with numerous hardening techniques easily implemented not a peep of a try at intrusion beyond front gate defenses. Suppose they still have their uses especially the Windows 10 WD which is vastly improved. Likely any quality commercial AV coupled with a stinging rebuke program as this WVSX Program and assorted personal favorite additions can cover a great deal.

@bellgamin- In times past you may remember EASTER sometimes was chided for Layering heavily-bordering on redundancy but that same redundancy proved beneficial in my local testing where (2) somewhat similar interceptors (Not AV's) competed for intercepting potential malware invasion with the end result the same. No Entry Allowed-File/Dropper Introduction Rendered Inert.

 

I've continued to evaluate WV on a sacrificial (non-VM) system and remain impressed by the product. Installation and uninstallation are efficient, and the utilization of system resources are minimal, so those with a 5 year old computer that even then was a POS shouldn't see any discernible slowdowns.

Regarding malware detection, for those old standards it is swift, and for non-current samples WV's "thinking" is only a few seconds. But as with any anti-malware product(s) used, an Outbound alerting firewall is mandatory. Personally I have on the test system Comodo Firewall (settings being Cruel) and have found that WV and CF work synergistically, which was a pleasant surprise. Those malicious files that WV does act on immediately will be shunted into Comodo Containment where they will even be acted on (by deletion) when WV finishes its thought. Rather cool to see malware ripped out of the sandbox without the need for a flush.

Items not detected by either Comodo VirusScope or WV will still be contained thus resulting in any system harm. But the most important point will be the Firewall preventing still undetected items from connecting out and killing the entire process (I'm sure that those that have spent a little time with Violent Python will agree).

All in all, WVSX remains an elegant solution.

(ps- Rasheed- "Why on earth would BlackBerry pay 1 billion dollar for this stuff". For me this just proves that the Universe creates both Fools and Insects in numbers beyond imagining).

 

Enterprise level corps. rely heavily on NSS Labs testing. Cylance does quite well on its tests: https://www.cylance.com/content/dam/cylance/pdfs/reports/NSS_Labs_AEP_Security_Value_Map_Cylance.pdf. Note that Optics was deployed in this testing. What is Optics?

https://www.blackberry.com/us/en/products/blackberry-optics

As such, other AV lab testing Cylance in a stand-alone fashion equates for example to testing stand-alone WD versus WD ATP.

Also and unique to NSS Labs, it performs real-time cumulative malware and breech testing; usually over a 3 month period, via its OPSWAT platform. View OPSWAT as a big honeypot connected to the Internet flashing in big red color, "Attack me." Also NSS Labs facilitates security vendor product improvement via feedback during the monitoring period of product detection/protection deficiencies.

 

According to your screenshots, there are several terminology in the settings of HitmanPro. Seems that it is designed for experienced users.
WVSX is different from HitmanPro. We try to present complicated stuffs in a simple way. Bitdefender ATD is more similar to WVSX.
In the previous post #464, I said that WVSX doesn't block a certain technique such as process hollowing and APC injection, in case legitimate tools use this technique as well. In the previous post #174, I said that not all Apps will be blocked while just performing APC injection. WVSX is AI based and AI will do Classification and Regression to make it's decision. The working mode is very complicated. Perhaps HIPS is more in line with your needs.

We contacted PC Security Channel yesterday. Looking forward to their reply.

 

I recommend advising PC Security that you product doesn't offer any phishing or online protection.

 

the not so immediate problem being the amouth of false positives which can be slowly eliminated. When I get a bunch of them I'll send a list to Wise Vector, for instance if I download Tech Tool Store

Spoiler

Tech Tool Store allows you to configure, update, organize, and run the desired tools with just a few clicks.

which is a platform for downloading tools to manipulate OS quite a few of them get a malware flag. It contains classic major geeks installs like Windows Repair from tweeking.com. Not a big deal most ppl can live without these tools

 

We got reply from PC Security Channel yesterday. Their typical charge is £5000 for a evaluation.....
WVSX will participate in international tests gradually. "More haste, less speed".
WVSX performs pretty well in domestic testing in our most popular security forum during two years. Please refer to the screenshot ( the one in yellow circle is WVSX ). If you are interested in where is the report from, here is the link. and another ( You might need a translator )

https://i.imgur.com/7ESFAM9.png


https://i.imgur.com/yFuVueF.png

 

Hi,
Thanks for your feedback.
We have downloaded some tools through Tech Tool Store, no alert till now. The FPs which you mentioned were detected by our static scanning or behavior detection ?
As far as we know, Windows Repair will disable UAC in certain circumstances, so there will be an alert.

 

Thanks for your suggest.

 

Try CheckLab located Poland: https://checklab.pl/en/cooperationhttps://checklab.pl/en/cooperation .

They are a subsidiary of AVLab also in Poland. Note that this is not an AMTSO member AV Lab. Additionally, any certification by them is not recognized for Microsoft MVI purposes. However since this is also a start-up lab and are located in Poland, their test prices might be low. I would also imagine that agreement of public disclosure of test result regardless of what those results may be will also lower the cost. Of note is AVLab is a poster at both wilderssecurity.com and malwaretips.com.

 

Thanks.
Yes, we contacted CheckLab already a few weeks ago, their test price is much lower than other AV testing Labs. As you know, the certification by them is not recognized for Microsoft, we feel hesitant to participate in their test.

 

lets do our own malware analysis channel, we will do better than PCSC and charge less than 5k with fresh samples with visible timestamps

btw. by loading lots of malware samples don't you lower defenses and performance at each consecutive malware deployment, thus it is just for entertainment, I've seen alot of legitimate (don't know the hash but still) files being run in these or similar tests, I love to download, run and test programs and some of them I recognize

 

I'm running WVSX for a few week now, on a WIN7 machine. ( not listed in my signature)
So far I'm impressed with the quite and well doing of this.

Can't tell about protection, because I hadn't any case in the last years.
Only one FP, but that was expected, due the nature of the app.

I'm going to continue testing, although I have no real need for a security app on this machine,
that is backuped daily, on a protected net drive.

 

Thanks!
We will take our own videos to introduce WiseVector StopX through YouTube in the future.
But obviously, it would be more convincing if WVSX can be tested by an AV testing Lab or any other third-party.

 

Hi，
Thanks for your positive feedback and testing.
Have you reported the FP to us? It is solved or not？

 

Salutations/Greetings,

Do you have (WVSX) WiseVector StopX for chromebooks and/or andriod phones?
If not ,do you plan to release for the above?

Always the best,