WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No, it's not really designed only for advanced users, because it will always auto-block, so it doesn't rely on user decision.

    Well, let's face it. For "in the wild" malware detection you can use any of the popular free AV's, I don't think WVSX will do a better job in blocking malware. However, it caught my attention when you mentioned it blocked dangerous code injection techniques, so as a pure behavior blocking it seems to be quite interesting. However, it doesn't work the way I want it to, I would like to see clear alerts about behaviors that are being blocked.

    Too bad that PC Security charges so much, I would really love to see WVSX being tested. Perhaps you can contact MRG Effitas and ask them for a discount because your company is still quite small? And can you give a bit more info about the Chinese test, how many samples and what type of malware was tested? Was this about zero day malware, because it outperformed the biggest AV players.
     
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Sorry, we don't have such plan at present. Design a good security software for PC and get it improved is the priority for us now.
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    At present, if malware use code injection techniques, they will be flagged as "WIBD.Heur.Injector.XX" by WiseVector StopX. We would like to design clearer alerts for experienced users in the future. Thanks for your advice.
    We will contact MRG Effitas soon. So far as I know, they don't have an agreement with Microsoft which can't help us to take part in MVI. But if their price is reasonable, we might have a try.
    There were 50 tests in total in nearly 2 years. The first screenshot shows the test result from 1-20; the second screenshot shows the test result from 21-50.
    Usually, there are 30 to 200 fresh malware samples in every test. I don't know how you identify zero-day malware. Several samples in the tests were not present in Virustotal.
     
  4. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
  5. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    @WiseVector

    Sound great! :geek:
    How are you going to deal with Zero Day Malware and
    Ransomware as it evolve? Your plans?
    A couple of example, ChineseRarypt? And Ransominator?
    Seem SandBoxie was the only one to stop, ChineseRarypt?
    Correct me, if, I am wrong?

     
    Last edited: Oct 10, 2020
  6. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    I posted on his youtube site 1 month ago and got no response. I specifically asked him if he could test Wise Vector. On the other hand I also
    asked this person (Computer Solutions) and he said "Noted :)" and I assume he will look into it! https://www.youtube.com/channel/UCQnBRNNSqPRIhPwEN3YTXow
     
  7. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    Wow that is shameful! Hopefully this other person will show a test. See my post above!
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Reported and solved.
    Thanks.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    This web site is known for controversial security software reviews. Good luck on finding any background data on who is Computer Solutions or their test methodology. I would pass on them for a WV test. On the other hand since CS has been contacted, WV will probably be tested anyway.
     
  10. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Since WiseVector StopX is AI based, it's very good at detecting Zero-day malware. WVSX has Behavior Detection, Memory Protection and AI based static scanning to fight with ransomware.
    A user in malwaretips had tested WVSX with Ransominator already. It can be blocked by WVSX perfectly now, since we have made targeted design to detect it.
    You can test WVSX with ChineseRarypt and Ransominator in a VM by yourself if possible. Then you may know whether Sandboxie was the only one or not:)
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks a lot for your warm heart!
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks! :)
     
  13. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    You are welcome!
     
  14. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    905
    Location:
    U.S. Citizen
    @WiseVector

    #561 Reply: Thank for the follow-up and the info!
    Appreciated!!!:geek:

    Always the best,
     
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    At this point popularizing the product is the main concern, I wouldn't be too picky who reviews it, it needs to be seen first then sb qualified can re-test, but alot of security product don't partecipate in tests and they are doing fine (blackfog) , as memory injection protection programme it has a niche it doesn't need to compete with main AV vendors that offer 360 approach (cryptography, anti-phising, firewalls), at very early stage it would have a hard time because of that said approach today, questions:

    1) Wisevector service is set to automatic but it doesn't start, trying to start it gives "service started then stopped", is this expected behaviour?

    2) Also it needs admin permission from context menu to scan an archive, a bit unusual

    3) is it able to catch functions (hook WinAPI or OpenGL or DirectX functions) related to screen grabbing? I noticed screen going dark for a second and it wasn't me
     
    Last edited: Oct 13, 2020
  16. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    464
    @WiseVector wondering what your thoughts are about possible overlap with HitmanProAlert and if any modules (either in WV or HPA) should be unselected
    AND, thanks for your work!
     
  17. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    It is normal. WiseVector service is used to start WiseVectorSvc.exe. It will stop immediately after service started.
    Sorry, WVSX needs admin permission to run currently, so it needs admin permission to perform scan.
    If screen grabbing is performed by malware (Usually Info stealers or RAT), it will not cause screen going dark because it will get users to pay attention to them. There might be a problem with the graphics driver or something else on your computer.
    Honestly, since there are many functions related to screen grabbing in Windows, it is diffcult to catch all of them. By our observing, Info stealers and RAT don't take screenshots only, there must be more functions, trying to get other personal data from users. We can say WVSX is able to detect such malware based our multi-layered protection.
     
    Last edited: Oct 14, 2020
  18. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    If you must run WVSX and HPA together, you can enable "Keyboard encryption" and "Bad USB" in HPA.
    Have a nice day!
     
  19. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Does that mean that WiseVector already covers every exploit mitigation in HitmanPro Alert?
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    @WiseVector

    I refer to an earlier [page 13] post ...And, your reply here

    I just got another Alert, but this time for a different path, i.e. C:\Windows\System32\sc.exe

    I chose to exclude it.

    WiseVector_Document Protection_alert_07.JPG

    So, I hope that was the right thing to do, in this case, too.
     
  21. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585

    Attached Files:

  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I just scanned it at VirusTotal and I'm certain that it is a false positive. It's detected by four scanners. However three of them are AI based scanners which are prone to false positives. The other detection from McAfee Gateway, I believe to be a false positive too, considering that no other antivirus detects it.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I'm interested in that question too! (And possibly also quite a few HMPA users on Wilders ...).
     
  24. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    +1
     
  25. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    228
    Location:
    UK
    +2
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.