Hi Azure, WVSX can also prevent browser, office, PDF readers from executing unauthorised code. But frankly i don't know much about the anti-exploit feature from HMPA and perhaps their anti-exploit features are more powerful. I didn't find a detailed description of their anti-exploit feature on their official website. Surprisingly i found that HMPA don't intercept every process injection. For example, the signed Parallax RAT trojan that appeared yesterday. Below are the malware samples for those who are interested, password is "infected". https://we.tl/t-2vSh2m45z3 VT link: *removed as per terms of service https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840 The malware will inject several system processes (dllhost.exe, rundll32.exe) to perform its dirty job. But HMPA let it go. The HMPA version is V3.8.4 build 871 with all features enabled. I have just downloaded it from their official site. Note that I didn't do this test on purpose since i need to answer the question so i downloaded it. Maybe someone here will report this sample to them. @paulderdash @deugniet
Hi Tarnak, I think this is OK. Since the document path is related to "RegRun2". The "sc.exe" may be executed as a child process by RegRun.
Hi WiseVector, Just an FYI, my HMP.A version is 3.8.6 Build 875. Edit: That build can be downloaded from the link in @RonnyT 's signature here: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-648#post-2954256
Bad usb and encryption are on if hmpa license runs off 2 , at this point he could use an unlicensed version and a hitman pro scan from time to time (which can be done also for free with hitman pro), having said that it doesn't make much sense to use both I think since there are many tools that do the same
This WVSX versus HMPA comparison might possibly steer this thread into an "A versus B" discussion. See HERE.
Doubt it. There are cases in this forum where people have A vs B discussion without any issue. Most likely because it wasn't about an antivirus. And in this case, what is being talked about is the anti-exploit capacity of each software. Users being able to compare, evaluate and a share their opinion about a product is one of the fundamentals of a security forum.
Could, but hope not. The question (for me anyway) is definitely not about 'which is better', but about comparing functionality, and possible overlaps in a layered security solution.
Yes this would be nice. On the other hand, the most important thing is that WVSX can truly block code injection when malware is already active, so this means post execution. OK then it might not be interesting for you guys. Also, most of the time they test with about 300 samples, but I would like to see more samples being used to test WVSX. Well, I figured it might be brand new malware, since WVSX even outperformed the big name AV's! While in testing done by AV-TEST and AV Comparatives, they almost always score at least 99%. Actually, same goes for MRG Effitas. https://www.av-comparatives.org https://www.av-test.org/en/
Correct, HMPA is mostly focused on blocking exploit attacks via behavior blocking, so it's likely more advanced than WVSX when it comes to this. And it's also correct that it doesn't block all kind of code injection techniques, it's mostly focused on process hollowing and APC code injection. According to you, WVSX monitors more code injection techniques, so in this area WVSX might be more powerful.
OK so does this mean that at first Ransominator couldn't be blocked? For example, HMPA will monitor for rapid file modification and will roll-back modified files to a clean state. Does WVSX also do this, or does it it only block ransomware pre-execution?
Hi, Please refer to the thread: https://malwaretips.com/threads/wise-vector-stopx-vs-ransominator.100404/#post-877039. Our test result was a bit different from the tester in the thread. The version being tested is very old, WVSX becomes more powerful to detect ransomware now. WVSX can block ransomware pre-execution and post-execution stage, but it has no Roll-back at present.
Salutations/Greetings, Do you plans on having a Roll-back in the near future. If so, when? And do you have any tests and/or reviews on YouTube? Against Ransomware, ect.... Also, could you WiseVector post a video of WVSX against various ransomware on YouTube? Once a week, ect..... Your thoughts? Kind regards,
@WiseVector - Is it or will it fit WVSX to add Roll-back protections in some subsequent future release? Or would entering that particular feature in any way curtail or at the very least make WVSX less light overall. As it is been currently the energy/resource demand is pleasantly light while lightning rapid in performance in it's detections. @Moose World - IMHO @cruelsister would be a very effective resource in pitting WVSX vs. some of the roughest toughest hombre's. Maybe PM her on her thoughts. She is really pinpoint picky at noticing the tiniest deviations when the heavyweights are staged to clash in a CONTAINED environment. RAW real system & Real-Time not some standoff Virtual Disk routine. And those end results can be staggering albeit extremely accurate.
Think she's already been evaluating WVSX. There are several posts from her in this thread, and WiseVector has aced them. A video would be great. Maybe if we talk nice, or buy her chocolates, she'll do one. LOL
Anyone try this program with Microsoft Defender AND Malwarebytes? Or is that too much overkill? Acadia
A while back WV said it would not be good to run defender with WV because defender would react first when something happens.
^^ True-Which would stand to reason since Defender is a hard wired native component of the O/S itself. Thanks @Nightwalker
Hi, According to our tests, Roll-back is rarely needed, since WiseVector StopX focuses on blocking malware before damage happens. Anyway, we will change our plan according to cybersecurity trends. Yes, WiseVector StopX doesn't want to be another bloated AV. We would like to find a better way to keep WVSX being a lightweight and powerful security software. There is a few reviews on YouTube about WiseVector StopX, but they are not posted by us. We would like to post a video to introduce how to use WiseVector StopX. I think it would be more convincing if an experienced user or any third party can test WVSX on YouTube.