WiseVector Stop-X

Hi WiseVector

Any latest what the key differences between the Pro vs. Current (Non Pro?) versions will be?

Cheers, Baldrick

 

maybe its just me but I find the programme depending on task scheduler not ideal,
the programme will fail to launch at startup if task scheduler is off and the task scheduler job of WVSX is off

 

I don't believe that you can disable task scheduler.

 

I totally agree. Having WVSX depend on task scheduler makes it a PITA. I doubt WVSX will become a "big seller" unless it will load at startup as easily as do other Antivirus apps.

 

@lucd
Many Microsoft programs are also launched through task scheduler. Can you please tell me under what circumstances the task scheduler is off on your computer?

@bellgamin
Can you please tell me why you think WVSX loads at startup not as easily as others do?

 

New features: Web Protection, Application Network Access Control, NIDS and Manual Mode Hips.
Please refer to post #1263 for more info.
Thanks!

 

but you can via cmd (you cannot do that in services.msc panel):
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule" /v Start /d 4 /t "REG_DWORD" /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0" /v Start /d 4 /t "REG_DWORD" /f (for other windows versions, btw. "/v Start /d 2" is to roll back)
this rule is reset after windows update

to delete task job the syntax should be something like this: C:\> schtasks /delete /tn WiseVector /f
to me its like taskkill.exe or tskill.exe, but this "vulnerability" is after restart so it won't affect anybody during live session so to speak
after restart, tray icon is gone at startup and you cannot scan via context menu (see picture 1), the service will try to start with some trouble, in task manager the service is on with 0% activity. In services.msc the service is set to 'automatic' but not 'running'. Overall I dunno how much you can be exploited. Difficult to notice a tray icon

in my opinion task scheduler is abused by malware so I don't like it being on, for instance if you run the avz tool by Oleg Zaystev it will warn that scheduler is on, it's one of the top 5 places malware resides for persistence, so ppl who like to harden their system might not like it
that said, you can add 1 line in command line to bypass some of the core functionality which is not OK, WVSX should not be silent that "Schedule" is manipulated

 

I agree with point 2. Just to add every other malware out there right now is trying to disable windows firewall and windows defender by disabling their service or adding a allow rule registry couple examples are dtloader and bokbot.

 

Interesting point. While @WiseVector too makes excellent references to this regards, I also have used the AVZ Toolkit and often wondered how susceptible Task Scheduler might just be to those concentrated efforts of malware purveyors who practice on infiltrating in the easiest of methods to neutralize the very start up of various Anti-Malware Programs/AV's.

I can't help but think that Microsoft Windows manufacturers, especially 10 is not so innocent in their assignment of degrees of certificates to Quality Antimalware Industry Programs and wonder if they place constraints on particular start up ideas or not.

In this instance, WVSX can or could select the alternative start up locations that they can clear as most efficient.

Is Windows Task Scheduler one? It was long developed as a place to launch good clean programs as well as MS own devices, but as cited above by the poster, it can also maybe be a point of contention if a Antimalware program could be attacked and rendered inert so easily.

That's my take on it for what it's worth. I'll leave it to the developer and his interaction with members on the validity or possibilities for alternative positioning of it's start up modules.

Fantastic Program!!! Keep up the great work!

 

Kwel...many thanks...am looking forward to that. And of course some firm information on pricing...

Regards, Baldrick

 

Hi @ WiseVector

"I also don't believe in bashing a product because of the country it came from. Bash it for its protection effectiveness or bugs, not its country of origin." Ex post 1291 Digmor Crusher

Your country (Canada) has effectively made it very difficult for Huawei to operate in the future despite its products successfully being used in Canada and in many countries around the world (Five Eyes intelligence-sharing). Simply because it is China and concerns about the security of Chinese products and services. No doubt also under pressure from the USA and other countries.

Products that are NOT EFFECTIVE are not successfull. It is the successful products we have to be alert to.



Terry

 

Same here @Baldrick The additions will and should only enhance this fabulous program!

 

Yes, but what my country did with Huawei has absolutely nothing to do with me, seems to me they just caved under external pressures.

 

But that has nothing to do with country, and everything to do with the shadiness of that particular company. Look at oneplus. They are allowed to operate because they keep everything above board. Huawei does not, so they cannot sell to North America. Yet they are both from China. Just because a product is from China does not mean it should not be given the benefit of the doubt.

 

I wish we could just get off country/territory origins and return the topic back where it honestly belongs. Strictly to do with WVSX workings, performance, suggestions and other interests that have to do with the program and it's compatibility to perform to expectations and/or bug reports or mishaps in operations that WVSX promptly addresses or provides reasonable logical explanation for.

Microsoft USA to me is not exactly very convincing itself in the way it has needled it's feelers with telemetry in either gathering data far in excess of any other O/S or functionality issues directly related to their intrusions (that WVSX does nothing of the sort) that gives developers way more work than need be.

 

@WiseVector -- In your post #1306 above you asked, "Can you please tell me why you think WVSX loads at startup not as easily as others do?"

When I first began using WVSX, several months ago, I placed a checkmark on WVSX's Settings form, next to the Settings entry, "Automatically launch at system startup." That checkmark has always remained in that same place. However, WVSX has never EVER launched at system startup.

When I similarly place a checkmark to cause ANY other AV to automatically startup, it does so. ESET does so, Kaspersky does so, SecureAPlus does so, & so does every other AV and every other app of any kind that I have ever used or trialed --- but not WVSX.

I am merely requesting that WVSX allow automatic startup to be accomplished as easily as every other AV does.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE: I am aware that WVSX automatic startup relies on the Windows Task Scheduler. However, I long ago disabled Windows Task Scheduler & replaced it with the far more effective TaskRunner. I'm sure there are many power users who use Task Runner instead of the Windows Task Scheduler. While I am a fan of WVSX, if the paid version mandates the Windows Task Scheduler be enabled, I sadly will be forced to rely on another AV.

 

C:\Program Files (x86)\WiseVector\WiseVector.exe

This can be done by any Task Scheduler.

 

Not only task scheduler is abused by malware. The registry auto-start item (CurrentVersion\run) is abused most.
At present, WVSX has no reaction to deleting items from task scheduler but has reaction to adding items in task scheduler.
By our observing, no malware try to delete wisevector from task scheduler till now. To prevent such issue from happening in the future, our next version you can add custom rules to detect such behavior. You might feel more at ease when using WVSX after then.
Please refer to the screenshots below.
https://ibb.co/QDCQVjh
https://ibb.co/LN2VV63

 

Please tell me how did you disable task scheduler. We would like to do the same steps as you did and figure out a way to resolve the "automatic startup" issue.
I'm curious that there are nearly 200 tasks belong to Microsoft in Win10 need task scheduler to be launched ( you can see them in C:\Windows\System32\Tasks\Microsoft). How can your system work smoothly when task scheduler is disabled?

 

you can easily disable task schedule via cmd
so this rules editor is part of the pro version? I have never seen this rule editor
I believe in the free version you should add these rules as default rules too as well, the strength of a chain is limited to that of the weakest link

 

@EASTER @JRViejo

Thanks a lot!
Yes, let's get the topic back on track!

 

Yeah, it's a part of the pro version. We would probably add these rules as default rules in the free version.

 

FP:
2021-04-27 22:13:48 C:\Users\Hilti\AppData\Local\DeepL\app-2.2.0\DeepL.exe WIBD:HEUR.Trojan.FB

 

Please tell me where can I download it. We will analyze soon. Thanks.