WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    Interesting review by the league of antivirus. Its only part one, part 2 to follow

    Intermission - WiseVector StopX 2.73 Test vs Fresh Malware Samples Part 1 - YouTube
    https://www.youtube.com/watch?v=vTnZSu51-G0
     
    Last edited by a moderator: Jul 26, 2021
  2. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    @WiseVector This is not done by WV, I would like this feature to make the antivirus more complete. Thank you very much.

    Sin título.jpg Sin título2.jpg
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    The HIPS monitors file, registry, process activities. It also prevent untrusted programs from accessing your webcam, microphone, important data, etc.
    The Firewall part monitors network activities.
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi Melita,

    Sorry for the inconvenience.

    Currently, if you want to fast switch users, you must first quit WVSX.
    After logging in as another user, you must manually start WVSX.

    We are working on this issue and expect that the next release will fix it. It will also start automatically under other user accounts when Windows starts.
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    When WVSX is running, if any malicious program tries to add a firewall rule, it will be terminated by WVSX's Advanced Protection.
    After 3.0, if any untrusted program tries to add a firewall rule, WVSX will prompt the user to take actions.
     
  6. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi NiteRanger,

    There is no conflict between WVSX and KIS, so you can enable both FW.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Hi WiseVector,

    Is the same true for Norton 360?

    Thanks.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I just tried to install the latest beta over 2.73 and got this:

    VWSX Error.PNG

    I have no idea what that means. :confused:
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I had an educated guess and exited 2.73 and tried again. This time the update succeeded.
     
    Last edited: Jul 27, 2021
  10. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Yes, you need to quit WVSX first and then perform an overwrite installation. We haven't heard there is any conflict between WVSX and Norton.
     
  11. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Sporadically it seems, 301 beta updates are failing when manually checking for updates
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes but I'm talking about more details, like code injection, installation of services and drivers etc. And can you post screenshots of the HIPS and firewall, thanks in advance.
     
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Can v3.01 get updated successfully now?
    Can you visit our website ( https://www.wisevector.com/en/) smoothly?
    Did this issue appear before?
     
  14. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
  15. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    36
    Location:
    My Desk
    @WiseVector
    Regarding WVSX's automatically starting with windows boot. I was wondering if there is a domain user account with standard/non-admin privilege from the Active Directory/Microsoft Windows Server? Would you please explain it to me how to make Wise Vector start automatically in the domain user (standard/non-admin) account . Pictures would be better if possible. Thanks
     
    Last edited: Jul 29, 2021
  16. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Manual update is working right now on 3.01
    Yes I can visit the site ok
    Yes, I had this issue with 3.00 also

    Ill keep you posted if the issue arises again... thanks

    Edit: I am using dnscrypt (Simple Dnscrypt) with Nextdns for server in case that could be a factor
     
    Last edited: Jul 29, 2021
  17. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    643
    Location:
    USA
    Yes, that is a major inconvenience and limitation - preventing use of WVSX in our classroom environment. Once that shortcoming is remedied I will seriously consider it to protect our classroom PCs.
     
    Last edited: Jul 29, 2021
  18. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    Part 2 is up. Interesting result
    https://youtu.be/csHGxDqf_wQ
     
  19. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks the author for the testing, any testing of WVSX will help us to improve.

    First of all, I don't think these are fresh malware samples, as I understand fresh malware samples should appear at least within one month, preferably not present in Virustotal or at least less than 30 detections, or less than 20 in VT. According to the video we can tell that these samples probably come from Virussign or Virusshare, because Virussign often has many normal files that are infected with Floxif virus, Virusshare are full of PUPs. Samples from Virussign are definitely not fresh samples.

    In the end of the video, most of the infected files are files infected by Floxif virus and PUPs, with a few worms we think they are the same file and one Quasar malware.

    1. We are confident that our behavior detection is able to block Floxif virus. In the author's test WVSX has blocked one, please see screenshot below. We have tested several files infected by Floxif virus by ourselves and we can sure WVSX is able to block them all. If there are testers willing to test Floxif samples with WVSX, we would appreciate it. If WVSX failed to block any Floxif sample, please post it here. Testers can disconnect from the network to prove we haven't updated anything。

    2. We observed that WVSX's own files are also infected by Floxif virus, which should not be possible because our kernel drivers prevent other programs from writing to WVSX's installation folder. This should be result in running a large number of Floxif virus at the same time.

    3. For PUPs, if we do not observe any advertising or spying behavior in our environment, we will not add the detection. For example, there are several mail.ru PUPs in the author's test, we have analyzed many samples developed by mail.ru and didn't observe advertising behavior in our environment. Also, as far as we know, mail.ru has a large number of users in Russia, so we would be quite cautious to flag these files.

    4. For older malware samples like Quasar, they may not exhibit malicious behavior if their CC server is dead.

    We think that the reason for these infections may be due to running a large number of samples at the same time, and WVSX have some problems when faced stress test. We will do more stress tests ourselves in the future, but you should know that it is impossible for a normal user to run a large number of malicious programs at once.


    Capture10.PNG
     
  20. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
    Hi WiseVector! All files in the test are malicious and fresh (collected during the previous day) and the package also contains PUPs (maybe in the future, when I find more free time, I will do separate tests for different types of malware) FLoxif is the second most common infection in UAE this days https://www.zawya.com/mena/en/press...easing_impact_in_the_UAE-ZAWYA20210620063117/ . If I will find spare time, I will send the FLoxif samples used in the test by PM.
     
    Last edited: Jul 30, 2021
  21. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    507
    Location:
    UK
    Thanks for the tests, its good to have you on here.
     
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi Space Ghost,

    Thanks for the testing.

    You collected during the previous day does not mean these are fresh malware samples, as I understand "fresh" samples should be created by malware makers not long. When you see Floxif you should understand that it is certainly not a fresh sample, The virus has been around for almost 10 years.

    Let's say there are 100,000 white samples, infect it with Ramnit virus you will get 100,000 "fresh" samples, infect it with Sality you will get another "fresh" 100,000 samples. :D

    Please send the FLoxif samples here so everyone can test.
     
  23. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi Rebsat,

    Currently non-administrator accounts cannot start WVSX at logon, please wait for the next version, thank you.
     
  24. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks for your interest in WVSX, we will soon release new version that supports fast user switching asap.:D
     
  25. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
    Hi WiseVector! Yes, file infectors are part of the tested samples. Because you can still find them in the wild. I don't know for sure but I feel that publishing infected files is against this forum rules. My primary goal is to improve cyberspace security for average person (I have already had some success in this matter). My project is independent of funding from antivirus vendors, because in my opinion this can create a toxic relationship. But I am always ready to help you improve your security product. Have a nice day!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.