I can't remember them all, they were older apps, I reported one of them named Quick ShutDown, but it's a very simple tool, it really shouldn't be detected. But I don't really care about the AV, I really don't think it will outperform Win Defender. The HIPS and firewall however are interesting to me, I wonder if it can compete with SpyShelter. https://quick-shutdown.software.informer.com/2.6/ Did WVSX perform well in the YouTube test or what? These videos are often not very clear to me. Yes I have heard this before, they fire up so many malware that AV's sometimes can fail, but I'm not sure if this is normal, shouldn't AV's keep blocking them?
No problem and from what I understood it's difficult to block this stuff. I wonder if HMPA will re-intodruce this feature. BTW, you might find these articles interesting, it's also about unhooking stuff in order to bypass EDR systems, which are basically HIPS/HIDS for corporations. https://www.optiv.com/insights/sour...tection-and-response-how-hackers-have-evolved https://www.optiv.com/insights/source-zero/blog/edr-and-blending-how-attackers-avoid-getting-caught
Hi @Rasheed187- Me again. Do you also (as i do) find WVSX with it's AI as an advanced Behavioral Blocker too. It seems it's HIPS about doubles as a Rapid Heuristic BB but at any rate it's lite and shown to be ultra effective and it's options extremely user friend per your personal preferences. Network Guard i see as icing on the cake-a very useful addition that works as expected. Sort of the best of more than just both worlds.
Oh come on, so you are disappointed that a 2003 niche software was wrongly detected by an AI antimalware solution? Are you serious? I dont know if it can compete with SpyShelter and dont need to anyway, WiseVector StopX is a much more elegant solution that can be used by anyone. If you dont care about the advanced AI scanner of WVSX you can stick with SpyShelter, it will suit you better.
According this article the malware tries to inject its code into iexplore.exe. WVSX should block it in pre-injection and post-injection stage.
I downloaded the software and WVSX did not detect it in static scan and execution, so the FP should have been solved. If a large number of malicious programs are running at the same time, it can have an big impact on the system performance, which may cause unpredictable behavior includes AV failure.
Yes I'm serious, because it makes me wonder how good the "AI" truly is. It's a perfectly harmless tool, and I don't see why it's being detected, but I'm also no AV expert. I don't see how WVSX is a more elegant solution, from what I understood the upcoming HIPS will also give full control over app behavior, same as with SpyShelter. Yes, but would it block the unhooking from Trusteer, I believe this is the question. You are talking about the final stage of the attack. Correct, I reported it months ago, and I believe you already fixed it, but why do you believe it was falsely detected? Was it because of certain behavior, or because it wasn't signed?
AI extracts multiple vectors from a file and then uses models to predict how suspicious the file is, so it doesn't detect a file just because it doesn't have a valid digital signature. But certain behavior can increase the suspiciousness of a file, which may eventually be considered a virus. The malware you mentioned will first inject into IE, then it will unhook the function hooked by Trusteer, so I am talking about the initial stage not the final stage.
OK I see, but that's why I was a bit disappointed because I expect AI to be a bit more clever. As you know Cylance was also quite a hype years ago, but then it was discovered that it was quite easy to fool their AI technology. And my mistake, you are totally right, in order to bypass the Trusteer hooks it first needs to inject code into IE, and this should be caught. I guess I was a bit confused because HMPA recently added protection against unhooking of user mode hooks, bit perhaps it works a bit different, I don't know if it will first allow code injection and then still protect those security hooks. And or example SpyShelter has the ability to block banking trojans from hooking certain API's related to SSL, I never really understood how this is done, do you have an idea, and would WVSX also protect against SSL API hooking? https://www.spyshelter.com/internet-security/ https://hacker10.com/other-computing/intercept-communications-with-data-tampering-tool-hookme/
@WiseVector Can we get a password protected feature in order to keep all the settings of WVSX from any unauthorized changes, for ex. I don't want my standard/non-admin account to disable WVSX protection even if it's for 5 minutes or changing anything from the settings? Keep up the great work man and thank you for your amazing efforts.
Frankly speaking, only focus on a single adversary technique in the attack chain is not very meaningful. For mitre attack attack chain, there are more than two hundred adversary techniques, see: https://attack.mitre.org. Block one technique can cut off the entire attack chain.
Well, I know what you mean but I don't fully agree. And I guess what I'm asking is, can WVSX block banking trojans even when they have already somehow performed code injection? Like I said before, both Hitmanpro.Alert and SpyShelter can alert about or block banking trojans that are trying to modify/hook crucial browser API's. So I guess WVSX can't do this, am I correct?
No you need either SpyShelter Premium or SpyShelter Firewall. Actually, from what I understood, you can also use HMPA as freeware, the ''safe browsing'' feature is offered for free, for other features like anti-exploit and CryptoGuard you need to pay.
yeah I advocated a couple of times using the hitmanPro and let the license run off, its still good antikeylogger too+ bad usb protection, didnt know about anti hooking for banking malware
I'm running WVSX on my private office machine and my Win7 machine at work. (network, but non domain) Nothing to complain. All in all I'm very pleased with WVSX.
@Hiltihome, I appreciate receiving your experience with WVSX v3. I am currently running WVSX v2.73 along with SpyShelter's HIPS and Firewall. It would seem that WVSX v3's new features can eliminate my need for SpyShelter.
Yes, for the most part. I've had very occasional issues. For example, yesterday when my laptop woke from sleep, I had no internet access, as WiseVector's firewall was blocking it. But I think the only issues I've had have been from the firewall, which can be disabled.
Hmm, can its firewall be configured to complement WD's firewall by just 'policing' outgoing network requests?
BTW, are the firewall and HIPS already present in the latest version? I forgot to ask, can you perhaps make a list of all behaviors that are monitored by the HIPS? Well it depends a bit on what you need. I like the network monitor in SS for example, eventhough I'm using TinyWall as my firewall, because it's able to auto-block outgoing connections, SS can't do this.
WiseVector's firewall can be rule-based if you so choose it's just Roger may not have known it's firewall have six options, throw it in a VM and test it for yourself so you can get a hands on experience of your own. And the latest beta is 3.01 which i'm testing at the moment. Your can control in bound and out bound connections.
Yes. I know that, I just misread the initial question and thought he was asking if it can be used to control Windows Firewall, rather than as a separate one.