WV beta 3.1 keeps flagging Henry++ Simplewall as malware for the last 2 or 3 versions. Reported as fp and uploaded file each time... log attached.
Simplewall program folder is excluded but updated installers are flagged as malware on last two versions.
Yes, it's probably not the best way to test AV's, because it's not a realistic scenario. And I forgot that WVSX doesn't use signatures, but it's more similar to Cylance, it's based on ML.
WiseVector StopX DOES use signatures as mentioned by @WiseVector many times throughout this thread. Etc, etc...
If you turn Real time Protection off should WV then flag a .bat file when you try to run it? Do you need to restart WV for the 'off' setting to take effect?
Hi, WVSX is locally based. When being disconnected from network, both real-time protection and behavior detection can still work well. WD is cloud based, which means it can work effectively only when being connected to network. It has multiple ML models deployed on cloud, making WD pretty strong in static detection. WD has only AI based static scanning, but WVSX has AI based static scanning, behavior detection and memory detection. Additionally, it has unique instruction tracer to prevent users from DLL side-loading attack. For more information, please visit this page: https://www.wisevector.com/en/en-features/. There are two obvious weaknesses of WD. 1) Because of the huge number of users, WD is the No.1 target of attacks. 2) Attackers can easily add exclusions (files or processes) to WD by using Powershell, WMI, etc. If you are sticking to WD, it is recommended to combine it with WVSX.
Hi, If you try to run the file, the behavior detection is going to work and flag it. No need to restart. But don't forget to click OK button after the setting is completed. Here is the WiseVector StopX User Guide. https://www.wisevector.com/wisevector_stopx_user_guide_en.pdf
That explains it, it was the behaviour detection that caught it I guess I would have had to exit WV via taskbar icon to avoid this.
Something I don't understand: If I chose for exemple to set the WSVX Firewall protection level to "Rules", where et how do I define them??
I don't think you can put in your own rules in 3.01. The rules based mode are pre configured rules. You may need to wait for a future version to add custom rules to WSVX.
Hi, Exit WV, you will be unprotected. If it's a FP, please send the file to virus@wisevector.com and we will resolve it soon. Or you can add the file in the Exclusions.
Hi, Rules-based mode: Only match the rules written by the user, the connections will be allowed if it does not match any rule. The ways to add custom rules: right click the WVSX icon on the tool bar->Actions->Rules->Add->Add network-type rule/Add other-type rule. Here is the introduction.
Some fps are expected given that Im running 3.1 beta so not a problem at all. Mailwasher pro dl'd from Majorgeeks is another fp (I assume)... it has been uploaded.
I am also having problems with the free version of MailWasher, although it is the Pro trial. Email sent. Thanks.
OK I see, good point. So basically WVSX doesn't need the cloud in order to detect malware. Although I do have to say that I'm a bit worried about the false positives that WVSX is producing lately, as reported by some users.