WiseVector confirmed, over on MT, that v3.03 is now a stable release. v2.73 will also update to v3.03 which begs the question what is the difference between any future free version and the full paid version as v2.73 didn't have HIPS or firewall features but v3.x does? https://malwaretips.com/threads/wisevector-free-ai-driven-security.87965/post-968243
Application Network Access Control, NIDS, Manual Mode HIPS and other new features developed in the feature are not for free.
In addition, I just saw that WV still uses 7zip 17.01, multiple vulnerabilities have been fixed since (incl arbitrary code execution) and security researchers have succesfully exploited AV products with vulnerabilities in 7zip and unrar libraries, so this is not some theoretical attack and should be fixed ASAP.
Thank you for reminding us, older versions of 7-zip contain three bugs (CVE-2017-17969, CVE-2018-5996 ,CVE-2018-10115) that could cause a denial of service when opening a crafted RAR archive, but WVSX do not use this DLL to open RAR or ZIP files, so our users do not suffer from these vulnerabilities. Anyway, we will use the new 7z library in the next release.
@WiseVector this is a question I posted in another software thread but does WVSX take into consideration stegomalware behavior? Antimalware software should be configured to identify the presence of binders I also read that AI is best for this kind of job, so real time on access scan all files on read and write should catch this https://www.mcafee.com/enterprise/en-us/assets/solution-briefs/sb-quarterly-threats-jun-2017-2.pdf
Hi@lucd Stegomalware usually hide itself in normal files, for example,pictures...it performs like an encrypted PE hiding in a txt file. We can simply take Stegomalware as data files, which need a loader to execute. So don't worry, it can be detected as other malware by WVSX.
If you run the scan after install, and it monitors in real time, is there any reason to run scheduled scans?
This may not be what @trott3r is looking for but it is EASY to run WiseVector (WV) on-demand instead of real-time. All one must do is NOT check the setting for running WV at start-up. If someone decides to run WV on-demand, a scan-scheduler would be handy but its absence should NOT be a "deal killer" since WV is a superbly effective AV.
Regarding running an on-demand scan, it is best practice NOT to use the same product that is already running in real time as this would simply be a redundancy. Better to use a different secondary scanner (not resident in memory) for on-demand work. My suggestion would be KVRT which, in addition to an excellent database, is the strongest against malicious persistence mechanisms.
This Wise Vector is still attack happy on a good amount of malware/foulware and coupled with basic secondary or even primary other solutions simply supplies that formidable defensive sphere which rounds things out nicely. I still am astonished the pure lightness of a program of this nature that offers reliable protections yet doesn't tax a system. Thanks @cruelsister on the KVRT suggestion. Good one!
How about the need to run a full system scan soon after first installing an AV & setting it up to do real-time patrolling? Wouldn't the full scan, in such a situation, possibly detect nasties that had taken residence prior to installing that AV? Thereafter, full scans by a real-time AV would be a redundancy, but an initial full scan seems prudent to me. Am I wrong?
An initial scan is fine, and is often done automatically by the product installed. But I was speaking of subsequent routine scans. Apologies if this wasn't made clear.
Yes fair point in most peoples configuration. I dual boot 2 installs of windows on 1 pc so i like to schedule a scan of the other windows which i have not booted into. BTW what is kvrt? I do have a secondary scanner in hitman pro. Is hmp still a well regarded scanner? I notice zemana has fallen out of favour with many.