WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It's a very good antivirus, but I don't know how well it compares with Appcheck for ransomware protection.
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Or and likely, it doesn't load an ELAM driver. Microsoft stated a while back that if a third party AV doesn't load an ELAM driver at boot time, Windows will run WD concurrently with the third party AV.

    The main issue with running WD concurrently with WiseVector would be possible real-time scanning/detection conflicts. I really haven't seen any conflicts to date but I also haven't went through all 55 web pages on malwaretips.com. Since WiseVector is signatureless, I would say running WD in default mode concurrently should not be an issue. Now if you "crank up" WD protection via ASR rules, etc., that would increase the likelihood of conflicts.
     
    Last edited: Aug 14, 2020
  3. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    @roger_m Cruelsister's test showed WiseVector passed with flying colors on the ransomware protection on it's own. :thumb:
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I would say the most important WiseVector test is if it can be disabled, a problem that WD still suffers from, or uninstalled by malware. If this can be done, its malware detection capability really doesn't matter.
     
  5. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    Please let us know if you are able to do that. :eek:
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Don't know if this still works but just an example:
    Malware would then create a startup entry/reg. key to disable WD at next system startup. Then run its payload. Finally, malware would force a system shutdown to activate the aforementioned.
     
  7. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,617
    Location:
    USA
    Could an intruder disable WiseVector StopX by doing something similar?
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I found this a little interesting.

    WiseVector.PNG
     
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    WV's Advanced Detection Settings has a check box for "Self Defense: Prevent WiseVector StopX from being kill." (They left the "ed" off of "kill" - not me.)

    I have an X in that check box, of course. I tried to kill WV using Process Explorer, but could not do so. However, I'm sure malware developers have MUCH more sophisticated "kill" techniques than using Process Explorer.

    Moreover, putting an X in that check box might be something like posting a sign on your fence saying, "Dogs absolutely NOT allowed." The problem is, dogs cannot read. Further a hacker's attitude toward WV's "no kill" check box is probably much the same as a dog's attitude toward a fire hydrant.

    Even so... I think WV is very very promising & I am trying to figure out how to set OSArmor &/or EXE Radar Pro to keep watch over anything messing with WV's exe.

    By the way -- wouldn't malware have to get past my computer's defenses (Voodoo Shield, WiseVector, EXE Radar Pro, & OSArmor) before that malware could attempt to kill any or all of my computer's security apps? So -- if malware is good enough to get past those security apps, don't you think those apps pretty much DESERVE to be killed?

    Maybe what is needed is for each security app to have a "dead man's switch," such as they have on trains, hmmmm?
     
    Last edited: Aug 15, 2020
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Maybe OT, but side note: Was Mamutu not originally developed by Emsisoft, and just incorporated into EAM?
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Saturday Morning Fun Facts:

    1). Killing WiseVector process- although someone may be able to code something like a K-level malware specific for WV, I personally think that this is a fools errand as, quite frankly, at this point WV does not have the amount of users to make the game worth the candle. Also the malware writer would have to insure that WV does NOT DETECT the malicious code which would not be easy at all!

    However more common methods to kill a process (and do diverse other nasty and horrible things) do not seem to work. For example, using WMIC in malware is currently widespread, and writing a quick code to kill wisevector will indeed initially shut down the application but only for it to restart a few seconds later. And weaving this process within a malicious file also does not seem to work as WV kills it outright (I tried).

    So although one can terminate WV in the taskbar without issue, writing code to do the same thing is a bit more problematic.

    2). WV connecting out- 2 issues here:
    a. there is a Threat Statistic checkbox that can be unchecked, but I really hope that none will do this as it only will make WV stronger.
    b. One may note that WV polls a server in Hangzhou frequently, but only to look for updates. For those that are offended by this, just uncheck the Check For Updates box.
    c. On uninstall, the app will connect out to a statistic server in Singapore. One should have no issue here.

    3). Comparisons with AppCheck- although I like AppCheck, it has been shown to have occasional issues that was highlighted in a Rank Amateur video made by someone VERY close to me (actually she is with me ALL THE TIME). These issues still persist, and remembering how AppCheck worked a modified Maze ransomware was coded (this morning, actually) that was able to bypass protection. The same file was laughed at by WV.

    M
     
  12. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    @cruelsister
    Re: "a Rank Amateur video made by someone VERY close to me (actually she is with me ALL THE TIME)"

    Ah, you must be referring to your cat? I have heard he/she is very talented.

    Seriously though, its good to get input here from such knowledgeable people as yourself... thank you.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :D:thumb:
     
  14. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    I'm almost tempted to download and use WV, but I'm running a so-so antivirus at present. I foolishly downloaded and installed the full Comodo suite, after several months of boycotting them due to the mess they made with their latest firewall. Too lazy to remove and install just the firewall.

    So, on the remote chance anyone here is using Comodo antivirus, are there any known conflicts with WV? At some point, I might want to give WiseVector a try.
     
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Hi Chuck! On one test run I installed WiseVector on a system that had CF (my settings). The only issue is that Comodo has not verified the Beijing Zhi Liang Technology certificate yet, so it does initially come up as unrecognized.

    Other than that both compliment each other superbly. Needless to say nothing I tried (and I did try!) resulted in any system changes and no incompatibilities were evident.

    ps- I do wish that folk use CF instead of CIS!
     
  16. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,770
    Location:
    New Mexico, USA
    After I made the post, I decided to remove CIS and go back to Comodo Firewall alone. Other than being lazy, I can see no reason to use laptop resources to run a questionable antivirus. Still debating trying WiseVector.
     
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Mamutu was a stand alone product. It was discontinued by Emsisoft due to lack of sales of it.

    EAM incorporated many but not all of Mamutu features. Emsisoft later developed a "user friendly" ver. of EAM which in effect hid these features from user control.
     
  18. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Here's a simple WiseVector self-protection disabling test.

    I assume the WV main engine component starts as a service at boot time. Using regedit, see if you can set that service to disabled status; i.e. start value of 4. If allowed, then reboot and see if WV is running. Note: prior to doing this, note existing start value so you can change the service back to this value after testing.
     
  19. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Default action on threat detection is Notify. What if i am away from my computer. Would it cause any problems if i changed it to Quarantine or Block Only.
     
  20. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    619
    I installed WV after first enabling SD's Shadow Mode on each of my laptop's drive partitions (in order to have a safe and quick look at WV). Curiously, I see that WV installed folders/files into each and every partition on the SSD! ...which WV states is for the purpose of preventing ransomware. How sure can we be that this is not a mechanism for data-theft? :doubt:
     
    Last edited: Aug 15, 2020
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Interesting indeed.

    So layering the two together is an effective genuine safe option. Now this could get really interesting since CFW is near bullet-proof as it gets from my own testing's and tryouts with it in Real Time Live operation. Admittedly I use to be that oddity of a user who "piled it on" even with overlap present in times past with multi security apps like what appears @bellgamin is assumed.

    I run NVT ERP but not OSArmor although I can at anytime. Adding WiseVector to my own current safety shield might just become icing on the cake.
     
  22. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    2,233
    Location:
    Brooklyn, NY
    I know what you're saying but the developer has repeatedly averred WiseVector does not "spy" on its users (his verbiage). So it comes down to a matter of trust, now and in the future. One such statement I'd posted in #9 of this thread. He's active at Malwaretips, so searching for WiseVector's various posts would be easy.

    I'm still mulling over whether to install this software--it really seems to have come a long way since its debut. :) I just want to see more progress in the performance area, it was a bit slow. Has that improved, anyone?
     
  23. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    619
    Re your statement about it being a matter of trust, note that their privacy policy states "If you want to test WiseVector StopX, you can download it directly without inputting any personal information. The Trial is voluntary and you are free to uninstall it at any time." However, what they don't mention is that simply uninstalling WV does not remove all of their files/folders (as alluded to in my post #45)! So until someone more knowledgeable than me in such matters (such as @cruelsister) can confirm that those files/folders are not backdoor spying plants, I will take a pass.

    Re your concern about its slow scans, I can confirm that the current version of WV takes almost twice as long to perform a scan of the same drive volumes (on my laptop) as does WSA.
     
    Last edited: Aug 15, 2020
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Actually, it is not unusual for an AV uninstaller to leave residual traces. This is one reason most have stand-alone uninstall/cleaner utilities.

    My opinion on the trust issue is the following. Until this software has been "vetted" by someone in the software security software industry such as an AV lab via certification, I wouldn't trust it. Note that there have been past issues with established Chinese security software vendors such as QiHoo: https://securityaffairs.co/wordpress/36461/security/qihoo-cheating-av-tests.html .
     
    Last edited: Aug 15, 2020
  25. Jo Ann

    Jo Ann Registered Member

    Joined:
    Jan 6, 2007
    Posts:
    619
    That my 'gut feeling', so I'll pass on this one for now - as I'm very comfortable depending on WSA plus SD.
    Thanks for the sanity check. ;)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.