WiseVector Stop-X

PowerShell ver. 2 requires .Net 2.0 or 3.5 to be installed. Neither are installed in later Win 10 versions by default.

Great example of why not to use WD as your AV protection.

 

On the subject of cmd and PowerShell execution bypasses, here's 19 of them: https://www.infosecmatter.com/19-ways-to-bypass-software-restrictions-and-spawn-a-shell/ . The majority of them are PowerShell based variants. Also of note is AV's don't block the execution of a lot of these. Thankfully, most of the PowerShell variants also require .Net 2.0 or 3.5 to run.

 

Itman, you may be right, I was just speculating. I have no way of knowing either way. I don't have access to see how things are working under the hood. I can only see what features are listed in the UI. I wish them both the best of luck in creating a great product.

The reason I chose Eset over all other options is because Eset offers robust network protection for home users. My continued use of Eset will more than likely depend on their continued support for their Firewall. Their Firewall probably offers the most comprehensive protection out of all home products. My favorite firewall feature is the IDS as you already mentioned above.

If WiseVector can be used with Eset with no conflict, and with very little performance impact then I don't see any reason why users should not consider using them together. My only concern would be privacy, and data collection. I trust Eset with my data, but i'm just learning about WiseVector. I haven't read their Privacy Policy.

 

Thanks, but I didn't mean specifically Eset. I use another AV.

 

Privacy protection laws are governed by the country where you reside: https://www.privacypolicies.com/blog/privacy-policies-legally-required/ . Enforcement of those laws is a different matter. Most major AV vendors have subsidiaries in large countries and legal action and enforcement can be taken against those subsidiaries for privacy policy violations. Otherwise a violation judgement can be rendered in the country where the violation occurred, but enforcement of that judgement is a different issue. It really depends on if the violator's country will enforce that judgement. As far as China's willingness to enforce a foreign privacy policy violation judgement against one of its own commercial concerns, draw your own conclusions.

-EDIT- As far as enforcement of U.S. legal judgements against Chinese concern's, precedence has been set and it does sound encouraging:

https://www.kwm.com/en/us/knowledge/insights/china-recognizes-and-execute-foreign-judgement-20170906

The main point to note is inter-country judicial reciprocity must first be established. It also appears that this reciprocity status is determined on a local court basis in China.

 

Post removed by poster due to it being Political in nature.

 

As far as ANY NATION's willingness to enforce a foreign privacy policy violation judgement against one of its own commercial concerns, draw your own conclusions.

 

@WiseVector- Just beginning to pass my most formidable malware (collected or leeched for 2-3 years worth) thru in stages and WVSX is proving quite effective early on in identifying to triggering instant StopX interruption at-once. At this early stage am looking forward to listing and sharing results of any that show elusive evading. Many of research gatherings are of notorious nature captured in-wild and others from submissions to Hybrid Analysis selecting the most near novel techniques to the known as Petya, Jigsaw, Hades Locker etc.

In it's current development release latest version it features of simple clearing Exclusion List. This makes short effort of repeating captures & freeing up for retaining those research samples collected, some or most of which are likely well AV cataloged & databased for AV Signature pool used in matching.

Just like to add appreciation for this is very lite on energy draw and unlike AV's I previously tried, exhibits practically zero demand on resources or CPU. With limited memory capacity and on Windows 8.1, as opposed to most Windows 10 higher capacity to carry multiple full featured commercial AV's & their features with some ease, confidence is high on older series with this program.

 

Just installed WiseVector this morning. Is it normal that it took over one hour for the first scan? Beside WD, I have no other security program installed...
Thanks

 

Hi,
Thanks a lot for your testing and support!
Since old samples can be detected by most AV, when you try to do a malware test, you'd better use the fresh malware samples, the newer the better

 

Hi,
Yes, it's normal for the first scan. It will be faster next time, since WVSX caches file metadata during the first scan.

 

Thanks WiseVector. Love your program so far.

 

Hi, I have another question. In the Windows Defender Settings, is it better to turn off the Ransomware Protection or can I leave it on?

 

Hi,
Please refer to the page: https://www.eset.com/fileadmin/ESET/INT/Docs/Others/Technology/ESET-Technology-2017.pdf.
It's the official introduction of ESET and Page 12 is about their Advanced Memory Scanner . According to this info, We can see,
1. The Advanced Memory Scanner is based behavioral code analysis when a system call from a new executable page. So ESET can scan the new memory page after malware decrypt itself .
2. The purpose of Advanced Memory Scanner is to detect malware which use heavy obfuscation and/or encryption. These type of malware can defeat ESET's CPU emulator.

WVSX's memory inspection is based on machine learning which can detect malware that uses the following technologies:

Reflective Dll Injection,
Process Hollowing,
Manually PE loading,
Net code in PowerShell
Process Doppelgänging
Process Reimaging

So i don't thinks the two functions can be considered duplicate.

 

You mean "Controlled folder access"? You can use WVSX's Documents protection instead. Open WVSX, from settings->Advanced->Enable Documents Protection, add the folder you want to protect in there. Then you can turn off "Controlled folder access" in WD.

 

Yeah, exactly I meant "control access folder". Thank you, turned off in WD.

 

Hi @ Wilders

Just installed WiseVector StopX on the basis of the reviews given in this thread. I will wait for a while before making any major commentary.

On thing that is immediately obvious is the scanning speed, or lack of!?!

Terry

 

Appears you overlooked Eset's Deep Behavior Monitor which is where the conflict would be:

https://www.eset.com/fileadmin/ESET/SG/Newsroom/press-release/2020/ESET_Deep-Behavioral-Inspection_Whitepaper.pdf

 

As far as Eset's machine learning detection goes, best to show it pictorially. Note that AMS is only employed in sandbox analysis; i.e. trap the code after it decrypts/unobfuscates in memory:


An overview and simplified explanation of the above pictorial:

https://help.eset.com/glossary/en-US/machine_learning.html

Also, do click on the above DNA detections link. Eset will on occassion refer to these as DNA signatures. Hence, people tend to confuse these with exact known malware code signatures. They are not. DNA signatures can best be describe as YARA like rules that contain multiple behavior characteristics associated with malicious activity.

 

Thanks @itman

Thanks @WiseVector- Yes newer sampling IS more current and where AI can be of excellent detection and capture. I make mention of relatively older common malwares (1-2 years old) since even newer intrusion techniques sometimes reengineer those dastardly concoctions in attempts to see if they can offer them new paths of joy for success.

Very interesting program WVSX- Thanks for addressing concerns and interests regarding it.

 

I updated UnHackMe, and then ran a scan, and got the following:



I clicked on "Exclude", this time.

 

Late to the party, but after reading cruelsister's positive assessment of this new software, I couldn't resist installing it as a test. It seems to work well with MS Defender (default settings) no conflicts or slowdowns whatsoever, and it is so reassuring to have a developer who is so articulated and keen to answer any questions.

At this very moment I would like to know which would likely intervene first in the presence of malware, WV or Defender? It doesn't really matter whether it is one or the other, but would there be conflict under these circumstances? I would like to test it myself, but it is beyond my capabilities, and EICAR is not detected by WV.

I ran a full scan which lasted just over an hour (time is not a problem) which found my system clean. I was expecting these results, although I was pleased to see that no FPs were reported either. The way I see it, WV would be a great combination with MD in terms of behavioral detection.

 

Hi,
Thanks for your feedback. There will be no alert next time after clicking on "Exclude".
Since you have added "My Documents" to Document Protection, whenever a program is trying to write into "My Documents", there will be an alert.