Hey there, Okay, thank you guys, @Tarnak and @roger_m Now is there a different between the English & Chinese version? Details, of what,if any? @bellgamin, I am very respectful and appreciate individuals that are helpful! But when an individual only read a couple of posts and comment and/or put their two cent in.... I take this as being disrespectful and wonder what their problem is..... And why would they comment...... umm.... Boy they may have a boring life....... As you see, and or read on this forum just yesterday, I thank Krusty for there information and update..... and others......
Here's the issue with Windows Security Center registration in Win 10. If the AV vendor doesn't use an ELAM driver, the AV won't be registered in WSC and WD real-time protection will remain active. In order to create a legit AV ELAM driver, the vendor must acquire a special anti-malware vendor certificate from Microsoft. This requires a full vetting by Microsoft of the AV vendor and its software. As far as what protection an ELAM driver provides, it is the first non-device kernel mode driver to load. This allows for inspection of other drivers prior to their loading for malware activity or attempts to disable/modify the security software kernel driver.
Hi, Here is the download link: https://update2.wisevector.com/WiseVector_StopX.exe No difference between the English and Chinese version, except the language.
Hi, I mean if users only want to use WVSX, they'd better install a Browser Extension to prevent from phishing website when accessing to internet, since we don't have Network Protection at present yet (But we are working on this feature these days) . It can be used with WD, but there might be a misunderstanding. The explaination is here:https://www.wilderssecurity.com/threads/wisevector-stop-x.431502/page-14#post-2946507
A further clarification is if the primary; i.e. active real-time AV solution, detects the malware first, it will either auto quarantine the malware or ask the user how to proceed depending on how real-time settings are configured. The only way WV would be able to subsequently detect the malware is if the user allowed the malware to run.
Now it will be even safer. https://www.asiatimesfinancial.com/ccp-announces-plan-to-take-control-of-chinas-private-sector
@WiseVector- Announcement of proposed WVSX Network Protection addition is been suggested in days. Can you or is your team with confidence to meet such schedule for initial beta release for user testing whereby feedback can relay our findings to better assist in fine tuning should any issues demand your expert examination and resolutions. And are you able to recommend what we can expect before it actually is enough stable to satisfy the addition will add a layer of protection to recognize and alert to potential intrusions malwares often use to slip thru via Network attempts. Thank You for making progress
Hi Rasheed187, We generally don't say whether a certain technology can be blocked or not. In fact, a injection method in that article represents an API call. It is easy to block the API call just like traditional HIPS does. However, in-the-wild malware is more complicated which will make multiple API calls with certain behavior patterns. It may be detected even before injection. We can say that we have covered the technologies mentioned in the article. WVSX can detect these type of malware at pre-injection and post-injection stage. WVSX can block ransomware after it is running. Just disable real-time protection in WV, then you can run ransomware to test.
Thanks for your interest in our new features. Sorry, I cannot tell you the schedule at present, but I'm pretty sure there will be a beta release for user testing at first. Our Network Protection includes two parts at least: Web Protection and NIDS based Heuristic.
@WiseVector, Do you have a approximate idea when WVSX will be register in Windows Security Centre? Thanks
@WiseVector -- it would be helpful if you added a signature to your posts here whereby that signature would show WV's latest version number. It's just a suggestion of a very minor, nice-to-have tweak -- such as is done by the developer of OSArmor, as shown HERE.
Excellent!!! Thank you very much. P.S -- I am still waiting for beta of paid version. P.P.S -- In case you didn't notice, your signature is retroactive to all of your previous posts. Also, whenever you update your signature to show a later version of WVSX, the signatures in all your previous posts will be simultaneously updated. Handy, yes?
Hi, To register in Windows Security Center, WVSX should pass the av-lab test and get a certificate from them(for example, AVtest, VB100 and AVC. etc.) first. But the testing cost is a big amount of money for us at present, since WVSX keeps free for a long time and we don't have revenue in these days and if we couldn't pass the test, it would be a big loss for us. We would like to do this once everything is ready. After our paid version is released, we will try VB100 at first.
Actually, its a bit more involved than just getting certified. You first must become a Microsoft Virus Initiative (MVI) member requirements of which are: https://docs.microsoft.com/en-us/wi...ection/intelligence/virus-initiative-criteria Build the ELAM driver and sign it with an Windows Early Launch Anti-malware Publisher certificate: https://docs.microsoft.com/en-us/samples/microsoft/windows-driver-samples/early-launch-anti-malware-driver Next the driver must be submitted to Microsoft for verification as documented at ELAM Driver Submission per: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/elam-prerequisites.
Thanks for your info. Actually, We had contacted the MVI team one year ago and be informed we should complete some requirements at first. We found getting certified would be the only requirement that we could not complete in a short time. Here are the screenshots of the emails. https://i.ibb.co/tCqjZpJ/2.jpg https://i.ibb.co/J3mqgR0/1.jpg