WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I like it, too. Looks like R2D2 of Star Wars fame. :thumbd:

    Or............ maybe WVSX could use a picture of my father-in-law as their logo..............

    ScreenHunter_02 Oct. 30 14.13.gif
     
    Last edited: Oct 30, 2020
  2. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    You missed the point.
    I was not talking about the developers avatar and the icon in the system tray, but the spacecraft on their web site.
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I see. Okay, so seriously --- a samurai warrior, as in my post #677, really could be a better image for a malware-fighter like WVSX.
     
  4. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I remember a AVIRA boxed version, where they had a picture of a guy on it, that looked like a shell player.
    My customers an me myself didn't like it....
    It's not all about the ability of a product, but to meet serious expectations.
     
    Last edited: Oct 30, 2020
  5. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    1,156
    Location:
    Canada
    Gave this a try, I am impressed, firstly for the simplicity, not a bunch of bloat, useless settings, just install and forget. Secondly for the stellar protection levels, this I gathered from posts in this thread. Thirdly after uninstall it left nothing, and I mean nothing, I have several tools to check the registry for remnants, they found nothing. So this is on my short list of tools I may install next.
     
  6. JasonUK

    JasonUK Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    112
    Location:
    UK
    I'd be interested to know how users rate WiseVector vs other 'traditional' anti-malware programs such as Malwarebytes. I've used the latter for years as an extra layer of protection. If installed do you need to exclude any WiseVector files/directories in your AV to make them play nicely together?!
     
    Last edited: Oct 31, 2020
  7. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    Was sort of wondering the same thing. I know that WV plays nicely with Microsoft Defender. Would WV play nicely with both Microsoft Defender and Malwarebytes?
    Acadia
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I believe in this case the objective was to test WiseVector's behavior blocker that is designed to block malware like ransomware and other type of malware that use several kind of code injection techniques. So without using AI and the cloud, it should be able to block certain type of malware. That's what makes WVSX interesting to me.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK cool, but to clarify, if realtime-protection is enabled, is WVSX then constantly communicating with the cloud? Or only if you manually update WVSX? Also, have you contacted SE Labs to see if they can test WVSX? If you really would like WVSX to become a trusted name, both in China and perhaps also Europe and the US, then you really should invest in this. Perhaps you can find an investor?

    https://selabs.uk

    Well, without any serious test, it's hard to compare. I do know that Malwarebytes scores quite badly in most malware tests that are done and it's a household name, go figure. And you're not telling me that all of those tests are done poorly or unfairly.
     
  10. JasonUK

    JasonUK Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    112
    Location:
    UK
    Never had an issue with Malwarebytes ~ pops up an occasional website block and the odd file is quarantined for a PUP but that's all any AV program I've run has ever done too... the recently posted SE Labs was a shocker though so open to replacing or downgrading MBAM to 'on demand'. Maybe WiseVector StopX is a candidate?
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Banking Trojan is just a type of malware.
    Without signature updates, WVSX can also detect common Banking Trojan such as Emotet, Ursnif and Dridex by Behavior Detection and Memory Protection.
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    You got it! Our leading developer is a big fan of Star Wars.:D He likes R2D2 very much, so our logo looks like R2D2.
    Your father-in-law looks like Darth Vader? I think we can't use the picture of a villain as our logo.:p
    I get it, you are Solo!
    We want to make our page having a sense of science and technology.
    “There are a thousand Hamlets in a thousand people's eyes." Childish or not, different people have different view. :)
     
    Last edited: Oct 31, 2020
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    WVSX communicates with the cloud to get updates if you have "Updates components automatically" enabled in settings. It doesn't matter realtime-protection is enabled or not.
    Yes, we have contacted SE Lads on 25th Sept. But no reply from them till now...:thumbd:
     
  14. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    so, am I correct in assuming that WiseVector will play perfectly well with Qihoo 360?
     
  15. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    36
    Location:
    My Desk
    Would you please let us know if WVSX would protect us against the following attacks?
    1. Hackers became more creative in hiding the macro malware. For example, the malicious macros were added in hidden or very hidden sheets. The latter is the most dangerous since sheets set to very hidden are not visible in the list of sheets and are not shown when selecting the option unhide.
    2. Attackers can add malicious code in these scripts. When browsing a website with malicious JavaScript code, infected JavaScript files are downloaded on your PC and executed by the browser, redirecting your traffic to an exploit server controlled by the attackers.


    Remote work provides new opportunities for hackers
    As more and more people have been working from home, cybercriminals have been adapting their attacks accordingly, developing non-PE attacks: adding malware in types of files frequently shared online, such as PDFs and Microsoft Office files, and spreading script-based malware.

    Macro malware hidden in Microsoft Office files, especially in Excel spreadsheets, has been spread through spam and phishing emails. Most of the attacks exploited Excel 4.0 macros or XLM macros. The hackers use the Visual Basic Application (VBA) in Microsoft Office to add malicious code in macros. While this technique is not new, hackers became more creative in hiding the macro malware. For example, the malicious macros were added in hidden or very hidden sheets. The latter is the most dangerous since sheets set to very hidden are not visible in the list of sheets and are not shown when selecting the option unhide. The only way to access a very hidden sheet is to use the VBA editor, something that the average Excel user doesn’t usually do.

    Script-based malware affects websites based on JavaScript. Many websites have third-party scripts embedded, such as ads and widgets that make the site more dynamic and interactive. Integrating third-party scripts without a proper vetting process can be dangerous. Attackers can add malicious code in these scripts. When browsing a website with malicious JavaScript code, infected JavaScript files are downloaded on your PC and executed by the browser, redirecting your traffic to an exploit server controlled by the attackers. These attacks have become more common in the past months.

    PE Malware Threats
    PE or ‘Portable Executable’ is commonly used to describe binary executables within the Windows OS. PE includes ‘.exe‘ and ‘.dll‘ file-types and less well-known formats such as ‘.scr‘. They are by far the most used data structure for malware attacks on the Windows platform.


    I wish you a very good luck with this amazing WVSX ;) and thank you for your great effort :thumb:

    Source...
    Cybersecurity threats in 2020: Insights from Avira’s Malware Threat Report
    https://www.avira.com/en/blog/cyber...20-insights-from-aviras-malware-threat-report
     
    Last edited: Oct 31, 2020
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
    I think WiseVector can wait to pay for a test until they have revenue from a paid version. As far as I'm concerned, cruelsister's tests are serious, reliable, and encompass several malware scenarios (for users interested in WiseVector see posts by cruelsister # 16, 158, 175, 437, 537, 631, 638, 651). I agree with you about Malwarebytes, I stopped using it many years ago (I do have 2 licenses), to be fair I wanted to reduce the number of security programs at the time, but seeing its dismal performances as of lately, I don't regret my decision.
     
  17. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    I dont know if its asking more than I should of the free version, but could you add the ability to select folders in exclusions? It would be very helpful for programs that have multiple exe's which can be a chore to exclude one by one.
     
  18. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Yes, you can select folders in exclusions. Please refer to the screenshot below.
    https://i.ibb.co/KXLGTcD/a.jpg

    Please click Exclusions->Click Add (there will be two options: "Add File" and "Add Directory")->Click "Add Directory" to select folders which you want to exclude.
     
  19. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    585
    Sorry WiseVector, my mistake... it seems I was looking at advanced malware exclusions.

    My humblest apologies
     
  20. starsfighter

    starsfighter Registered Member

    Joined:
    Oct 18, 2020
    Posts:
    3
    Location:
    Isla de Muerta
    would be great if you add option to let me know my submit false positive result as you detected PrivateWin10 as "WIBD:HEUR.AntiAV.D"
    https://i.postimg.cc/8zjCSZnJ/ada.png
    and to add option to submit false positive in Quarantine ... and thanks for your great free product .
     
  21. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    You should not be using Qihoo 365 my friend.


    Wearable smartphone from Chinese manufacturer includes hidden snapshot and wiretapping capabilities

    By Harrison Sand and Erlend Leiknes, Security Researchers, mnemonic
    https://www.mnemonic.no/blog/exposing-backdoor-consumer-products
     
    Last edited by a moderator: Nov 1, 2020
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Can this software disable Windows Defender? If so it isnt a false positive, but I guess it could be whitelisted because it is legit.

    Ps: Great to see that WiseVector StopX can detect this kind of software via heuristics.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    It looks nice. However failed to stop fileless poweliks malware. I tried with fiddler and an infection Pcap on a dated win 7 VM with exploit prone flash old version installed.
     

    Attached Files:

  24. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi aigle,

    Thanks for your test. Did you noted that the icon of WVSX on the tray is red? It means the Real-time Protection and Advanced Protection are not started. Only Memory Detection is started.

    It seems that the malware injected malicious code into regsvr32.exe which was detected by Memory Detection. However, without Real-time Protection and Advanced Protection WVSX cannot detect the malware at pre-injection stage.

    When you open WVSX, you will see "Enable Advanced Protection Failed", that's because you have installed an old version of Win7 without installing any patches.
    Win7 without KB3033929 patch cannot recognize the dual code signing of WVSX's kernel mode driver,
    Please visit https://www.microsoft.com/en-us/download/details.aspx?id=46148 to download and install the patch. After the computer is restarted, the code signing can be recognized and the Advanced Protection can be started.

    Please install this patch and test again, thanks.
     
  25. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi starsfighter,

    We have downloaded PrivateWin10 V0.84 and tested it. It tried to disable Windows Defender via Registry when starting it. Since it is an open source project after checking its source code we have removed the detection. However, If you want to keep WD open you should not use it. Thanks @Nightwalker.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.