WiseVector Stop-X

Thanks for your sharing.
Yes, "Open Windows Defender Security Center, turn off the Real-time protection toggle switch." is a temporary solution only.
Users can try Defender Control to disable WD permanently.

 

Yes, WV will still provide on-execution protection since you only disabled real-time scanning of new files.

 

Thanks for your info.
Yes, there will be some pop-ups from SSF when using WVSX and SSF together. If clicking "Allow" whenever a pop-up appears, everything will go well, but if clicking "Deny", there will be conflict. I think experienced users will click "Allow", so I said no conflict. Of course whitelist WVSX's folder is a better choice.

 

It seems that you have Comodo Auto-Containment enabled. This could be why WV wasn't responding.

 

yes, it looks like Comodo was beating it to the punch... all good though.

 

I just uninstalled one of my apps and then installed it again without any problems. Looks like it might be your app working with W10 20H2.

 

I thought you could run both WD and WV concurrently?? No??

 

You can. I am right now, without issues.

 

@n8chavez, I heard for years, because of possible conflicts, it was not a good idea to run two AV together. What is different now with WV?

 

Comodo, especially with Script Analysis active (which is enabled by Default), does an excellent job against all manner of Scriptors, and will act against scripts before anything else as containment kicks in immediately. CF is also more inclusive in what script operations it blocks.

But to kinda-sorta see the difference in the ways in which WV and CF handles things scriptor-wise:

Open up notepad and save a simple script to immediately reboot the system:

shutdown.exe /r /t 00

save the above as Reboot.bat

On a system with both WXSV and CF(cruel) installed, run the above batch. You will notice that the reboot will not be allowed as the file will be in the containment of CF. But now disable Containment and run it again with only WVSX enabled and the system will reboot.

Expanding on this, note that one could recode this batch file into an exe file (showing the black console window), which when run will be stopped by CF but allowed by WVSX. Going into the weeds a bit further, we can recode the batch file to run with the console window INVISIBLE. When this one is run both CF and WVSX will block it.

Curiously if we instead use a batch file to turn off windows Firewall (something like "netsh advfirewall set allprofiles state off") and make 3 files- one the batch file, another converted to an exe with the console visible, and another converted to an executable with the console invisible and run them on the CF +WVSX system. If we do, we get the following results:

CF blocks all
WVSX blocks the visible console exe
WVSX allows the invisible console exe

Not sure I really had much of a point with this post, but obviously I had too much time on my hands.

 

awesome post... thanks for the info..... every little ounce of info is truly appreciated.

 

Running WV w/ WD here also no issues.
Disabling (permanently) WD is no easy task.
GPEDIT, registry hacks; it always manages to resurrect itself.
@Antarctica: Can you comment on your experience with Defender Control?

 

WD has been disabled using Defender Control for at least 5 months now without any problems. Using only WVSX and Macrium as backup

 

Thx

 

I always wondered so I can't resist and must ask: isn't that WVSX if blocked by spy shelter with its ask/deny feature would provoke a WVSX failure of stopping malware. Ask/Deny could happen on virgin WVSX (not allowed before and not whitelisted) when WVSX is doing something: an action triggered by malware or security related tasks, something could slip through if WVSX is on hold by spy shelter or exe radar pro or not (the user is not clicking allow but the malware is active)? ( if yes then WVSX is not compatible)

 

Hi lucd,
If I understand your concern, I think the answer is that WVSX identifies SS (as well as ERP) as being 'friendly and clean' whereas we have to believe that WVSX would identify/stop any and all malware attempts to disable it. Yes, apps such as SS gives the user an opportunity to allow/deny WVSX (and just about everything else) to run. For that matter, the user can directly exit/disable WVSX protection but that doesn't imply that malware can also do that. I believe WVSX would prevent any such tampering.

 

No I mean you are afk and you let WVSX be blocked by ss, and some malware starts

or similarly WVSX is on hold (not blocked not allowed) and same happens in that timeframe

 

OK thanks for letting me know. And let's hope that SE Labs isn't only intererested in testing big name companies. BTW, who are you competing against in China, I guess against Baidu and Qihoo?

Well, with all due respect for Cruelsister's tests, I would still like to see a bit more evidence that WVSX is truly capable in stopping hundreds or perhaps even thousands of malare samples. Plus I believe that the developer wants WVSX to become one of the more well known names worldwide. So without any serious testing from companies like MRG Effitas, SE Labs, AV Comparatives and AV-TEST, this will be difficult to achieve.

 

Hi @ Wilders/WiseVector

I might be a bit obtuse but what is the Upload File for and do?

I can't find a help file. Does it upload it to Virus Total?

Where can i find info about it?

Thank you

Terry

 

It doesnt, it uploads the file for WiseVector lab, so they can fix a false positive or add the detection for a missed sample.

 

Hi @ Nightwalker

Thanks for that

So how do you tell them (WSV) why you are uploading the file? There does not seem to be anyway to add comment to a file upload.

Thanks

Terry

 

I think you cant, the lab will decide if the file is malicious or just a false positive.

I guess this could be improved by WiseVector StopX in future updates ...

 

Hi Nightwalker

I have heard a lot of good things about this program including Cruelsisters favourable comments along with the impeccable support from WSV. But they would do wouldn't they?

I tried a program called Dsynchronize (reference SDMOD post9 October 2nd) today (http://dimio.altervista.org/eng/#DSynchronize) I used it years ago but it's been updated.

WSV flagged it as ransomware, none of my other software flagged it ie BitDefender, MalwareBytes and Windows Defender.

So, I uploaded it to Virus Total and only one of the Virus softwares on VT flagged it, ASG I think it was (Acronis)

So there are a few chinks in WSV's armour. AND the scanning speed is appalling. If this is to be a commercial program, that has to improve.

With WSV I see a slight creep in of Herd Instinct with all the plaudits it is getting. I think we need to wait and see.

Terry

ps I did upload Dsynchronize, but I really didn't know what I was doing because of the lack of information. It's no good stopping Malware if it also potentially stops inoffensive programs

 

Well don't use it then, and wait for canonical tests in due time. I'm not worried as cruelsister's tests are real nasties for any reputable AV, and there is also MS Defender which works well in tandem, they both complement each other quite well.

 

I bold-faced that poster's rather cynical put-down wherein the word "they" refers to Cruelsister, as well as to WVSX's developer.

That post infers that, somehow, "impeccable suport" on the part of an app's developer is a devious tactic, an artifice. It further infers that Cruelsister's "favorable comments" are fudged. The post gives NO support for these inferences. None.

Sowing seeds of FUD. Hmmmm... the view from Mount Olympus must be splendid this time of year.

WVSX is a relatively new AV (a "startup, that is). As I have observed these forums over several years, most Wilders folks are not so unhelpful as to simply dredge up FUD about new security apps while sitting idly in a "wait & see" mode. Instead, I have observed that most Wilders folks offer helpful comments & suggestions, based on actual usage of the app, so as to help the developer of a new AV reduce FPs, locate any bugs, increase security, enhance visibility to potential customers/users, and so forth.

So -- if a new startup AV is off to a very excellent start, is it "herd instinct" to offer objective comments, positive suggestions, & encouragement? I think not. Instead, I think it is one of the good reasons why this forum exists and has been a positive factor in the startup & maturing of many security apps over the years.