WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    You mean you downloaded WVSX successfully and you can visit our website without any issue now?
    Maybe you have a DNS issue and please try "nslookup" (it is a network administration command-line tool available in many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records), it might help you to find whether there is a problem or not.
    Usually, when you perform the first scan with WiseVector StopX, the speed will be not fast, since our engine will extract lots of metadata from files when scanning. Next time the scanning speed will be much faster. Once there is a threat detected, it will be recorded by the scan log.
     
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Usually, when a program is trying to end the AV process or terminate the AV, it will be detected as "AntiAV".
     
  3. starsfighter

    starsfighter Registered Member

    Joined:
    Oct 18, 2020
    Posts:
    3
    Location:
    Isla de Muerta
    great software work without any problems in performance beside eset IS hope when you turned it to paid to remember me with a lifetime offer :D:geek:
     
  4. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    mmmh! Why they would do that? I don’t think it’s a good business model anyway...
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks for your feedback.
    Our AI in the cloud runs without too many resource constraints compared with local AI, so it can try its best to extract family signatures from the missed samples and then deliver them to the endpoint immediately, that is the reason why the malware can be detected quickly.
    We are considering to develop a feature like Avast CyberCapture: Prevents suspicious program from running and sends them to cloud for static and dynamic analysis. Once it finish it will tell the endpoint to block the program or not. This process will take a short time (0-2 minutes). But we are not sure whether it's acceptable for our users.:thumbd:
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Will heuristic in high give you pop ups like hips or behaviour blockers?
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    As with the transparency "issue": Just add a switch. :thumb:
    I've seen HitmanPro doing that while scanning: Blocking the files and then uploading them after the scan finished, with a representation of what's happening in the scan window. (The "Classification" state of a scan) I found that a very nice feature and it was pretty fast, only a couple seconds per file. Would love to see that in WVSX! :)
    So far the new malware samples I could run were not detected as "Suspicious", so I don't know is that feature really helps here. If WVSX does not know the file is bad, there's no need to test it in the cloud. That must be improved first. But don't get me wrong: IMO that would just be the icing on the cake. :)

    (Disclaimer: I have no idea what I'm doing and talking about. xD)
     
  8. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    I think that would be a great feature!
     
  9. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    No, it will not. The setting will be effective when you perform static scanning only.
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    After Macrium Reflect finished running its backup job I tried to eject my external HDD. I kept getting a Windows pop up saying the drive was in use. I closed a few programs but nothing helped until I closed WVSX. Immediately after closing WVSX I could then eject my external HDD.
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
    This happened to me too the other day. I had just done a Macrium backup and couldn't eject external HDD when the backup was done.
    I just shutdown machine instead of looking for the cause, never thought to turn off WVSX
    Win 10 20H2
    EDIT..
    Manual backup using Macrium Free 7.3.5.365
     
    Last edited: Dec 6, 2020
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Ah ok thanks
     
  13. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Maybe it's scanning the multiple hundred gigabyte file
     
  14. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Thanks for your feedback.
    I guess there were massive files created in your external HDD when Macrium performed a backup, WVSX was scanning those new created files. So you couldn't eject your external HDD until WVSX finished it's scanning.
    Please try this way when you backup files next time: Basic settings->Real-time Protection->click Set up->uncheck "Scan on file creation". See if this issue appears again or not.
     
    Last edited: Dec 7, 2020
  15. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    Yes or can they just set the backup folder to exclude on the drive?
     
  16. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa
    One suggestion, I wish the virus detection information was a little more informative. Like Kaspersky does. (as in PUP not a virus, keygen - not a virus) and not so generic. Is this possible?
     
  17. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Another possible reason is, that Windows explorer was indexing the new files.
    For that reason I have disabled indexing on my backup HDD.

    No issues with WVSX here.
    I'm using Veeam Agent though, that automatically ejects drives, after backup.

    You can use Process-Explorer, to find out which process accesses the drive,
    and hinders ejecting.
     
    Last edited: Dec 7, 2020
  18. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    No, another member of Wilders sent me the installer using Dropbox.

    I already used nslookup, and the domain name resolved ok. I was able to access your website, but I could not access your file host. It looks like your website is hosted in Japan, and your file host is hosted in China.

    Edit 12/6/20 @ 7:50: Now it says your website is hosted in China also. This is different than a day ago.
    I'm able to access your file host now also. It looks like the problem has been fixed or worked itself out.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    I think it should be recorded in the scan log, even if a threat is not detected. I think it should say something like the following below.
    Scan completed, 12/6/20 @ 1932 or 7:32 pm, No threats detected.

    You could have the application detect which form of time is being used on the system. It would be 7:32 pm on my system, but I am just as familiar with using 1932. Your average American may only understand 7:32 pm, depending on their background.
     
  20. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    When a program seems suspicious, it will be sent to the cloud for static and dynamic analysis. When a program seems malicious, it will be detected by the local.
    As you can see, the cloud starts to work when a file is probably "bad", the local starts to work when a file is actually "bad".
    Seems that our behavior detection doesn't work during your testing. Can you please send the samples to virus@wisevector.com? We would like to analyze them.

    We have tested "Checkpoint.rampant.kitten" and "2020.09.17.fbi-flash...". Some malware in the first group opened a Word document and played a video without further action. Most malware in the second group were blocked by our behavior detection.
     
  21. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks!
    We would like to consider your suggestions. :)
     
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Yes, the detection information will be more informative in the future.
    It's a good idea. Please let us test Macrium first, then we will know how to deal with the issue.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Are you able to include checksum hash with detection information?
     
  24. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I have uploaded them. Those were the files that were detected less than three minutes later. For all I know, the behavior detection worked and was active. I'll try to find the files, but I have not documented anything and would need to go by memory - and they have mostly similar names - and THEN there's the "problem" that they are being detected now, so I can't just easily filter them out. :/
    I'll try.

    Edit: I looked through some of the VirusSign archives and, no, it's futile. Sorry

    I feel like I wasted your time with this. :oops: Unfortunately I can only test using LibreOffice, not Microsoft Office. AFAIK there isn't even a trial version of MS office.
     
    Last edited: Dec 7, 2020
  25. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    You can download it from adguard, and use it for 30 days.
    Not exactly a trial, but sufficient for your use.
    hxxps://tb.rg-adguard.net/public.php
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.