@WiseVector My version displays 2.73, isn't 2.72 the latest or am i running a beta version just not mentioned here yet?
Earlier this evening I had to do a hard restart, and then noticed that WiseVector had not loaded. I tried to start WV Stop X from the Windows start menu, but it wouldn't load. I had two WiseVector exe's on my desktop, one for version 2.67 and the more recent 2.73 version. However, when I tried to run the old one initially, it was blocked by Emsisoft behaviour blocker, and then when I tried the more recent version it too was blocked. Eventually both exe's were quarantined by Emsisoft. I had to overide this action by Emisoft, and reran the exe to install WiseVector, which required a reboot to finish the install. After the reboot WiseVector is now running as per usual. Very odd that this happened, since I don't understand why Emsisoft determined WiseVector as suspicious.
Perhaps, but I don't like to whitelist unnecessarily. Looking back through the Emisoft logs, it blocked WiseVector initially at 12:26:13 PM. Probably, blocked the update to WiseVector v2.73. Nearly 9 hours, earlier.
If you dont like to whitelist you should report to Emsisoft so they can do it internally, it is a problem on their end, not on WiseVector.
I have it on one of my Windows instances (not much else) - updated without issue on boot. (I saw afterwards I had 'Automatically download and install program updates' enabled by default in settings ... normally I prefer updating manually).
It was a FP, but Emisoft doesn't detect WVSX ( the V2.73 installer) as suspicious on the VT. We will contact Emisoft to resolve this. Thanks for your feedback. Can you please tell me what's the version of WVSX on your screenshot?
@WiseVector As I stated in my initial post above, I had two install exe's for WVSX on my desktop [and still have]. The latter one listed as WiseVector_StopX (1).exe, and here are the details: Hope that helps.
HitmanPro.Alert blocked the update here again. Code: Mitigation MalwareBlocked Timestamp 2021-01-30T21:10:25 Platform 10.0.19042/x64 v889 06_5e PID 1736 Application C:\Program Files (x86)\WiseVector\WiseVectorUpdater.exe Created 2021-01-30T21:10:14 Description Generic ML PUA Process Trace 1 C:\Program Files (x86)\WiseVector\WiseVector.exe [1736] 2021-01-30T21:09:52 2 C:\Windows\explorer.exe [7844] 2021-01-30T19:45:57 3 C:\Windows\System32\userinit.exe [7708] 2021-01-30T19:45:57 23.6s 4 C:\Windows\System32\winlogon.exe [908] 2021-01-30T19:45:21 winlogon.exe 5 C:\Windows\System32\smss.exe [824] 2021-01-30T19:45:21 164ms \SystemRoot\System32\smss.exe 000000dc 00000084 6 C:\Windows\System32\smss.exe [536] 2021-01-30T19:45:17 \SystemRoot\System32\smss.exe Dropped Files 1 C:\Program Files (x86)\WiseVector\dat\local.de-journal Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 2 C:\Program Files (x86)\WiseVector\NewUpdate.ini Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 3 C:\Program Files (x86)\WiseVector\tmp\dat-lh.de.rar Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 4 C:\Program Files (x86)\WiseVector\tmp\WiseVectorUpdater.exe.rar Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 5 C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 6 C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 7 C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_DCF3C7EBF16F9D8A2007E30BE1AB524D Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] 8 C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_DCF3C7EBF16F9D8A2007E30BE1AB524D Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736] Thumbprints bd5c5c6e6da3d69d10e1b11002a66feb2830b234a737dcacb5dcf9988c6bbb6b After suppressing the alert WVSX updated without problem.
It is a detection from Emsisoft Behavior Blocker, it wont be detected on VT or via Scan module. Emsisoft needs to internally whitelist it or the user can do it, this isnt something caused by WiseVector.
At the time of my reply, only Sophos and VBA32 flagged the updater. The installer is not flagged by any.
For this reason I uninstalled HMP.A, while testing WVSX. Another reason is, that there is no switch, to temporary disable HMP.A, which is annoying, when I run own scripts, to update my tools.
Actually in this case you can temporarily or permanently disable Anti-Malware. That is what I did on my other machine and the update worked without issue.