Interesting review by the league of antivirus. Its only part one, part 2 to follow Intermission - WiseVector StopX 2.73 Test vs Fresh Malware Samples Part 1 - YouTube https://www.youtube.com/watch?v=vTnZSu51-G0
@WiseVector This is not done by WV, I would like this feature to make the antivirus more complete. Thank you very much.
The HIPS monitors file, registry, process activities. It also prevent untrusted programs from accessing your webcam, microphone, important data, etc. The Firewall part monitors network activities.
Hi Melita, Sorry for the inconvenience. Currently, if you want to fast switch users, you must first quit WVSX. After logging in as another user, you must manually start WVSX. We are working on this issue and expect that the next release will fix it. It will also start automatically under other user accounts when Windows starts.
When WVSX is running, if any malicious program tries to add a firewall rule, it will be terminated by WVSX's Advanced Protection. After 3.0, if any untrusted program tries to add a firewall rule, WVSX will prompt the user to take actions.
Yes, you need to quit WVSX first and then perform an overwrite installation. We haven't heard there is any conflict between WVSX and Norton.
Yes but I'm talking about more details, like code injection, installation of services and drivers etc. And can you post screenshots of the HIPS and firewall, thanks in advance.
Hi, Can v3.01 get updated successfully now? Can you visit our website ( https://www.wisevector.com/en/) smoothly? Did this issue appear before?
Hi, Please refer to the screenshot below. Experienced users can set their own rules to get control of the web protection. https://ibb.co/yX7y4Px https://ibb.co/80J7nNw https://ibb.co/TLyJgmY https://ibb.co/bz5gPn6 https://ibb.co/M9KX7Zp
@WiseVector Regarding WVSX's automatically starting with windows boot. I was wondering if there is a domain user account with standard/non-admin privilege from the Active Directory/Microsoft Windows Server? Would you please explain it to me how to make Wise Vector start automatically in the domain user (standard/non-admin) account . Pictures would be better if possible. Thanks
Manual update is working right now on 3.01 Yes I can visit the site ok Yes, I had this issue with 3.00 also Ill keep you posted if the issue arises again... thanks Edit: I am using dnscrypt (Simple Dnscrypt) with Nextdns for server in case that could be a factor
Yes, that is a major inconvenience and limitation - preventing use of WVSX in our classroom environment. Once that shortcoming is remedied I will seriously consider it to protect our classroom PCs.
Thanks the author for the testing, any testing of WVSX will help us to improve. First of all, I don't think these are fresh malware samples, as I understand fresh malware samples should appear at least within one month, preferably not present in Virustotal or at least less than 30 detections, or less than 20 in VT. According to the video we can tell that these samples probably come from Virussign or Virusshare, because Virussign often has many normal files that are infected with Floxif virus, Virusshare are full of PUPs. Samples from Virussign are definitely not fresh samples. In the end of the video, most of the infected files are files infected by Floxif virus and PUPs, with a few worms we think they are the same file and one Quasar malware. 1. We are confident that our behavior detection is able to block Floxif virus. In the author's test WVSX has blocked one, please see screenshot below. We have tested several files infected by Floxif virus by ourselves and we can sure WVSX is able to block them all. If there are testers willing to test Floxif samples with WVSX, we would appreciate it. If WVSX failed to block any Floxif sample, please post it here. Testers can disconnect from the network to prove we haven't updated anything。 2. We observed that WVSX's own files are also infected by Floxif virus, which should not be possible because our kernel drivers prevent other programs from writing to WVSX's installation folder. This should be result in running a large number of Floxif virus at the same time. 3. For PUPs, if we do not observe any advertising or spying behavior in our environment, we will not add the detection. For example, there are several mail.ru PUPs in the author's test, we have analyzed many samples developed by mail.ru and didn't observe advertising behavior in our environment. Also, as far as we know, mail.ru has a large number of users in Russia, so we would be quite cautious to flag these files. 4. For older malware samples like Quasar, they may not exhibit malicious behavior if their CC server is dead. We think that the reason for these infections may be due to running a large number of samples at the same time, and WVSX have some problems when faced stress test. We will do more stress tests ourselves in the future, but you should know that it is impossible for a normal user to run a large number of malicious programs at once.
Hi WiseVector! All files in the test are malicious and fresh (collected during the previous day) and the package also contains PUPs (maybe in the future, when I find more free time, I will do separate tests for different types of malware) FLoxif is the second most common infection in UAE this days https://www.zawya.com/mena/en/press...easing_impact_in_the_UAE-ZAWYA20210620063117/ . If I will find spare time, I will send the FLoxif samples used in the test by PM.
Hi Space Ghost, Thanks for the testing. You collected during the previous day does not mean these are fresh malware samples, as I understand "fresh" samples should be created by malware makers not long. When you see Floxif you should understand that it is certainly not a fresh sample, The virus has been around for almost 10 years. Let's say there are 100,000 white samples, infect it with Ramnit virus you will get 100,000 "fresh" samples, infect it with Sality you will get another "fresh" 100,000 samples. Please send the FLoxif samples here so everyone can test.
Hi Rebsat, Currently non-administrator accounts cannot start WVSX at logon, please wait for the next version, thank you.
Thanks for your interest in WVSX, we will soon release new version that supports fast user switching asap.
Hi WiseVector! Yes, file infectors are part of the tested samples. Because you can still find them in the wild. I don't know for sure but I feel that publishing infected files is against this forum rules. My primary goal is to improve cyberspace security for average person (I have already had some success in this matter). My project is independent of funding from antivirus vendors, because in my opinion this can create a toxic relationship. But I am always ready to help you improve your security product. Have a nice day!