WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I turned off MI and the high CPU still happened after you told me the first time.
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I'd like to see checksum hash for detected items with WV Logs?
     
    Last edited: Oct 1, 2020
  3. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    any recommended ways to disable windows defender AV to run wise-vector as standalone, it does not seam to go away especially after the anti tamper protection from recent updates, and because wise vector is not registered and not visible inside of Windows Security settings
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    well, on my new laptop I have both since one month and no problems so far...:)
     
  7. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    I know but I had this experience: I clicked on a rar archive, maybe a packer, WD supposedly stopped the malware, but I read logs on router (IDS) that it was attacked afterwards, perhaps WD stopped the malware/malwares on drive but not in memory, I think wise Vector would have handled this better
     
    Last edited: Oct 3, 2020
  8. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    https://www.wilderssecurity.com/threads/wisevector-stop-x.431502/page-14#post-2946507
     
  9. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    Exactly WD took the malware but mishandled it (I've read its diversion they let a known malware be captured but in reality something else more stealthy runs, its an archive so maybe two types of malware activated from the container or through an exploit aimed at archiving software? or during download of that archive) thats why I had the idea to kill WD and let Wise Vector handle malware, since theoretically it focuses on in memory attacks "better"
     
    Last edited: Oct 3, 2020
  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I hear ya'. Yes, I'm thinking WV dynamic scanning stands best alone or run WV as static scanner (launch at startup and run real time not checked). Just me.
     
    Last edited: Oct 2, 2020
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    OK, I understand. Thanks for your feedback. If you could install WVSX again, can you please disable the Real-time Protection and tell me the result?
     
    Last edited: Oct 2, 2020
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    You can use Defender Control to disable WD. Here is the link to download: https://www.majorgeeks.com/files/details/defender_control.html
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Behavioural analysis being it's strength, probably running it as static scanner would 'emasculate' it?
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    It is a long established security practice that no more than one real-time security solution be used. As such, WV's real-time scanning should be disabled.

    Additionally, WD does have a HIPS and if WD ASR rules are deployed, those could conflict with WV processing.

    Finally, WD does deploy AMSI for stand-alone script scanning and other select process monitoring where scripts are used. It is therefore imperative that WV does not interfere with AMSI scanning prior to completion of its scan processing.

    -EDIT- There is also this important factor as to why WD should not be disabled.

    The Windows Security Center concept was designed for a reason. That reason is if the primary registered real-time AV becomes non-functional for any reason, WD immediately kicks in as the primary real-time solution. If WD is permanently disabled, this important security backup mechanism will not occur.
     
    Last edited: Oct 2, 2020
  15. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I already did that last week and it was the same result. A lot of CPU coming out of sleep mode.
     
  16. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,614
    Location:
    Milan and Seoul
  17. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    I am using WVSX plus SecureAPlus (SA+). SA+ uses a whitelist, fingerprinted app signatures, anti-exe tactics, & its own Universal AV. Ergo, I have a sentry (SA+) and a battle-hardened Seal Team (WVSX) on duty.

    ScreenHunter_01 Oct. 02 15.16.gif
     
    Last edited: Oct 2, 2020
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Thanks for the screenshots, but it's not totally what I meant. In the screenshots you will see malware components being blocked. But if you disable realtime protection, will you also get to see alerts about process hollowing and APC injection being blocked?

    And yes, I now see that Cylance didn't perform too well, it's based on AI and was bought for 1 billion dollar by BlackBerry. So you see why I might be a bit skeptical about WVSX? But I guess what I'm wondering about is if WVSX is more good at blocking only the latest threats, and not so much in blocking thousands of malware samples? So would you recommend to always use it together with another well known AV?

    https://www.forbes.com/sites/greats...ackberrys-acquisition-of-cylance-makes-sense/
     
  19. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Rasheed- Cylance was very, very good at self promotion, but not so good at malware detection. Bypassing it was a rather trivial matter. Regarding WV, it detects relic (older) malware without issue.
     
  20. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Thanks! I will keep you posted if we have any other idea.
     
  21. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    In the tests, Real-time protection had been disabled. If not, the malware samples could be blocked before running and you couldn't see malware components being blocked after then.
    Yes, WVSX can block thousands even millions of malware samples no matter they are new or old. WVSX not only has particular modules to detect special malware, but also being good at static detection, since it uses ML technique.
    Generally, your PC would be safer if you use more AV( suppose all AV are compatible with each other), but performance loss would be a problem.
     
  22. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    782
    Location:
    Island of Woman
    how does it fare against .NET (.NET 3.5 including) living-off-the-land attacks (e.g. through the Assembly.Load(byte[]) function of .NET), considering .NET structures are complicated which makes it so some software don't handle this particularly well,

    I wanted to enable .NET 3.5 to run some old soft, with Wise Vector I might be encouraged to do so, for now I am reclutant to enable 3.5 because of popular tools that abuse it, which is a shame as some of the best programmes use 3.5 :(((
     
    Last edited: Oct 3, 2020
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    That is not correct. Below is AV-Test methodology used in the Commercial test series. Note that in this series Cylance Protect 2.1 was tested:
    https://www.av-test.org/en/about-th...edures/test-modules-under-windows-protection/

    Additionally noted is AV-Test also tested Cylance Home 2.0 version in its Home AV test series. It also scored poorly.

    I believe the problem here is the AMTSO member AV labs have reached an "accomodation" to test the AI security vendors using a separate methodology. Appears Blackberry agreed to have Cylance tested in both comparatives using AV-Test's real-time testing methodology used for all AV tested vendors.
     
    Last edited: Oct 3, 2020
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I think WiseVector meant they had disabled real-time protection in their tests (post #481).
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Confirming Cylance's poor protection rates are the PC Security Channel tests here: https://www.thepcsecuritychannel.com/tests .

    Now I am not a big fan of how they test; load 100's of malware samples in a VM and run them one after another. For example on a scale of 1 - 3 with 3 being the highest score, WD had a dismal .75 average protection score. Why? Because the samples would have been stripped of their MotW ADS resulting in none being examined in its cloud sandbox. Likewise, Cylance's commercial ver,; i.e. Protect, has a cloud EDR component which obviously wasn't used.

    Perhaps WV can convince them to run a test for Stop-X? I don't believe that PC Security Channel charges for its testing.
     
    Last edited: Oct 4, 2020
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.