Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.
WVSX can also prevent browser, office, PDF readers from executing unauthorised code. But frankly i don't know much about the anti-exploit feature from HMPA and perhaps their anti-exploit features are more powerful. I didn't find a detailed description of their anti-exploit feature on their official website.
Surprisingly i found that HMPA don't intercept every process injection. For example, the signed Parallax RAT trojan that appeared yesterday. Below are the malware samples for those who are interested, password is "infected".
*removed as per terms of service
The malware will inject several system processes (dllhost.exe, rundll32.exe) to perform its dirty job. But HMPA let it go. The HMPA version is V3.8.4 build 871 with all features enabled. I have just downloaded it from their official site. Note that I didn't do this test on purpose since i need to answer the question so i downloaded it. Maybe someone here will report this sample to them.
I think this is OK. Since the document path is related to "RegRun2". The "sc.exe" may be executed as a child process by RegRun.
Thanks for your feedback. This is a FP, we have fixed it.
Just an FYI, my HMP.A version is 3.8.6 Build 875.
Edit: That build can be downloaded from the link in @RonnyT 's signature here:
Bad usb and encryption are on if hmpa license runs off 2 , at this point he could use an unlicensed version and a hitman pro scan from time to time (which can be done also for free with hitman pro), having said that it doesn't make much sense to use both I think since there are many tools that do the same
This WVSX versus HMPA comparison might possibly steer this thread into an "A versus B" discussion. See HERE.
There are cases in this forum where people have A vs B discussion without any issue. Most likely because it wasn't about an antivirus.
And in this case, what is being talked about is the anti-exploit capacity of each software.
Users being able to compare, evaluate and a share their opinion about a product is one of the fundamentals of a security forum.
Thanks, and you are very welcome.
Thanks for your info.
Could, but hope not.
The question (for me anyway) is definitely not about 'which is better', but about comparing functionality, and possible overlaps in a layered security solution.
Yes this would be nice. On the other hand, the most important thing is that WVSX can truly block code injection when malware is already active, so this means post execution.
OK then it might not be interesting for you guys. Also, most of the time they test with about 300 samples, but I would like to see more samples being used to test WVSX.
Well, I figured it might be brand new malware, since WVSX even outperformed the big name AV's! While in testing done by AV-TEST and AV Comparatives, they almost always score at least 99%. Actually, same goes for MRG Effitas.
Correct, HMPA is mostly focused on blocking exploit attacks via behavior blocking, so it's likely more advanced than WVSX when it comes to this. And it's also correct that it doesn't block all kind of code injection techniques, it's mostly focused on process hollowing and APC code injection. According to you, WVSX monitors more code injection techniques, so in this area WVSX might be more powerful.
OK so does this mean that at first Ransominator couldn't be blocked? For example, HMPA will monitor for rapid file modification and will roll-back modified files to a clean state. Does WVSX also do this, or does it it only block ransomware pre-execution?
Please refer to the thread: https://malwaretips.com/threads/wise-vector-stopx-vs-ransominator.100404/#post-877039. Our test result was a bit different from the tester in the thread. The version being tested is very old, WVSX becomes more powerful to detect ransomware now.
WVSX can block ransomware pre-execution and post-execution stage, but it has no Roll-back at present.
Do you plans on having a Roll-back in the near future. If so, when?
And do you have any tests and/or reviews on YouTube? Against
Also, could you WiseVector post a video of WVSX against various ransomware on YouTube?
Once a week, ect.....
How well does WVSX play with Microsoft Defender? Should I disable the later?
For me they work ok together on the machine I have them on.
Hello stapp, as for myself I have Defender disabled. I don’t feel comfortable with two AV.
@WiseVector - Is it or will it fit WVSX to add Roll-back protections in some subsequent future release?
Or would entering that particular feature in any way curtail or at the very least make WVSX less light overall. As it is been currently the energy/resource demand is pleasantly light while lightning rapid in performance in it's detections.
@Moose World - IMHO @cruelsister would be a very effective resource in pitting WVSX vs. some of the roughest toughest hombre's. Maybe PM her on her thoughts. She is really pinpoint picky at noticing the tiniest deviations when the heavyweights are staged to clash in a CONTAINED environment. RAW real system & Real-Time not some standoff Virtual Disk routine. And those end results can be staggering albeit extremely accurate.
Think she's already been evaluating WVSX. There are several posts from her in this thread, and WiseVector has aced them. A video would be great. Maybe if we talk nice, or buy her chocolates, she'll do one. LOL
Thanks, I am trying it with Microsoft Defender and so far so good.
Anyone try this program with Microsoft Defender AND Malwarebytes? Or is that too much overkill?
A while back WV said it would not be good to run defender with WV because defender would react first when something happens.
^^ True-Which would stand to reason since Defender is a hard wired native component of the O/S itself.
Separate names with a comma.