WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    206
    Location:
    UK
    +2
     
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    145
    Location:
    China
    Hi Azure,

    WVSX can also prevent browser, office, PDF readers from executing unauthorised code. But frankly i don't know much about the anti-exploit feature from HMPA and perhaps their anti-exploit features are more powerful. I didn't find a detailed description of their anti-exploit feature on their official website. :(

    Surprisingly i found that HMPA don't intercept every process injection. For example, the signed Parallax RAT trojan that appeared yesterday. Below are the malware samples for those who are interested, password is "infected".

    https://we.tl/t-2vSh2m45z3

    VT link:
    *removed as per terms of service
    https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840

    The malware will inject several system processes (dllhost.exe, rundll32.exe) to perform its dirty job. But HMPA let it go. The HMPA version is V3.8.4 build 871 with all features enabled. I have just downloaded it from their official site. Note that I didn't do this test on purpose since i need to answer the question so i downloaded it. Maybe someone here will report this sample to them.

    @paulderdash @deugniet
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    145
    Location:
    China
    Hi Tarnak,

    I think this is OK. Since the document path is related to "RegRun2". The "sc.exe" may be executed as a child process by RegRun.
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    145
    Location:
    China
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,056
    Location:
    Among the gum trees
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    382
    Location:
    Island of Woman
    Bad usb and encryption are on if hmpa license runs off 2 , at this point he could use an unlicensed version and a hitman pro scan from time to time (which can be done also for free with hitman pro), having said that it doesn't make much sense to use both I think since there are many tools that do the same
     
    Last edited: Oct 15, 2020
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,099
    Location:
    Hawaii
    This WVSX versus HMPA comparison might possibly steer this thread into an "A versus B" discussion. See HERE.
     
  8. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,221
    Doubt it.

    There are cases in this forum where people have A vs B discussion without any issue. Most likely because it wasn't about an antivirus.

    And in this case, what is being talked about is the anti-exploit capacity of each software.

    Users being able to compare, evaluate and a share their opinion about a product is one of the fundamentals of a security forum.
     
  9. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    427
    Thanks, and you are very welcome.
     
    Last edited: Oct 15, 2020
  10. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    145
    Location:
    China
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,147
    Location:
    Under a bushel ...
    Could, but hope not.

    The question (for me anyway) is definitely not about 'which is better', but about comparing functionality, and possible overlaps in a layered security solution.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,027
    Location:
    The Netherlands
    Yes this would be nice. On the other hand, the most important thing is that WVSX can truly block code injection when malware is already active, so this means post execution.

    OK then it might not be interesting for you guys. Also, most of the time they test with about 300 samples, but I would like to see more samples being used to test WVSX.

    Well, I figured it might be brand new malware, since WVSX even outperformed the big name AV's! While in testing done by AV-TEST and AV Comparatives, they almost always score at least 99%. Actually, same goes for MRG Effitas.

    https://www.av-comparatives.org
    https://www.av-test.org/en/
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,027
    Location:
    The Netherlands
    Correct, HMPA is mostly focused on blocking exploit attacks via behavior blocking, so it's likely more advanced than WVSX when it comes to this. And it's also correct that it doesn't block all kind of code injection techniques, it's mostly focused on process hollowing and APC code injection. According to you, WVSX monitors more code injection techniques, so in this area WVSX might be more powerful.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,027
    Location:
    The Netherlands
    OK so does this mean that at first Ransominator couldn't be blocked? For example, HMPA will monitor for rapid file modification and will roll-back modified files to a clean state. Does WVSX also do this, or does it it only block ransomware pre-execution?
     
  15. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    145
    Location:
    China
    Hi,
    Please refer to the thread: https://malwaretips.com/threads/wise-vector-stopx-vs-ransominator.100404/#post-877039. Our test result was a bit different from the tester in the thread. The version being tested is very old, WVSX becomes more powerful to detect ransomware now.
    WVSX can block ransomware pre-execution and post-execution stage, but it has no Roll-back at present.
     
  16. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    599
    Location:
    U.S. Citizen
    Salutations/Greetings,

    Do you plans on having a Roll-back in the near future. If so, when?
    And do you have any tests and/or reviews on YouTube? Against
    Ransomware, ect....

    Also, could you WiseVector post a video of WVSX against various ransomware on YouTube?
    Once a week, ect.....

    Your thoughts?

    Kind regards,
     
    Last edited: Oct 17, 2020 at 1:20 PM
  17. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,202
    How well does WVSX play with Microsoft Defender? Should I disable the later?
     
  18. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    15,032
    Location:
    UK
    For me they work ok together on the machine I have them on.
     
  19. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,874
    Location:
    Canada
    Hello stapp, as for myself I have Defender disabled. I don’t feel comfortable with two AV.:)
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,708
    Location:
    U.S.A. (South)
    @WiseVector - Is it or will it fit WVSX to add Roll-back protections in some subsequent future release?
    Or would entering that particular feature in any way curtail or at the very least make WVSX less light overall. As it is been currently the energy/resource demand is pleasantly light while lightning rapid in performance in it's detections.

    @Moose World - IMHO @cruelsister would be a very effective resource in pitting WVSX vs. some of the roughest toughest hombre's. Maybe PM her on her thoughts. She is really pinpoint picky at noticing the tiniest deviations when the heavyweights are staged to clash in a CONTAINED environment. RAW real system & Real-Time not some standoff Virtual Disk routine. And those end results can be staggering albeit extremely accurate.
     
  21. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,600
    Location:
    New Mexico, USA
    Think she's already been evaluating WVSX. There are several posts from her in this thread, and WiseVector has aced them. A video would be great. Maybe if we talk nice, or buy her chocolates, she'll do one. LOL
     
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,202
    Thanks, I am trying it with Microsoft Defender and so far so good.
     
  23. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,179
    Location:
    SouthCentral PA
    Anyone try this program with Microsoft Defender AND Malwarebytes? Or is that too much overkill?
    Acadia
     
  24. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,070
    Location:
    Hollow Earth - Telos
    A while back WV said it would not be good to run defender with WV because defender would react first when something happens.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,708
    Location:
    U.S.A. (South)
    ^^ True-Which would stand to reason since Defender is a hard wired native component of the O/S itself.

    Thanks @Nightwalker
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.