WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
    Hi Azure,

    WVSX can also prevent browser, office, PDF readers from executing unauthorised code. But frankly i don't know much about the anti-exploit feature from HMPA and perhaps their anti-exploit features are more powerful. I didn't find a detailed description of their anti-exploit feature on their official website. :(

    Surprisingly i found that HMPA don't intercept every process injection. For example, the signed Parallax RAT trojan that appeared yesterday. Below are the malware samples for those who are interested, password is "infected".

    https://we.tl/t-2vSh2m45z3

    VT link:
    *removed as per terms of service
    https://www.wilderssecurity.com/thr...otti-virus-total-results.180057/#post-1040840

    The malware will inject several system processes (dllhost.exe, rundll32.exe) to perform its dirty job. But HMPA let it go. The HMPA version is V3.8.4 build 871 with all features enabled. I have just downloaded it from their official site. Note that I didn't do this test on purpose since i need to answer the question so i downloaded it. Maybe someone here will report this sample to them.

    @paulderdash @deugniet
     
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
    Hi Tarnak,

    I think this is OK. Since the document path is related to "RegRun2". The "sc.exe" may be executed as a child process by RegRun.
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,549
    Location:
    Among the gum trees
  5. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    747
    Location:
    Island of Woman
    Bad usb and encryption are on if hmpa license runs off 2 , at this point he could use an unlicensed version and a hitman pro scan from time to time (which can be done also for free with hitman pro), having said that it doesn't make much sense to use both I think since there are many tools that do the same
     
    Last edited: Oct 15, 2020
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,616
    Location:
    Hawaii
    This WVSX versus HMPA comparison might possibly steer this thread into an "A versus B" discussion. See HERE.
     
  7. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,409
    Doubt it.

    There are cases in this forum where people have A vs B discussion without any issue. Most likely because it wasn't about an antivirus.

    And in this case, what is being talked about is the anti-exploit capacity of each software.

    Users being able to compare, evaluate and a share their opinion about a product is one of the fundamentals of a security forum.
     
  8. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    556
    Thanks, and you are very welcome.
     
    Last edited: Oct 15, 2020
  9. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,462
    Location:
    Under a bushel ...
    Could, but hope not.

    The question (for me anyway) is definitely not about 'which is better', but about comparing functionality, and possible overlaps in a layered security solution.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Yes this would be nice. On the other hand, the most important thing is that WVSX can truly block code injection when malware is already active, so this means post execution.

    OK then it might not be interesting for you guys. Also, most of the time they test with about 300 samples, but I would like to see more samples being used to test WVSX.

    Well, I figured it might be brand new malware, since WVSX even outperformed the big name AV's! While in testing done by AV-TEST and AV Comparatives, they almost always score at least 99%. Actually, same goes for MRG Effitas.

    https://www.av-comparatives.org
    https://www.av-test.org/en/
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    Correct, HMPA is mostly focused on blocking exploit attacks via behavior blocking, so it's likely more advanced than WVSX when it comes to this. And it's also correct that it doesn't block all kind of code injection techniques, it's mostly focused on process hollowing and APC code injection. According to you, WVSX monitors more code injection techniques, so in this area WVSX might be more powerful.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    15,193
    Location:
    The Netherlands
    OK so does this mean that at first Ransominator couldn't be blocked? For example, HMPA will monitor for rapid file modification and will roll-back modified files to a clean state. Does WVSX also do this, or does it it only block ransomware pre-execution?
     
  14. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
    Hi,
    Please refer to the thread: https://malwaretips.com/threads/wise-vector-stopx-vs-ransominator.100404/#post-877039. Our test result was a bit different from the tester in the thread. The version being tested is very old, WVSX becomes more powerful to detect ransomware now.
    WVSX can block ransomware pre-execution and post-execution stage, but it has no Roll-back at present.
     
  15. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    817
    Location:
    U.S. Citizen
    Salutations/Greetings,

    Do you plans on having a Roll-back in the near future. If so, when?
    And do you have any tests and/or reviews on YouTube? Against
    Ransomware, ect....

    Also, could you WiseVector post a video of WVSX against various ransomware on YouTube?
    Once a week, ect.....

    Your thoughts?

    Kind regards,
     
    Last edited: Oct 17, 2020
  16. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,348
    How well does WVSX play with Microsoft Defender? Should I disable the later?
     
  17. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    18,780
    Location:
    UK
    For me they work ok together on the machine I have them on.
     
  18. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,052
    Location:
    Canada
    Hello stapp, as for myself I have Defender disabled. I don’t feel comfortable with two AV.:)
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    @WiseVector - Is it or will it fit WVSX to add Roll-back protections in some subsequent future release?
    Or would entering that particular feature in any way curtail or at the very least make WVSX less light overall. As it is been currently the energy/resource demand is pleasantly light while lightning rapid in performance in it's detections.

    @Moose World - IMHO @cruelsister would be a very effective resource in pitting WVSX vs. some of the roughest toughest hombre's. Maybe PM her on her thoughts. She is really pinpoint picky at noticing the tiniest deviations when the heavyweights are staged to clash in a CONTAINED environment. RAW real system & Real-Time not some standoff Virtual Disk routine. And those end results can be staggering albeit extremely accurate.
     
  20. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,725
    Location:
    New Mexico, USA
    Think she's already been evaluating WVSX. There are several posts from her in this thread, and WiseVector has aced them. A video would be great. Maybe if we talk nice, or buy her chocolates, she'll do one. LOL
     
  21. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,348
    Thanks, I am trying it with Microsoft Defender and so far so good.
     
  22. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,236
    Location:
    US
    Anyone try this program with Microsoft Defender AND Malwarebytes? Or is that too much overkill?
    Acadia
     
  23. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,346
    Location:
    Hollow Earth - Telos
    A while back WV said it would not be good to run defender with WV because defender would react first when something happens.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,868
    Location:
    U.S.A. (South)
    ^^ True-Which would stand to reason since Defender is a hard wired native component of the O/S itself.

    Thanks @Nightwalker
     
  25. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    534
    Location:
    China
    Hi,
    According to our tests, Roll-back is rarely needed, since WiseVector StopX focuses on blocking malware before damage happens. Anyway, we will change our plan according to cybersecurity trends.
    Yes, WiseVector StopX doesn't want to be another bloated AV. We would like to find a better way to keep WVSX being a lightweight and powerful security software.
    There is a few reviews on YouTube about WiseVector StopX, but they are not posted by us.
    We would like to post a video to introduce how to use WiseVector StopX. I think it would be more convincing if an experienced user or any third party can test WVSX on YouTube.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.