WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    31
    no, nothing.... there is a black popup which flashes too quickly to read, but no reaction from WV....

    it seems, even though I exit CFW, it still catches the test before WVXS...

    so, after disabling FW, and containment, WVXS caught the test.... s'all good. :thumb:
     
    Last edited: Nov 6, 2020
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    262
    Location:
    China
    Last edited: Nov 6, 2020
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    262
    Location:
    China
    Yes, WV will still provide on-execution protection since you only disabled real-time scanning of new files.
     
    Last edited: Nov 6, 2020
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    262
    Location:
    China
    Thanks for your info.
    Yes, there will be some pop-ups from SSF when using WVSX and SSF together. If clicking "Allow" whenever a pop-up appears, everything will go well, but if clicking "Deny", there will be conflict. I think experienced users will click "Allow", so I said no conflict.:) Of course whitelist WVSX's folder is a better choice.
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    262
    Location:
    China
    It seems that you have Comodo Auto-Containment enabled. This could be why WV wasn't responding.
     
  6. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    31
    yes, it looks like Comodo was beating it to the punch... all good though.
     
  7. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,110
    Location:
    Hollow Earth - Telos
    I just uninstalled one of my apps and then installed it again without any problems. Looks like it might be your app working with W10 20H2.
     
  8. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    807
    Location:
    Canada
    I thought you could run both WD and WV concurrently?? No??
     
  9. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,796
    Location:
    Location Unknown
    You can. I am right now, without issues.
     
  10. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,906
    Location:
    Canada
    @n8chavez, I heard for years, because of possible conflicts, it was not a good idea to run two AV together. What is different now with WV?
     
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,480
    Location:
    Paris
    Comodo, especially with Script Analysis active (which is enabled by Default), does an excellent job against all manner of Scriptors, and will act against scripts before anything else as containment kicks in immediately. CF is also more inclusive in what script operations it blocks.

    But to kinda-sorta see the difference in the ways in which WV and CF handles things scriptor-wise:

    Open up notepad and save a simple script to immediately reboot the system:

    shutdown.exe /r /t 00

    save the above as Reboot.bat

    On a system with both WXSV and CF(cruel) installed, run the above batch. You will notice that the reboot will not be allowed as the file will be in the containment of CF. But now disable Containment and run it again with only WVSX enabled and the system will reboot.

    Expanding on this, note that one could recode this batch file into an exe file (showing the black console window), which when run will be stopped by CF but allowed by WVSX. Going into the weeds a bit further, we can recode the batch file to run with the console window INVISIBLE. When this one is run both CF and WVSX will block it.

    Curiously if we instead use a batch file to turn off windows Firewall (something like "netsh advfirewall set allprofiles state off") and make 3 files- one the batch file, another converted to an exe with the console visible, and another converted to an executable with the console invisible and run them on the CF +WVSX system. If we do, we get the following results:

    CF blocks all
    WVSX blocks the visible console exe
    WVSX allows the invisible console exe

    Not sure I really had much of a point with this post, but obviously I had too much time on my hands.
     
  12. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    31
    awesome post... thanks for the info..... every little ounce of info is truly appreciated.
     
  13. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,208
    Location:
    Mass., USA
    Running WV w/ WD here also no issues.
    Disabling (permanently) WD is no easy task.
    GPEDIT, registry hacks; it always manages to resurrect itself.
    @Antarctica: Can you comment on your experience with Defender Control?
     
  14. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,906
    Location:
    Canada
    WD has been disabled using Defender Control for at least 5 months now without any problems. Using only WVSX and Macrium as backup
     
  15. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,208
    Location:
    Mass., USA
    Thx
     
  16. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    418
    Location:
    Island of Woman
    I always wondered so I can't resist and must ask: isn't that WVSX if blocked by spy shelter with its ask/deny feature would provoke a WVSX failure of stopping malware. Ask/Deny could happen on virgin WVSX (not allowed before and not whitelisted) when WVSX is doing something: an action triggered by malware or security related tasks, something could slip through if WVSX is on hold by spy shelter or exe radar pro or not (the user is not clicking allow but the malware is active)? ( if yes then WVSX is not compatible)
     
    Last edited: Nov 7, 2020
  17. Wendi

    Wendi Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    612
    Location:
    NY, USA
    Hi lucd,
    If I understand your concern, I think the answer is that WVSX identifies SS (as well as ERP) as being 'friendly and clean' whereas we have to believe that WVSX would identify/stop any and all malware attempts to disable it. Yes, apps such as SS gives the user an opportunity to allow/deny WVSX (and just about everything else) to run. For that matter, the user can directly exit/disable WVSX protection but that doesn't imply that malware can also do that. I believe WVSX would prevent any such tampering.
     
    Last edited: Nov 7, 2020
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    418
    Location:
    Island of Woman
    No I mean you are afk and you let WVSX be blocked by ss, and some malware starts:)

    or similarly WVSX is on hold (not blocked not allowed) and same happens in that timeframe
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,412
    Location:
    The Netherlands
    OK thanks for letting me know. And let's hope that SE Labs isn't only intererested in testing big name companies. BTW, who are you competing against in China, I guess against Baidu and Qihoo?

    Well, with all due respect for Cruelsister's tests, I would still like to see a bit more evidence that WVSX is truly capable in stopping hundreds or perhaps even thousands of malare samples. Plus I believe that the developer wants WVSX to become one of the more well known names worldwide. So without any serious testing from companies like MRG Effitas, SE Labs, AV Comparatives and AV-TEST, this will be difficult to achieve.
     
  20. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    923
    Hi @ Wilders/WiseVector

    I might be a bit obtuse but what is the Upload File for and do?

    I can't find a help file. Does it upload it to Virus Total?

    Where can i find info about it?

    Thank you

    Terry
     
  21. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,245
    It doesnt, it uploads the file for WiseVector lab, so they can fix a false positive or add the detection for a missed sample.
     
  22. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    923
    Hi @ Nightwalker

    Thanks for that

    So how do you tell them (WSV) why you are uploading the file? There does not seem to be anyway to add comment to a file upload.

    Thanks

    Terry
     
  23. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,245
    I think you cant, the lab will decide if the file is malicious or just a false positive.

    I guess this could be improved by WiseVector StopX in future updates ...
     
  24. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    923
    Hi Nightwalker

    I have heard a lot of good things about this program including Cruelsisters favourable comments along with the impeccable support from WSV. But they would do wouldn't they?

    I tried a program called Dsynchronize (reference SDMOD post9 October 2nd) today (http://dimio.altervista.org/eng/#DSynchronize) I used it years ago but it's been updated.

    WSV flagged it as ransomware, none of my other software flagged it ie BitDefender, MalwareBytes and Windows Defender.

    So, I uploaded it to Virus Total and only one of the Virus softwares on VT flagged it, ASG I think it was (Acronis)

    So there are a few chinks in WSV's armour. AND the scanning speed is appalling. If this is to be a commercial program, that has to improve.

    With WSV I see a slight creep in of Herd Instinct with all the plaudits it is getting. I think we need to wait and see.

    Terry

    ps I did upload Dsynchronize, but I really didn't know what I was doing because of the lack of information. It's no good stopping Malware if it also potentially stops inoffensive programs
     
  25. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    5,236
    Location:
    Milan and Seoul
    Well don't use it then, and wait for canonical tests in due time. I'm not worried as cruelsister's tests are real nasties for any reputable AV, and there is also MS Defender which works well in tandem, they both complement each other quite well.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.