WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I've send you some files. They are new and were also not detected by WVSX before uploading them, just as the files you requested. (Also from VirusSign) And I've included screenshots of WVSX's configuration at the time of execution because I believe the behavior detection was activated.
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Oh nice, thank you :)
     
  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    OK, thank you very much.
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    We are not considering adding checksum hash at present, but we plan to add the advanced feature customization, users are able to know everything happens in their system and get totally control of it.
     
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    @WiseVector Can you please explain what exactly happens when I choose to exclude a detection and select "Report the file as false-positive"? I didn't fully understand your previous explanation. Thank you :)
     
    Last edited: Dec 9, 2020
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    No problem!
     
  7. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,

    "Exclude a detection" means both static scanning and behavior protection will not alert the program as malicious again when it has been excluded.
    "Report the file as false-positive"means we will analyze the program and fix the FP once it's confirmed.
     
    Last edited: Dec 10, 2020
  8. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    Ah ... of course. What else? Hm. I think my confusion came from cumulative sleep deprivation and thus memory issues. I slept VERY bad over the last week. xD

    My memory said:
    and that was it. Sorry to bother you xD
     
    Last edited: Dec 10, 2020
  9. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    When the WiseVector is used on-demand only (with Auto Launch & Real Time disabled) :
    Why the WiseVector service application (WiseVectorSvc.exe) is still running?
     
    Last edited: Dec 10, 2020
  10. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    WiseVectorSvc.exe is responsible for loading the modules and other stuff into the memory. The advantage is that we don't need to load the modules every time when WVSX is started, which will reduce the user's waiting time.
    If you want WiseVectorSvc.exe start manually, please try this way: right click This PC>click Manage>click Services and Applications>click Service>double click WiseVector Service>Start Type>select Manual. But you have to wait for a while before performing a scan.
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    It's OK. So happy to hear your feedback.;)
    Good night, sleep tight, don't let the bed bugs bite.:D
     
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Recent Nov. test of WVX here:

    Wisevector StopX vs 800+ Malware Samples
    https://kzclip.com/video/yVuXji17p5k/wisevector-stopx-vs-800-malware-samples.html

    Protection rate: 70%

    Appears it's one of those bulk malware tests where one sample after another is run in sequential fashion.
     
    Last edited by a moderator: Dec 10, 2020
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,694
    Location:
    USA
    It would have been nice to have seen the samples scanned with Eset, Kaspersky, Bitdefender, and Avira so we would have an idea of how hard the samples are to detect.
     
  14. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    That's basically what I did over the last week, every day when VirusSign provided a new archive. (They also used VirusSign, it looks like) So far WVSX had only problems with Floxif trojan. It just wont detect it.
    Overall detection was definitely over 70%. Maybe 85, 90%. And after me uploading the files it was 99%, with Floxif being left able to run - BUT maybe Floxif detected that I use a VM, even though I run a modified VM with very few indicators left.
     
    Last edited: Dec 10, 2020
  15. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    Thanks WiseVector for your prompt reply.

    But following your suggestion, the problem is half solved:
    A) ok, the WiseVectorSvc.exe is not running when the PC starts.
    B) When I run the WiseVector and then I close the app, the app closes but the WiseVectorSvc.exe remains running and I have to stop it manually.
     

    Attached Files:

    Last edited: Dec 10, 2020
  16. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Thanks for sharing the video.
    1) In the video, WVSX V2.09 was tested, it is a very old version which was released in July 2019. Our latest version is V2.67. So obviously it is not "Recent Nov. test of WVSX".
    2) In the end of the test, the tester used another security software to scan and we can see all left samples were still in the original folder named "new folder". There are three possibilities: A) the samples were blocked by WVSX when they were running; B) the samples were not effective which could't perform malicious actions. C) the samples were not malicious. I say this because that most malware will drop malicious artifacts or infect + inject other files.
     
  17. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Thanks for your testing.
    You have sent us 10 samples and half of them are legit files which were infected by Floxif virus. But they were crashed when we executed them...:(
     
  18. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Actually you don't need to stop it. WiseVectorSvc.exe will do nothing if WiseVector is not running. Most AV have services running in the background, it is normal.
     
  19. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    630
    Location:
    Germany
    I asked already per email, but why are Floxif files not detected after uploading them? Just because they crash? But they successfully create the "conres.dll" in the temp folder. VirusTotal says it has "long waits" maybe that's throwing the behavior detection off? I don't know :)
     
  20. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    Sorry but it's not make sense to me. The one post it's against the other, imo.

    ------------
    In real-time mode, yes.
    But in on-demand mode? No, it's not normal to leave services running in the background.
    To name few AV (on-demand mode): Malwarebytes or Hitman Pro or RogueKiller leave nothing behind.
     
    Last edited: Dec 11, 2020
  21. tutman

    tutman Registered Member

    Joined:
    Aug 23, 2019
    Posts:
    44
    Location:
    usa

    I noticed that too when using it as on demand scanner. Minor annoyance but it doesn't auto restart on reboot. It is running for faster startup next time. I see their point.
    But I agree that it perhaps should auto shutoff or just not run unless you have real time protection on? (To be fair this is not a true on demand scanner, it IS a full fledged AV.)
     
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    When I talk about AV, the AV means Kaspersky, ESET or BitDefender, etc.
    Malwarebytes, Hitman Pro or RogueKiller leave nothing behind in the on-demand mode, because they are designed to be like this which can work as a on-demand scanner. But WVSX is not designed to be so. Sorry for the inconvience, you have to stop WiseVectorSvc.exe manually after using WVSX :(
     
  23. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    Seems that is a big problem for them to adjust it in such way or simply they don't care or its running intentionally for an unknown reason.......
    ------------------
    Noted, thanks.
     
  24. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    289
    @WiseVector

    1. Any plans to make better use of the processor(s) during on demand scans? It's extremely slow, even WD which is to be considered slow-ish is only a few minutes completing a full scan. WiseVector takes over 1 hour to complete a scan! As you can see in the screenshot, almost no use of processors.
    2. With which frequency does WV opdate streaming updates and am i correct in assuming it updates right after boot?
     

    Attached Files:

    Last edited: Dec 12, 2020
  25. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    543
    Location:
    China
    Hi,
    Did you scan "conres.dll" with WVSX?
    It is an old sample which can be detected by WVSX even two years ago. If Real-time Protection is enabled, I think it couldn't be a missed sample.:thumbd:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.