Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.
Thanks a lot for your testing and feedback!
Any question，please let me know.
Have a nice day!
And Thank You @WiseVector for your always prompt and courteous efforts on all our behalfs
Have a Wonderful Peaceful week.
What plans, if any, do you have regarding firewall/network connections ?
Yes of course, we have a plan to add the network protection in our next release and this feature would be paid.
There are some free firewalls on the market. I would like to know what features are useful or useless for you and are there some features you really need but they don't have. We would like to ensure every feature suits for the needs of our users. Please let me know your thoughts. Thanks!
Version 2.70 sailing smoothly, with fair skies and a following sea. @WiseVector -- Congratulations!!!
On a personal level only, I would just prefer very basic firewall/network features such as an alert when a program is calling home etc.
I would hate to see WV bloated with too many obscure feature requests
Agree with that too, I like your Software but no bloatware please
Of course, no bloated features. Basic features are necessary.
Could this basic firewall detect something like this:
Is this malware like behavior or not?
Honestly, it can be very difficult to detect whitelist programs abusing if a firewall only monitors network events .
WVSX has the ability detect thread hijacking, process hollowing, dll-side loading attack. So WVSX can detect this type of attack without needing to intercept network requests. However. We are not sure this is a malware attack only from the screenshots.
This was supposedly patched by Microsoft but actually wasn't: https://www.bleepingcomputer.com/ne...-with-bad-patch-gets-new-public-exploit-code/
Settings: Add the option to disable context menu.
rather than full fledged firewall - like coman there are plenty of FWs now , I would like to see some basic traffic monitoring like anonymous ip connections or connections to dark web , I do not feel safe with wise vector and web plugins for web, I try to blend in Wisevector and avast or bitdefender etc they have modules to monitor that Internet part specifically
encyrpted connections and malicious traffic should be checked as in most cases malware is not dangerous if it doesn't have Internet access back, idc about malware until it calls back home, firewall alone will not stop that but some intelligent traffic analysis
like make it a little bit more blackfogy https://www.wilderssecurity.com/threads/blackfog-privacy.400343/
just to add a check for that highly suspicious traffic requests
just in case if something went trought your AI checks on processes hijacking and more, it just takes 1 mistake to compromise, I can't imagine an AV that don't do checks on network traffic, maybe it doesn't need to for how it works but its just beyond me (I am not a techie so I try to use common sense and logic instead)
Yes, basic traffic monitoring will be one feature of our network protection.
I agree with you. But it's important to note that ransomware does not need network connection to perform encryption. It's one of the most distructive malware.
I understand your worries. Perhaps you might think the more layers of protection, the better. However, for example, WVSX has DLL side-loading checking, but most other AV don't have. If malware utilizing DLL Side-Loading could bypass other AV, the results can also be bad.
Different security software have different critical features. Ensuring that all features work effectively together to keep users from threats is the priority.
Since the advent of Windows Filtering Platform, almost all the host/application firewalls on the market have been lacking IDS/IPS and SPI (stateful packet inspection). Eset is one of the few firewalls that offers IDS/IPS, Botnet Protection, and SPI (stateful packet inspection). If you offered IDS/IPS, and Stateful Packet Inspection, then you would be offering something that most of your competition does not have.
WVX doesn't have to use WFP. It could instead use a network adapter mini-port filter driver. Adguard for example, offers its use as an option.
AV vendor firewalls migrated to WFP since its less of a hassle for them maintenance wise.
-EDIT- Implied above is it is not recommended to use two security products concurrently that employ WFP based network filtering due to potential conflicts. As such, VVX needs to provided both methods.
I agree, in theory a network adapter mini-port filter should prevent incompatibility issues with other firewalls that use WFP, but i'm not positive. I remember reading years ago when WFP was first released that it had no way of handing over network traffic to another driver, but I only glanced over the article. So, does WFP support handing over network traffic to a mini-port filter when used together? I see other products doing it, but I don't know the fine details of how they are going about it. Maybe they should take the same route Adguard has taken. I think Adguard works great.
If there goal is to create a full-fledged firewall then they may consider using WFP in the way Eset has done, but if they want to create an IDS/IPS that will work in combination with another firewall then I think the mini-port filter will be their only choice since most other host firewalls are using WPF these days. I would have to do a little research to know what all the options are, and i'm not sure I have time to do it tonight. I have a lot of reading to do for my college courses.
edited 12/30/20 @ 7:59
There have been reported issues with the installed ver. of Adguard and Eset firewall versions. Adguard by default will use WFP. It also appears Eset is not the only AV that can conflict with Adguard in this regard. Hence, Adguard's addition of mini-port filter driver for compatibility purposes. As far as network adapter mini-port filter driver use, it interfaces directly with the network stack. As such, it would intercept network traffic prior to WFP which is an interface between the network stack and Windows run components.
Also of note in regards to Eset is the Windows firewall is not totally disabled. Rather it is being "managed" by Eset. This implies that Eset firewall is not actually using WFP but instead is using the Windows firewall interface to it. Most important, all this is being coordinated via registration in Windows Security Center; something at the present time WVX is incapable of doing.
-EDIT- It also appears that the main reason the AV's switched to use of WFP versus network adapter mini-port filter driver was to eliminate issues in SSL/TLS protocol filtering caused by the later. Assuming that WVX has no intentions of doing like protocol filtering, neither method is actually necessary.
WFP driver will be used and we will try to avoid conflicts with other security software. We will do Protocol filtering as well.
Happy 2021! Many thanks to everyone!
May the New Year bring many good things and rich blessings to you and all those you love!
Same to you WV. Just my 2 cents, please be careful adding everything that is suggested on here by various members. Because before too long your program will become bloated, over complicated and just another faceless AV suite. Up to now your program has been a breath of fresh air, fast, effective, light, and easy to use. I fear if you keep adding on that these attributes may disappear.
Separate names with a comma.