WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Thanks a lot for your testing and feedback!
    Any question,please let me know.:)
    Have a nice day!
     
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,768
    Location:
    U.S.A. (South)
    And Thank You @WiseVector for your always prompt and courteous efforts on all our behalfs

    Have a Wonderful Peaceful week.
     
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,689
    Location:
    UK
    What plans, if any, do you have regarding firewall/network connections ?
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Yes of course, we have a plan to add the network protection in our next release and this feature would be paid.
    There are some free firewalls on the market. I would like to know what features are useful or useless for you and are there some features you really need but they don't have. We would like to ensure every feature suits for the needs of our users. Please let me know your thoughts. Thanks!
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,378
    Location:
    Hawaii
    Version 2.70 sailing smoothly, with fair skies and a following sea. @WiseVector -- Congratulations!!!
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,689
    Location:
    UK
    On a personal level only, I would just prefer very basic firewall/network features such as an alert when a program is calling home etc.
    I would hate to see WV bloated with too many obscure feature requests
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,415
    Location:
    Under a bushel ...
    Absolutely +1
     
  8. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    223
    Location:
    Romania
    +2
     
  9. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,010
    Location:
    Canada
    Agree with that too, I like your Software but no bloatware please:)
     
  10. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Thanks! ;)
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Of course, no bloated features. Basic features are necessary.:)
     
  12. Pliskin

    Pliskin Registered Member

    Joined:
    Feb 8, 2009
    Posts:
    431
    Could this basic firewall detect something like this:
    Is this malware like behavior or not?
     
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    Honestly, it can be very difficult to detect whitelist programs abusing if a firewall only monitors network events .
    WVSX has the ability detect thread hijacking, process hollowing, dll-side loading attack. So WVSX can detect this type of attack without needing to intercept network requests. However. We are not sure this is a malware attack only from the screenshots.
     
    Last edited: Dec 26, 2020
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/

    This was supposedly patched by Microsoft but actually wasn't: https://www.bleepingcomputer.com/ne...-with-bad-patch-gets-new-public-exploit-code/
     
  15. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,805
    Settings: Add the option to disable context menu.
     
  16. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,973
    Location:
    Poland - Cracow
  17. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    684
    Location:
    Island of Woman
    rather than full fledged firewall - like coman there are plenty of FWs now , I would like to see some basic traffic monitoring like anonymous ip connections or connections to dark web , I do not feel safe with wise vector and web plugins for web, I try to blend in Wisevector and avast or bitdefender etc they have modules to monitor that Internet part specifically
    encyrpted connections and malicious traffic should be checked as in most cases malware is not dangerous if it doesn't have Internet access back, idc about malware until it calls back home, firewall alone will not stop that but some intelligent traffic analysis

    like make it a little bit more blackfogy https://www.wilderssecurity.com/threads/blackfog-privacy.400343/
    just to add a check for that highly suspicious traffic requests
    just in case if something went trought your AI checks on processes hijacking and more, it just takes 1 mistake to compromise, I can't imagine an AV that don't do checks on network traffic, maybe it doesn't need to for how it works but its just beyond me (I am not a techie so I try to use common sense and logic instead) :)
     
    Last edited: Dec 28, 2020
  18. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Yes, basic traffic monitoring will be one feature of our network protection.
    I agree with you. But it's important to note that ransomware does not need network connection to perform encryption. It's one of the most distructive malware.
    I understand your worries. Perhaps you might think the more layers of protection, the better. However, for example, WVSX has DLL side-loading checking, but most other AV don't have. If malware utilizing DLL Side-Loading could bypass other AV, the results can also be bad.
    Different security software have different critical features. Ensuring that all features work effectively together to keep users from threats is the priority.
     
  19. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    Since the advent of Windows Filtering Platform, almost all the host/application firewalls on the market have been lacking IDS/IPS and SPI (stateful packet inspection). Eset is one of the few firewalls that offers IDS/IPS, Botnet Protection, and SPI (stateful packet inspection). If you offered IDS/IPS, and Stateful Packet Inspection, then you would be offering something that most of your competition does not have.
     
    Last edited: Dec 30, 2020
  20. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    WVX doesn't have to use WFP. It could instead use a network adapter mini-port filter driver. Adguard for example, offers its use as an option.

    AV vendor firewalls migrated to WFP since its less of a hassle for them maintenance wise.

    -EDIT- Implied above is it is not recommended to use two security products concurrently that employ WFP based network filtering due to potential conflicts. As such, VVX needs to provided both methods.
     
    Last edited: Dec 30, 2020
  21. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,653
    Location:
    USA
    I agree, in theory a network adapter mini-port filter should prevent incompatibility issues with other firewalls that use WFP, but i'm not positive. I remember reading years ago when WFP was first released that it had no way of handing over network traffic to another driver, but I only glanced over the article. So, does WFP support handing over network traffic to a mini-port filter when used together? I see other products doing it, but I don't know the fine details of how they are going about it. Maybe they should take the same route Adguard has taken. I think Adguard works great.

    If there goal is to create a full-fledged firewall then they may consider using WFP in the way Eset has done, but if they want to create an IDS/IPS that will work in combination with another firewall then I think the mini-port filter will be their only choice since most other host firewalls are using WPF these days. I would have to do a little research to know what all the options are, and i'm not sure I have time to do it tonight. I have a lot of reading to do for my college courses.

    edited 12/30/20 @ 7:59
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,398
    Location:
    U.S.A.
    There have been reported issues with the installed ver. of Adguard and Eset firewall versions. Adguard by default will use WFP. It also appears Eset is not the only AV that can conflict with Adguard in this regard. Hence, Adguard's addition of mini-port filter driver for compatibility purposes. As far as network adapter mini-port filter driver use, it interfaces directly with the network stack. As such, it would intercept network traffic prior to WFP which is an interface between the network stack and Windows run components.

    Also of note in regards to Eset is the Windows firewall is not totally disabled. Rather it is being "managed" by Eset. This implies that Eset firewall is not actually using WFP but instead is using the Windows firewall interface to it. Most important, all this is being coordinated via registration in Windows Security Center; something at the present time WVX is incapable of doing.

    -EDIT- It also appears that the main reason the AV's switched to use of WFP versus network adapter mini-port filter driver was to eliminate issues in SSL/TLS protocol filtering caused by the later. Assuming that WVX has no intentions of doing like protocol filtering, neither method is actually necessary.
     
    Last edited: Dec 31, 2020
  23. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi@itman
    WFP driver will be used and we will try to avoid conflicts with other security software. We will do Protocol filtering as well.
     
  24. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Happy 2021! Many thanks to everyone!
    May the New Year bring many good things and rich blessings to you and all those you love!
     
  25. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    941
    Location:
    Canada
    Same to you WV. Just my 2 cents, please be careful adding everything that is suggested on here by various members. Because before too long your program will become bloated, over complicated and just another faceless AV suite. Up to now your program has been a breath of fresh air, fast, effective, light, and easy to use. I fear if you keep adding on that these attributes may disappear.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.