WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Sorry for the inconvenience, WVSX doesn't work without admin rights at present.
     
  2. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,218
    Location:
    Mass., USA
    Updated v2.67 to v2.72.
    Notice after startup marked increase in CPU, I/O reads, writes?
     

    Attached Files:

  3. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Hi,
    This will happen when V2.72 starts up at the first time, but not all the time.:)
     
  4. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    266
    @WiseVector

    My version displays 2.73, isn't 2.72 the latest or am i running a beta version just not mentioned here yet? :)
     
  5. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    updated this morning to 2.73.. :thumb:
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,920
    v2.73 was just released.
    https://www.wisevector.com/en/en-history/
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    Earlier this evening I had to do a hard restart, and then noticed that WiseVector had not loaded.

    I tried to start WV Stop X from the Windows start menu, but it wouldn't load. I had two WiseVector exe's on my desktop, one for version 2.67 and the more recent 2.73 version. However, when I tried to run the old one initially, it was blocked by Emsisoft behaviour blocker, and then when I tried the more recent version it too was blocked.

    Eventually both exe's were quarantined by Emsisoft. I had to overide this action by Emisoft, and reran the exe to install WiseVector, which required a reboot to finish the install. After the reboot WiseVector is now running as per usual.

    Very odd that this happened, since I don't understand why Emsisoft determined WiseVector as suspicious.

    Emsisoft_Wrongly quarantines WiseVector exe_02.JPG
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,920
    You probably need to whitelist the WiseVector exe files in Emsisoft.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    Perhaps, but I don't like to whitelist unnecessarily.

    Looking back through the Emisoft logs, it blocked WiseVector initially at 12:26:13 PM. Probably, blocked the update to WiseVector v2.73. Nearly 9 hours, earlier.

    Emsisoft_Wrongly quarantines WiseVector exe_03.JPG
     
  10. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,282
    If you dont like to whitelist you should report to Emsisoft so they can do it internally, it is a problem on their end, not on WiseVector.
     
  11. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,359
    Location:
    Under a bushel ...
    I prefer to cross-whitelist my security softs, to preclude this kind of problem
     
  12. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    16,983
    Location:
    UK
    Updated to 2.73 manually using the 'check for updates' in user interface.
    Worked perfectly.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,359
    Location:
    Under a bushel ...
    I have it on one of my Windows instances (not much else) - updated without issue on boot.
    (I saw afterwards I had 'Automatically download and install program updates' enabled by default in settings ... normally I prefer updating manually).
     
    Last edited: Jan 30, 2021
  14. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    It was a FP, but Emisoft doesn't detect WVSX ( the V2.73 installer) as suspicious on the VT. We will contact Emisoft to resolve this. Thanks for your feedback.
    Can you please tell me what's the version of WVSX on your screenshot?
     
    Last edited: Jan 30, 2021
  15. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    266
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Anyone happens to have done tests of this program against other avs such as kaspersky? NOT AV LABS
     
  17. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    you're welcome..
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,313
    Location:
    U.S.A. (South)
    Updated to 2.73 directly. Smooth as silk. No issue.

    Windows 8.1
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    @WiseVector

    As I stated in my initial post above, I had two install exe's for WVSX on my desktop [and still have]. The latter one listed as WiseVector_StopX (1).exe, and here are the details:

    Emsisoft_Wrongly quarantines WiseVector exe_04.JPG

    Hope that helps. :)
     
  20. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,313
    Location:
    U.S.A. (South)
    PE Studio scan on V2.73- Of Note Emsisoft shows CLEAN as of today's date.

    ii.jpg
     
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,804
    Location:
    Among the gum trees
    HitmanPro.Alert blocked the update here again.
    Code:
    Mitigation   MalwareBlocked
    Timestamp    2021-01-30T21:10:25
    
    Platform     10.0.19042/x64 v889 06_5e
    PID          1736
    Application  C:\Program Files (x86)\WiseVector\WiseVectorUpdater.exe
    Created      2021-01-30T21:10:14
    Description  Generic ML PUA
    
    
    Process Trace
    1  C:\Program Files (x86)\WiseVector\WiseVector.exe [1736] 2021-01-30T21:09:52
    2  C:\Windows\explorer.exe [7844] 2021-01-30T19:45:57
    3  C:\Windows\System32\userinit.exe [7708] 2021-01-30T19:45:57 23.6s
    4  C:\Windows\System32\winlogon.exe [908] 2021-01-30T19:45:21
       winlogon.exe
    5  C:\Windows\System32\smss.exe [824] 2021-01-30T19:45:21 164ms
       \SystemRoot\System32\smss.exe 000000dc 00000084
    6  C:\Windows\System32\smss.exe [536] 2021-01-30T19:45:17
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    1  C:\Program Files (x86)\WiseVector\dat\local.de-journal
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    2  C:\Program Files (x86)\WiseVector\NewUpdate.ini
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
            Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    3  C:\Program Files (x86)\WiseVector\tmp\dat-lh.de.rar
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
            Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    4  C:\Program Files (x86)\WiseVector\tmp\WiseVectorUpdater.exe.rar
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
            Read by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    5  C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    6  C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    7  C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_DCF3C7EBF16F9D8A2007E30BE1AB524D
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    8  C:\Users\David\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_DCF3C7EBF16F9D8A2007E30BE1AB524D
         Dropped by \Device\HarddiskVolume4\Program Files (x86)\WiseVector\WiseVector.exe [1736]
    
    Thumbprints
    bd5c5c6e6da3d69d10e1b11002a66feb2830b234a737dcacb5dcf9988c6bbb6b
    
    After suppressing the alert WVSX updated without problem.
     
  22. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,282
    It is a detection from Emsisoft Behavior Blocker, it wont be detected on VT or via Scan module.

    Emsisoft needs to internally whitelist it or the user can do it, this isnt something caused by WiseVector.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,377
    Location:
    U.S.A.
    Both WD and Sophos are detecting the updater at VT.
     
  24. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,015
    Location:
    Baden Germany
    At the time of my reply, only Sophos and VBA32 flagged the updater.
    The installer is not flagged by any.
     
  25. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,015
    Location:
    Baden Germany
    For this reason I uninstalled HMP.A, while testing WVSX.
    Another reason is, that there is no switch, to temporary disable HMP.A,
    which is annoying, when I run own scripts, to update my tools.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.