Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.
Thanks for your report, we will analyze this file soon and get it resolved once FP is confirmed.
@WiseVector Can you elaborate what is the difference between "Trojan.Generic" or say "Trojan.Ransom.Generic" and "Heur. ML.PE"? I guess one is from machine learning and other one is a normal threat signature?
Yes, your guess is correct.
Please check whether this bat file is in the task scheduler or not. Only items in task scheduler can run every 10 minutes.
Can you please send this file to firstname.lastname@example.org or tell me where can I download it? Judging from the content in the screenshots, WVSX should not flag the file as malicious.
most likely a firmware issue due to windows install of "intel system" and other stuff, I can see nothing in task scheduler
It tagged this one (see link below), although 15 minutes after it was run, not immediately, probably by coping part of the batch I didn't close the loop properly and machine learning saw it is weird and stopped it (maybe)
@avman1995 I am sorry I told you to use chekcmal but they are not compatible with WVSX, you need to whitelist WVSX in checkmal if you plan on using it
@WiseVector Is WSVX planning to join virustotal?
Yes, we do plan to jion virustotal, but they said we had to wait a long time because there were so many other security software in the queue before us...
We have tested. When running the bat file directly or as administrator, WVSX didn't flag it as malicious.
I am not surprised, I told it stopped by ML behavior checks when it saw this running over and over, in a loop (good to know it identifies such actions),
ultimate-windows-tweaker-4-:This is still tagged as malware, when you disable WD, the software is not harmful, it is popular:
I stand correct about some of the security aspets of task scheduler, some task are important like
A bit late, but you're welcome and thank you.
Thanks for your info.
Late to that same finding as was examining WVSX service noticed it that too. I disengaged Microsoft Defender long enough to run some solo tests and by golly WiseVector like a hungry ant eater instantly zeroed in and took care of business. The team of WVSX is really impressive to the performing of tasks and for any length of time the program is challenged as well. It was flooded by rapid succession bad actions and successfully returned positive results.
It's in tandem on my Windows 10 20H2 along with Microsoft Defender and WVSX is light as can be while formidable.
Also newly set the protected folders "set up" and got a rapid alert to PrivaZer ShellBags Analyzer deletions which was another EXCLUDE set.
Thank You @WiseVector
EASTER, thank you for the positive review! We’re so happy you loved your experience and can’t wait to have you comments for our next 3.0 beta when it comes out a few days later.
Unexpected to see this one, but i think it was a FP. I excluded it.
Oops... I just recovered from a hard reboot. Apparently, my laptop froze during the HMP scan, for whatever reason.
P.S. I'll try running it again, later today. I am going back to sleep.
Sorry for the inconvenience, we have installed Hitman Pro Alert 3.8.13 build 901, but we can't find "hitmanpro37.sys" in the drivers directory, only a file named "hmpalert.sys" in there. So we
can not reproduce the issue you encountered.
Anyway, we have whitelisted the driver file. When a driver is identified as malicious by WVSX, it will be prevented from loading into the system, which can not lead to deadlock. So there may be other reasons for the frozen, you can do it again as you did before to see if the problem has been solved. Thanks.
In HitmanPro 3.8.23 build 318, the "hitmanpro37.sys" appears in the drivers directory during the HMP scan only.
No problem. Just did a scan, and no more freeze.
With Mandatory ASLR enabled, antivirus cannot be installed.
@anon @Tarnak Thanks for the info
We can reproduce this issue with ASLR enabled. The problem appears to be the version of the installer software used by WVSX, NSIS 2.x, which fails when have the Mandatory ASLR option turned on in Windows Exploit Protection settings. We will try to upgrade to the latest version of NSIS to solve this problem. For now, you can temporarily disable ASLR, and re-enable ASLR after the installation is complete. Thanks for your feedback.
if I remember correctly HMPA is known to cause bsod, but have not used it in a year
Looking forward to that when the development team rolls out the releases from the assembly line. Still amazed at how feather light this program is but most formidable when confronted.
StopX flagged the temp .exe for Simplewall update (33.4) today which I reported as FP
I have had some issues with WiseVectorW recently. First, when I had WX and KTS enabled, my pc take at least 15 mn to reboot/shutdown (in fact after 15 mn I have chosen to shut down my PC the hard way, so not sure what could have happened if I had waited longer ). Then I tried to uninstall/reinstall it, but the uninstall process failed: I was able to close WX in the systemtray, but it was not sufficient. The uninstaller continued to ask me to close WX. In the task manager, I found no other WX occurrence, but I found one using Sysinternal Process Explorer. But the WX process displayed here was impossible kill.I finally managed to uninstall it in booting in safe mode. I will reinstall it later.
Separate names with a comma.