WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Yes, I agree with you. We would like to take part in such test in the future.
    The man-in-the-middle attack. Do you mean by the supply chain attack? If yes, there is high probability that WVSX can detect this type of malware. If you mean by ARP Poison, WVSX does not have protection layer for it, but it's rarely seen in modern attacks, .
     
    Last edited: May 10, 2021
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Thanks for your report, we will analyze this file soon and get it resolved once FP is confirmed.
     
  3. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    @WiseVector Can you elaborate what is the difference between "Trojan.Generic" or say "Trojan.Ransom.Generic" and "Heur. ML.PE"? I guess one is from machine learning and other one is a normal threat signature?
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Yes, your guess is correct.
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    @lucd
    Please check whether this bat file is in the task scheduler or not. Only items in task scheduler can run every 10 minutes.
    Can you please send this file to virus@wisevector.com or tell me where can I download it? Judging from the content in the screenshots, WVSX should not flag the file as malicious.
     
  6. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    591
    Location:
    Island of Woman
    most likely a firmware issue due to windows install of "intel system" and other stuff, I can see nothing in task scheduler
    It tagged this one (see link below), although 15 minutes after it was run, not immediately, probably by coping part of the batch I didn't close the loop properly and machine learning saw it is weird and stopped it (maybe)

    https://gist.github.com/robinlennox/f52e8f8291617469e833c64f8c27eac9
    @avman1995 I am sorry I told you to use chekcmal but they are not compatible with WVSX, you need to whitelist WVSX in checkmal if you plan on using it
     
    Last edited: May 11, 2021
  7. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
  8. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Yes, we do plan to jion virustotal, but they said we had to wait a long time because there were so many other security software in the queue before us...
     
  9. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    We have tested. When running the bat file directly or as administrator, WVSX didn't flag it as malicious.
     
  10. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    591
    Location:
    Island of Woman
    I am not surprised, I told it stopped by ML behavior checks when it saw this running over and over, in a loop (good to know it identifies such actions),

    ultimate-windows-tweaker-4-:This is still tagged as malware, when you disable WD, the software is not harmful, it is popular:
    https://www.thewindowsclub.com/ultimate-windows-tweaker-4-windows-10

    I stand correct about some of the security aspets of task scheduler, some task are important like
    CreateExplorerShellUnelevatedTask
     
    Last edited: May 13, 2021
  11. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    498
    A bit late, but you're welcome and thank you.
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Thanks for your info.;)
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,296
    Location:
    U.S.A. (South)
    Late to that same finding as was examining WVSX service noticed it that too. I disengaged Microsoft Defender long enough to run some solo tests and by golly WiseVector like a hungry ant eater instantly zeroed in and took care of business. The team of WVSX is really impressive to the performing of tasks and for any length of time the program is challenged as well. It was flooded by rapid succession bad actions and successfully returned positive results.

    It's in tandem on my Windows 10 20H2 along with Microsoft Defender and WVSX is light as can be while formidable.
    Also newly set the protected folders "set up" and got a rapid alert to PrivaZer ShellBags Analyzer deletions which was another EXCLUDE set.

    Thank You @WiseVector
     
  14. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    EASTER, thank you for the positive review! We’re so happy you loved your experience and can’t wait to have you comments for our next 3.0 beta when it comes out a few days later.
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    Unexpected to see this one, but i think it was a FP. :( I excluded it.

    WiseVector_HitManPro_alert_01.JPG

    WiseVector_HitManPro_alert_02.JPG
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    Oops... I just recovered from a hard reboot. Apparently, my laptop froze during the HMP scan, for whatever reason.

    P.S. I'll try running it again, later today. I am going back to sleep.
     
  17. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Hi Tarnak,

    Sorry for the inconvenience, we have installed Hitman Pro Alert 3.8.13 build 901, but we can't find "hitmanpro37.sys" in the drivers directory, only a file named "hmpalert.sys" in there. So we
    can not reproduce the issue you encountered.

    Anyway, we have whitelisted the driver file. When a driver is identified as malicious by WVSX, it will be prevented from loading into the system, which can not lead to deadlock. So there may be other reasons for the frozen, you can do it again as you did before to see if the problem has been solved. Thanks.
     
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,707
    In HitmanPro 3.8.23 build 318, the "hitmanpro37.sys" appears in the drivers directory during the HMP scan only.
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,955
    Hi WiseVector,

    No problem. :) Just did a scan, and no more freeze.

    WiseVector_HitManPro_alert_03.JPG
     
  20. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    189
    With Mandatory ASLR enabled, antivirus cannot be installed.
     
  21. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    421
    Location:
    China
    Hi solitarios,,

    We can reproduce this issue with ASLR enabled. The problem appears to be the version of the installer software used by WVSX, NSIS 2.x, which fails when have the Mandatory ASLR option turned on in Windows Exploit Protection settings. We will try to upgrade to the latest version of NSIS to solve this problem. For now, you can temporarily disable ASLR, and re-enable ASLR after the installation is complete. Thanks for your feedback.
     
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    591
    Location:
    Island of Woman
    if I remember correctly HMPA is known to cause bsod, but have not used it in a year
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,296
    Location:
    U.S.A. (South)
    Looking forward to that when the development team rolls out the releases from the assembly line. Still amazed at how feather light this program is but most formidable when confronted. :thumb:
     
  25. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    498
    StopX flagged the temp .exe for Simplewall update (33.4) today which I reported as FP
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.