WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    You can write a rule to prevent any app from reading (include copy) your important files. Suppose you place a lot of important files in "E:\Important" and you only want trusted programs to be able to access files within it, you can write the following rule. Note that I exclude explorer.exe by default, otherwise you can't even open this folder.

    Screenshot 2021-06-19 214646.png
     
    Last edited: Jun 20, 2021
  2. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    We are writing the upgrade log now, thanks.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,779
    Location:
    U.S.A. (South)
    Understood @WiseVector- Personal preference ruleset for Registry also. Got it. Thanks as always for your insight/support.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,779
    Location:
    U.S.A. (South)
    What in the world? Hey @WiseVector-What a fantastic GRANULAR super feature. I completely and absolutely totally missed seeing that outstanding and highly efficient RULESET SETTING! To put it mildy- OUTSTANDING!

    Thanks for setting me completely straight to the RULES SECTION and have no need to add anything else to compliment that such technical accurate and efficient user configurable mechanism. What an amazing addition on top of the Network Feature.

    Sure set me straight.

    THIS IS HUGE!
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Yes, in most cases it is based on a blacklist, and in a few cases it will scan the contents. Note that if the URL is related to a Linux malware, web protection will not handle it.
     
  6. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Hi Tarnak,

    What were you doing on your computer before the system deadlocked? The detection from emsi is a FP. "CryptoMalware" means ransomware, Apparently WVSX is not ransomware, please report the FP to emsisoft if possible, thanks.
     
  7. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    We also check for phishing links, but they disappear rather quickly, so maybe we need to increase our speed to recognize them.
     
  8. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    That's very strange. Because the Web Protection is only a protection layer for the network, it will not interfere with the system operation. If possible, can you turn it on again to check if the same issue happens again or not. Note that if this is your production computer, forget this.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I had restarted the laptop as directed, and then when I opened my Opera browser, it wouldn't go to an address. Then I tried opening an app, and nothing happened. So, obviously a system freeze as described in my post above.

    I will wait a bit before I try to install this beta. But, I will disable Emsisoft, first.
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,779
    Location:
    U.S.A. (South)
    Can hardly believe what i'm obviously witnessing with my eyes in this new version. Network is quite formidable in it's own right, but WVSX HIPS ruleset feature beats anything that I have ever seen or experienced quite like it before. Exceptionally granular and as solid as an anvil iron. And with all this light as a feather!!

    And @WiseVector - Rules can also be personalized for the Windows Registry as well?

    Please post a screen shot.
     
  11. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Writing custom rules is a bit more complicated, there is an exclamation mark icon behind each edit box in the rule editor, move mouse over it will give help information. Yes, the rules can also be personalized. WVSX's detection logic is to first match the rules you write before entering our detection logic. If you choose rule-only mode, it will only match your rules.
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Thanks, we will install Opera browser to see what happens.
     
  13. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    I assume this also scans HTTPS and HTTP traffic for malware (exe, js etc as well) I tried couple malicious downloads web guard didn't stop it before or during the download but it was handled after download completed.
     
  14. faircot

    faircot Registered Member

    Joined:
    May 17, 2012
    Posts:
    224
    Location:
    UK
    I run Opera as the default browser here. No problems or issues with it and WV beta. In fact, I just had to check the beta was running it's so quiet! Good job.
     
  15. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Well, the beta is a NO GO for me at the moment...continual termination/self restart of WVSX. Can only assume that something on my system & WVSX do not get on, as I have been running v2.73 (Final) for a few months with absolutely no ill effects and certainly not this issue.

    I will try reinstalling and 'debugging' but as far as I can see a MAJOR incompatibility has been introduced in the beta...which is such a shame. I was really looking forward to moving over to full time use of WVSX.:(:'(

    If I manage to find any pointers I will post back.

    Regards, Baldrick
     
  16. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    installed over the top... no probs... just the usual CFW exclusions, and made sure WVSX F/W is set to off..
     
  17. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    501
    Location:
    UK
    Thanks thats useful. I am running CWF with Cruelsisters settings and did wonder if there was anything that I should turn off on this version? Do you leave network intrusion detection on? I was running with everything on and it hasn't caused me any issues yet, but the day is young. Any pointers are most welcome
     
  18. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    686
    Location:
    Island of Woman
    so the WVSX rules and updates are still coming for the 'bare' version, that we are used to? will it be maintained? I am in a middle of work I don't want to experiment with new features for now. HIPS requires some time. Dedicated time to get everything functional and secure.

    From what I gather the new beta is becoming pro version and the old WSVX we know is going to be the free version with its own updates
     
    Last edited: Jun 20, 2021
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,779
    Location:
    U.S.A. (South)
    Ever the more closing in on some decent registry monitor which uses a driver (not service). Combined to a program or solo either way. Then after many years waiting can finally chalk it up to near 100% fail safe in a single bound. WVSX is the formidable on it's own anti- ransomware behavior blocker and has the decency and common courtesy to present snap instant response time for both stopping and alerting the user something tried to mess you up your good machine.

    PC Hunter astonish in that it's a kernel deep ring0 logger display which with 2 ticks stop all and any adding either manually or otherwise writes to the registry both KEY or Value(no deletes either) while never at all interfering with Windows normal necessary functional interactions. A novel idea no one else ever bothers to help user's without a second program, usually some full blown AV or have to buy other Antimalware programs just to achieve that peace of trust.

    The registry is tied into Windows all over working functions more than most users care to realize or give thought to.

    Such crafty novel defensive security inventions aren't throwed together overnight but requires dedicated talented folks who have a passion for perfection. No didn't say it's perfect but the idea is crystal clear enough. And the results are final.
     
    Last edited: Jun 20, 2021
  20. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    @WiseVector Is there a cloud protection too somewhere in here now or only streaming updates?
     
  21. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,779
    Location:
    U.S.A. (South)
    We need a book to figure out the huge menu additions in the HIPS part of it.

    For example with Secure Folders one needs only to BROWSE to set a folder(s) and given 4 methods of protection, ADD and it's done. Everything in that folder is assigned a permission flag and it's driver enforces the chosen threshold.

    Also on 8.1 WiseVector does not start at all after simple reboot to engage it's 2 drivers to load/FW-x64 and HIPS_x64.sys. Easily confirmed with NVT Driver Radar Pro.

    Took the liberty of adding the shortcut to Start-Up folder but nothing doing. Must manually start WiseVector THEN both sys drivers load and monitoring begins in earnest.
     
    Last edited: Jun 20, 2021
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    There is no cloud protection yet, all protections are locally based.
     
  23. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Hi Baldrick,

    Sorry for the inconvenience. When WVSX crashes, it will generate a dump file with name like "v2*.dmp" in the installation directory. Can you find it and send it to support@wisevector.com? Thanks
     
  24. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Are there any plans for it soon? Web protection can benefit from it tbh.
     
  25. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    You can also write a rule in WVSX to monitor driver loading, just select the "Load Driver" event in the Rules Editor. You can observe which program is loading a driver and decide whether to allow or block. :cautious:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.