Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.
We are writing the upgrade log now, thanks.
Understood @WiseVector- Personal preference ruleset for Registry also. Got it. Thanks as always for your insight/support.
What in the world? Hey @WiseVector-What a fantastic GRANULAR super feature. I completely and absolutely totally missed seeing that outstanding and highly efficient RULESET SETTING! To put it mildy- OUTSTANDING!
Thanks for setting me completely straight to the RULES SECTION and have no need to add anything else to compliment that such technical accurate and efficient user configurable mechanism. What an amazing addition on top of the Network Feature.
Sure set me straight.
THIS IS HUGE!
Yes, in most cases it is based on a blacklist, and in a few cases it will scan the contents. Note that if the URL is related to a Linux malware, web protection will not handle it.
What were you doing on your computer before the system deadlocked? The detection from emsi is a FP. "CryptoMalware" means ransomware, Apparently WVSX is not ransomware, please report the FP to emsisoft if possible, thanks.
We also check for phishing links, but they disappear rather quickly, so maybe we need to increase our speed to recognize them.
That's very strange. Because the Web Protection is only a protection layer for the network, it will not interfere with the system operation. If possible, can you turn it on again to check if the same issue happens again or not. Note that if this is your production computer, forget this.
I had restarted the laptop as directed, and then when I opened my Opera browser, it wouldn't go to an address. Then I tried opening an app, and nothing happened. So, obviously a system freeze as described in my post above.
I will wait a bit before I try to install this beta. But, I will disable Emsisoft, first.
Can hardly believe what i'm obviously witnessing with my eyes in this new version. Network is quite formidable in it's own right, but WVSX HIPS ruleset feature beats anything that I have ever seen or experienced quite like it before. Exceptionally granular and as solid as an anvil iron. And with all this light as a feather!!
And @WiseVector - Rules can also be personalized for the Windows Registry as well?
Please post a screen shot.
Writing custom rules is a bit more complicated, there is an exclamation mark icon behind each edit box in the rule editor, move mouse over it will give help information. Yes, the rules can also be personalized. WVSX's detection logic is to first match the rules you write before entering our detection logic. If you choose rule-only mode, it will only match your rules.
Thanks, we will install Opera browser to see what happens.
I assume this also scans HTTPS and HTTP traffic for malware (exe, js etc as well) I tried couple malicious downloads web guard didn't stop it before or during the download but it was handled after download completed.
I run Opera as the default browser here. No problems or issues with it and WV beta. In fact, I just had to check the beta was running it's so quiet! Good job.
Well, the beta is a NO GO for me at the moment...continual termination/self restart of WVSX. Can only assume that something on my system & WVSX do not get on, as I have been running v2.73 (Final) for a few months with absolutely no ill effects and certainly not this issue.
I will try reinstalling and 'debugging' but as far as I can see a MAJOR incompatibility has been introduced in the beta...which is such a shame. I was really looking forward to moving over to full time use of WVSX.
If I manage to find any pointers I will post back.
installed over the top... no probs... just the usual CFW exclusions, and made sure WVSX F/W is set to off..
Thanks thats useful. I am running CWF with Cruelsisters settings and did wonder if there was anything that I should turn off on this version? Do you leave network intrusion detection on? I was running with everything on and it hasn't caused me any issues yet, but the day is young. Any pointers are most welcome
so the WVSX rules and updates are still coming for the 'bare' version, that we are used to? will it be maintained? I am in a middle of work I don't want to experiment with new features for now. HIPS requires some time. Dedicated time to get everything functional and secure.
From what I gather the new beta is becoming pro version and the old WSVX we know is going to be the free version with its own updates
Ever the more closing in on some decent registry monitor which uses a driver (not service). Combined to a program or solo either way. Then after many years waiting can finally chalk it up to near 100% fail safe in a single bound. WVSX is the formidable on it's own anti- ransomware behavior blocker and has the decency and common courtesy to present snap instant response time for both stopping and alerting the user something tried to mess you up your good machine.
PC Hunter astonish in that it's a kernel deep ring0 logger display which with 2 ticks stop all and any adding either manually or otherwise writes to the registry both KEY or Value(no deletes either) while never at all interfering with Windows normal necessary functional interactions. A novel idea no one else ever bothers to help user's without a second program, usually some full blown AV or have to buy other Antimalware programs just to achieve that peace of trust.
The registry is tied into Windows all over working functions more than most users care to realize or give thought to.
Such crafty novel defensive security inventions aren't throwed together overnight but requires dedicated talented folks who have a passion for perfection. No didn't say it's perfect but the idea is crystal clear enough. And the results are final.
@WiseVector Is there a cloud protection too somewhere in here now or only streaming updates?
We need a book to figure out the huge menu additions in the HIPS part of it.
For example with Secure Folders one needs only to BROWSE to set a folder(s) and given 4 methods of protection, ADD and it's done. Everything in that folder is assigned a permission flag and it's driver enforces the chosen threshold.
Also on 8.1 WiseVector does not start at all after simple reboot to engage it's 2 drivers to load/FW-x64 and HIPS_x64.sys. Easily confirmed with NVT Driver Radar Pro.
Took the liberty of adding the shortcut to Start-Up folder but nothing doing. Must manually start WiseVector THEN both sys drivers load and monitoring begins in earnest.
There is no cloud protection yet, all protections are locally based.
Sorry for the inconvenience. When WVSX crashes, it will generate a dump file with name like "v2*.dmp" in the installation directory. Can you find it and send it to email@example.com? Thanks
Are there any plans for it soon? Web protection can benefit from it tbh.
You can also write a rule in WVSX to monitor driver loading, just select the "Load Driver" event in the Rules Editor. You can observe which program is loading a driver and decide whether to allow or block.
Uninstalling v2.73 has not been a straight process due to the "unkillability" on my system of some residual WSVX process after exiting it in sys tray. Again, this ocurrence was displayed in Process Explorer Gui, but not in windows Task Manager. A workaround has been to 1. Display WSVX gui, 2. in settings, uncheck "Prevent WSVX to be killed" and 3. exit WSVX from the systray.
Then, after installing WSVX v3 and rebooting, I ran into several issues (system hanging/frozen). The sole way I found was to hard shutdown my pc, reboot in safe mode, uninstall WSVX, reboot in normal mode, reinstall WSVX, reboot, much of the time with the same hanging problem after that. A workaround for that has been to install WSVX v3 in safez mode. Or maybe I just had luck??
In the process of all that, I lost all the exclusions I had gradually set up these last weeks. So, I suggest you give the user a mean to export/import them.
Concerning new features, I tested mostly the firewall. Very interesting to have that. There are little Gui problems though: in the field for rules name, I can paste a name with blank characters, but can't type blank characters when using the keyboard. Moreover, the "export" feature doesn't work well.
Immediately after rebooting and connecting, WSVX let me know that some app was trying to access the internet, asking for a decision on my side (blocking/allowing). In that precise case I knew that the connection could be done, but more generally, the user's decision would be helped if WSVX specified to which ip or url the app tries to connect.