WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    145
    Uninstalling v2.73 has not been a straight process due to the "unkillability" on my system of some residual WSVX process after exiting it in sys tray. Again, this ocurrence was displayed in Process Explorer Gui, but not in windows Task Manager. A workaround has been to 1. Display WSVX gui, 2. in settings, uncheck "Prevent WSVX to be killed" and 3. exit WSVX from the systray.

    Then, after installing WSVX v3 and rebooting, I ran into several issues (system hanging/frozen). The sole way I found was to hard shutdown my pc, reboot in safe mode, uninstall WSVX, reboot in normal mode, reinstall WSVX, reboot, much of the time with the same hanging problem after that. A workaround for that has been to install WSVX v3 in safez mode. Or maybe I just had luck??

    In the process of all that, I lost all the exclusions I had gradually set up these last weeks. So, I suggest you give the user a mean to export/import them.

    Concerning new features, I tested mostly the firewall. Very interesting to have that. There are little Gui problems though: in the field for rules name, I can paste a name with blank characters, but can't type blank characters when using the keyboard. Moreover, the "export" feature doesn't work well.

    Immediately after rebooting and connecting, WSVX let me know that some app was trying to access the internet, asking for a decision on my side (blocking/allowing). In that precise case I knew that the connection could be done, but more generally, the user's decision would be helped if WSVX specified to which ip or url the app tries to connect.
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,718
    Location:
    UK
    Just wondering why WVX installs to the x86 folder and not Program Files.

    The vcomp.dll is from 2013 and used by Visual Studio 2005. Seems a bit old.
     
  3. porkpiehat

    porkpiehat Registered Member

    Joined:
    Jul 18, 2015
    Posts:
    45
    no, I unchecked that option.... just to be sure.
     
  4. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    Can you tell me why you think cloud protection is so important? In your testing, did you observe any malicious program that bypassed WVSX, that makes you think it should be complemented by cloud protection?:D
     
  5. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    496
    Location:
    China
    WVSX is currently 32-bit, so it will be installed to x86 folder. As for the vcomp.dll file, there is no need to update it yet.
     
  6. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    501
    Location:
    UK
    Thanks, done the same here too
     
  7. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    There hasn't been any bypasses yes true.... but cloud surely helps to keep the web protection up to date with brand new malicious urls.. also binaries (faster response times in every case) . I guess you can do the same with streaming updates but reputation checks are also useful when it comes to cloud.

    I would love to hear what you guys think about improving web protection AKA anything in pipeline?
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,044
    Location:
    Baden Germany
    On close inspection I found out, that Web Protection isn't the culprit, but Advanced Protection.

    When I turn on AP, the machine freezes within a few couple of seconds.
    The cursor can still be moved, but not even the task manager opens.
    It's reproducible every time.
     
  9. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    I had a bit of time and gave the combination of CF (cruel) and WVSX beta a whirl. A few takeaways:

    1). I ran this combo within a VM that I setup to mimic the worst system ever. Even so, there was absolutely no noticeable performance lag.
    2). the firewall component of Comodo and that of WV do not interfere with each other. When unknowns are run, the firewall of Comodo will act first, followed by WV (the time lag here is during the AI decision process). Either way no nasty network connections wee accomplished (and I really like how WV has coded their Firewall; it reacts to malware getting out, but when I ran a few legit applications that need to connect out not a peep).
    3). About the only thrill I had was recording keystrokes via pyhook. But with two firewalls in place to stop any outbound transmission of such data it really didn't matter.
    4). Although I still have to eventually get to coded some stuff, so far this combo has been a wonderful thing.

    m
     
  10. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,709
    Location:
    New Mexico, USA
    Two solid performers is much more to my taste than a long list of various software. Simple, light, and functional. So far, no problems of any kind with Wisevector 3 beta and CFW
     
    Last edited: Jun 20, 2021
  11. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    501
    Location:
    UK
    Thanks, looks like it is safe to run WV with all components active alongside Comodo with your setup?
     
  12. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,599
    Location:
    South Wales, UK
    Thanks WV

    I will take a look and if I find anything as you have described I will save it and send it to support.

    Cheers, Baldrick
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,777
    Location:
    U.S.A. (South)
    Having a good time time with this new build in spite of my always present overzealous expectations.
    Most of which this WVSX build exceeds!

    From tray menu Go to ACTIONS->RULES->EVENT: and really configure. :D


    sshot-2021-06-20-19-18-46.jpg

    @cruelsister :thumb:

    @WiseVector - X unresponsive on RULES board but no matter.
    CANCEL closes windows. Just so you know.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,777
    Location:
    U.S.A. (South)
    Thanks @Lyx for some very useful suggestions. It would be of benefit of course for user's to export/import WVXS user preferences config's now that she sports the new rules feature.

    I'm sure @WiseVector has better explanation for addressing those aforementioned issues encountered.
     
  15. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Yes it is. Preferable would be to use the simple cruel settings of CF and the default on WV. Although it may be heresy on a security Forum to admit, but keeping things simple is Optimal (the Setup that alerts the Least is the setup that protects the Best).
     
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,072
    Why didn't you just install v3, without uninstalling v2 first? The only time I ever uninstall software before installing a new version, is when the new version specifically requires the old version to be removed before installing it, which was the not case here.
     
  17. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    501
    Location:
    UK
    Brilliant, thank you :thumb:
     
  18. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,977
    I think I know what the problem is/was and it had nothing to do with WVSX.

    I have been out most of the day, and just woke up my computer.

    I had a problem with my Opera browser connecting out. A per the Glasswire connections alert it seems that my hosts is involved somehow.

    Also, I went into Services (Local) and noticed that WWAN AutoConfig and/or WLAN AutoConfig had stopped.

    After restarting one these two services, I could connect to the internet.

    GlassWire_not loaded after system recovery_02.JPG

    GlassWire_not loaded after system recovery_03.JPG

    GlassWire_not loaded after system recovery_04.JPG

    P.S. I don't know why my hosts file keeps changing. I am sure it isn't malware!!!!
     
  19. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    29
    Location:
    USA
    Hi @cruelsister, please simple questions:

    1) For the past years I have used your cruel-comodo, and I never had a problem. Please, do you see WV as a cruel-comodo complement? Or is it redundant?

    2) If WV is redundant, do you still prefer cruel-comodo? Or WV?

    3) If both complement each other, please can you (take your time) find the best configuration/settings for Comodo & WV? (What exactly "the simple cruel settings" are?)

    I take this opportunity to tell you how much I miss your comments, not to forget your wonderful videos. When I visit these security forums the first thing I do is to search your comments ... yeah, I'm addicted to @cruelsister LOL

    Thanks in advance!
     
    Last edited: Jun 21, 2021
  20. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,519
    Location:
    Paris
    Thank you for your comments (blush)! So far, I can state these things:

    1). WVSX is very strong and very elegantly coded.
    2). the CruelCF + WVSX combo is not only not redundant, but result in additive protection. The only fair Dumb detection (Sig based) by VirusScope is made up for by the superior Dumb detection of WVSX. The mechanistic (Smart) detection of WV enahnces things significantly, while the Sandboxing function of CF really makes things difficult for malware to act. And I won't even bother to mention the Outbound Firewalls, CF's Script Analysis and WV's anti-ransomware honeypot functionality.

    The best analogy that comes to mind is malware trying to get through a gauntlet lined with folk bearing spiked clubs. It's gonna be bloody with a slim to no chance of one getting through. In short, an Optimal combination.

    (I do really wish that Comodo would make an offer to WV that they couldn't refuse. Departments could be re-evaluated leading to cost savings and resulting in a product without peer).
     
  21. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    29
    Location:
    USA
    Great answers, thanks a lot @cruelsister !

    Please if possible, sorry to insist, my #3 question: "If both complement each other, please can you (take your time) find the best configuration/settings for Comodo & WV? (What exactly "the simple cruel settings" are?)"
    Perhaps you're still testing both software, and you don't have an answer for me. If that is the case, please take all the time you need!
    But if by chance you already have recommendations, which settings are going to be the most efficient for Comodo & WV combo?

    Thousand thanks again!
     
  22. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    6,807
    WiseVector StopX V3.00 Beta
    https://www.wisevector.com/en/en-history/
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,418
    Location:
    Under a bushel ...
    @Decopi Unless you get a further reply, see here for CF: https://www.wilderssecurity.com/threads/comodo-firewall-for-windows-10.413789/#post-2959635
     
  24. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,595
    I do hope this will never happen. Comodo has already acquired (= destroyed) BOClean. I don't want Comodo to destroy yet another good anti-malware solution.
     
  25. Decopi

    Decopi Registered Member

    Joined:
    May 13, 2017
    Posts:
    29
    Location:
    USA
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.