WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,305
    What kind of software that was detected? I tested with some productivity software, torrent client, games, Discord, download managers and so on with no false positive whatsoever.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    I can't remember them all, they were older apps, I reported one of them named Quick ShutDown, but it's a very simple tool, it really shouldn't be detected. But I don't really care about the AV, I really don't think it will outperform Win Defender. The HIPS and firewall however are interesting to me, I wonder if it can compete with SpyShelter.

    https://quick-shutdown.software.informer.com/2.6/

    Did WVSX perform well in the YouTube test or what? These videos are often not very clear to me.

    Yes I have heard this before, they fire up so many malware that AV's sometimes can fail, but I'm not sure if this is normal, shouldn't AV's keep blocking them?
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    No problem and from what I understood it's difficult to block this stuff. I wonder if HMPA will re-intodruce this feature. BTW, you might find these articles interesting, it's also about unhooking stuff in order to bypass EDR systems, which are basically HIPS/HIDS for corporations.

    https://www.optiv.com/insights/sour...tection-and-response-how-hackers-have-evolved
    https://www.optiv.com/insights/source-zero/blog/edr-and-blending-how-attackers-avoid-getting-caught
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,731
    Location:
    U.S.A. (South)
    Hi @Rasheed187- Me again. Do you also (as i do) find WVSX with it's AI as an advanced Behavioral Blocker too. It seems it's HIPS about doubles as a Rapid Heuristic BB but at any rate it's lite and shown to be ultra effective and it's options extremely user friend per your personal preferences. Network Guard i see as icing on the cake-a very useful addition that works as expected. Sort of the best of more than just both worlds.
     
    Last edited: Aug 7, 2021
  5. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,305
    Oh come on, so you are disappointed that a 2003 niche software was wrongly detected by an AI antimalware solution? Are you serious?

    I dont know if it can compete with SpyShelter and dont need to anyway, WiseVector StopX is a much more elegant solution that can be used by anyone.

    If you dont care about the advanced AI scanner of WVSX you can stick with SpyShelter, it will suit you better.
     
    Last edited: Aug 7, 2021
  6. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    485
    Location:
    China
  7. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    485
    Location:
    China

    I downloaded the software and WVSX did not detect it in static scan and execution, so the FP should have been solved.
    If a large number of malicious programs are running at the same time, it can have an big impact on the system performance, which may cause unpredictable behavior includes AV failure.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Yes I'm serious, because it makes me wonder how good the "AI" truly is. It's a perfectly harmless tool, and I don't see why it's being detected, but I'm also no AV expert. I don't see how WVSX is a more elegant solution, from what I understood the upcoming HIPS will also give full control over app behavior, same as with SpyShelter.

    Yes, but would it block the unhooking from Trusteer, I believe this is the question. You are talking about the final stage of the attack.

    Correct, I reported it months ago, and I believe you already fixed it, but why do you believe it was falsely detected? Was it because of certain behavior, or because it wasn't signed?
     
  9. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    485
    Location:
    China
    AI extracts multiple vectors from a file and then uses models to predict how suspicious the file is, so it doesn't detect a file just because it doesn't have a valid digital signature. But certain behavior can increase the suspiciousness of a file, which may eventually be considered a virus.

    The malware you mentioned will first inject into IE, then it will unhook the function hooked by Trusteer, so I am talking about the initial stage not the final stage.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    OK I see, but that's why I was a bit disappointed because I expect AI to be a bit more clever. As you know Cylance was also quite a hype years ago, but then it was discovered that it was quite easy to fool their AI technology. And my mistake, you are totally right, in order to bypass the Trusteer hooks it first needs to inject code into IE, and this should be caught.

    I guess I was a bit confused because HMPA recently added protection against unhooking of user mode hooks, bit perhaps it works a bit different, I don't know if it will first allow code injection and then still protect those security hooks. And or example SpyShelter has the ability to block banking trojans from hooking certain API's related to SSL, I never really understood how this is done, do you have an idea, and would WVSX also protect against SSL API hooking?

    https://www.spyshelter.com/internet-security/
    https://hacker10.com/other-computing/intercept-communications-with-data-tampering-tool-hookme/
     
  11. Rebsat

    Rebsat Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    33
    Location:
    My Desk
    @WiseVector

    Can we get a password protected feature in order to keep all the settings of WVSX from any unauthorized changes, for ex. I don't want my standard/non-admin account to disable WVSX protection even if it's for 5 minutes or changing anything from the settings?
    Keep up the great work man and thank you for your amazing efforts.
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    485
    Location:
    China
    Thanks for your advice. It's on our to-do list, since other users need the same feature as well.:)
     
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    485
    Location:
    China
    Frankly speaking, only focus on a single adversary technique in the attack chain is not very meaningful. For mitre attack attack chain, there are more than two hundred adversary techniques, see: https://attack.mitre.org.
    Block one technique can cut off the entire attack chain.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    Well, I know what you mean but I don't fully agree. And I guess what I'm asking is, can WVSX block banking trojans even when they have already somehow performed code injection? Like I said before, both Hitmanpro.Alert and SpyShelter can alert about or block banking trojans that are trying to modify/hook crucial browser API's. So I guess WVSX can't do this, am I correct?
     
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    665
    Location:
    Island of Woman
    Spy shelter free can do that? or another free program?
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    No you need either SpyShelter Premium or SpyShelter Firewall. Actually, from what I understood, you can also use HMPA as freeware, the ''safe browsing'' feature is offered for free, for other features like anti-exploit and CryptoGuard you need to pay.
     
  17. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    665
    Location:
    Island of Woman
    yeah I advocated a couple of times using the hitmanPro and let the license run off, its still good antikeylogger too+ bad usb protection, didnt know about anti hooking for banking malware
     
  18. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,541
    Location:
    USA
    Hey guys, is the current v3 beta version sufficiently safe & stable for a production system?
     
  19. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,036
    Location:
    Baden Germany
    I'm running WVSX on my private office machine and my Win7 machine at work. (network, but non domain)
    Nothing to complain.
    All in all I'm very pleased with WVSX.
     
  20. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,541
    Location:
    USA
    @Hiltihome, I appreciate receiving your experience with WVSX v3. I am currently running WVSX v2.73 along with SpyShelter's HIPS and Firewall. It would seem that WVSX v3's new features can eliminate my need for SpyShelter. :doubt:
     
  21. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,044
    Yes, for the most part. I've had very occasional issues. For example, yesterday when my laptop woke from sleep, I had no internet access, as WiseVector's firewall was blocking it. But I think the only issues I've had have been from the firewall, which can be disabled.
     
  22. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,541
    Location:
    USA
    Hmm, can its firewall be configured to complement WD's firewall by just 'policing' outgoing network requests?
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,044
    I don't think so.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,629
    Location:
    The Netherlands
    BTW, are the firewall and HIPS already present in the latest version?

    I forgot to ask, can you perhaps make a list of all behaviors that are monitored by the HIPS?

    Well it depends a bit on what you need. I like the network monitor in SS for example, eventhough I'm using TinyWall as my firewall, because it's able to auto-block outgoing connections, SS can't do this.
     
  25. Nitty Kutchie

    Nitty Kutchie Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    160
    WiseVector's firewall can be rule-based if you so choose it's just Roger may not have known it's firewall have six options, throw it in a VM and test it for yourself so you can get a hands on experience of your own. And the latest beta is 3.01 which i'm testing at the moment. Your can control in bound and out bound connections.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.