WiseVector Stop-X

Discussion in 'other anti-malware software' started by bellgamin, Aug 10, 2020.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,770
    Location:
    U.S.A. (South)
    That is pounding the nail home squarely on the head.

    No malware is a ghost. Keep off the machine a series of backups is what I like to refer to as FAILSAFE. Yeah go ahead and deface a system or render it inert for a user or company. But try reaching backups isolated away from the targeted system online. Wasted time and no returns for you bad guys. Have a smoke to celebrate another failure.

    Backups OFFLINE are the KEY so what!
     
  2. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    531
    WV beta 3.1 keeps flagging Henry++ Simplewall as malware for the last 2 or 3 versions. Reported as fp and uploaded file each time... log attached.
     

    Attached Files:

  3. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,742
    Put Henry++SimpleWall in your WVSX exclusion list if you haven't done so already.
     
  4. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    531
    Simplewall program folder is excluded but updated installers are flagged as malware on last two versions.
     
  5. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,742
    Ah. The obvious solution is to temporarily disable WSVX when you run the program installer.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    Yes, it's probably not the best way to test AV's, because it's not a realistic scenario. And I forgot that WVSX doesn't use signatures, but it's more similar to Cylance, it's based on ML.
     
  7. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    Sorry for the inconvenience.
    The FP has been resolved.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    WiseVector StopX DOES use signatures as mentioned by @WiseVector many times throughout this thread.
    Etc, etc...
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,774
    Location:
    The Netherlands
    OK, my bad. But then what makes it different when compared to other AV's like Win Defender?
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    I'll leave that for more knowledgeable members to answer.
     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,696
    Location:
    UK
    If you turn Real time Protection off should WV then flag a .bat file when you try to run it?
    Do you need to restart WV for the 'off' setting to take effect?
     
  12. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    WVSX is locally based. When being disconnected from network, both real-time protection and behavior detection can still work well.
    WD is cloud based, which means it can work effectively only when being connected to network. It has multiple ML models deployed on cloud, making WD pretty strong in static detection.
    WD has only AI based static scanning, but WVSX has AI based static scanning, behavior detection and memory detection. Additionally, it has unique instruction tracer to prevent users from DLL side-loading attack.
    For more information, please visit this page: https://www.wisevector.com/en/en-features/.

    There are two obvious weaknesses of WD.
    1) Because of the huge number of users, WD is the No.1 target of attacks.
    2) Attackers can easily add exclusions (files or processes) to WD by using Powershell, WMI, etc.

    If you are sticking to WD, it is recommended to combine it with WVSX.
     
    Last edited: Oct 25, 2021
  13. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    If you try to run the file, the behavior detection is going to work and flag it.
    No need to restart. But don't forget to click OK button after the setting is completed.
    Here is the WiseVector StopX User Guide. https://www.wisevector.com/wisevector_stopx_user_guide_en.pdf
     
  14. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,696
    Location:
    UK
    That explains it, it was the behaviour detection that caught it :)
    I guess I would have had to exit WV via taskbar icon to avoid this.
     
  15. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    145
    Something I don't understand: If I chose for exemple to set the WSVX Firewall protection level to "Rules", where et how do I define them??​
     
  16. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,742
    Click on rule based mode.
     
  17. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    145
    Thanks for the reply, but on my PC, this does nothing.
     
  18. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,742
    I don't think you can put in your own rules in 3.01. The rules based mode are pre configured rules.

    You may need to wait for a future version to add custom rules to WSVX.
     
  19. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    Exit WV, you will be unprotected.
    If it's a FP, please send the file to virus@wisevector.com and we will resolve it soon. Or you can add the file in the Exclusions.
     
    Last edited: Oct 25, 2021
  20. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    Rules-based mode: Only match the rules written by the user, the connections will be allowed if it does not match any rule.
    The ways to add custom rules: right click the WVSX icon on the tool bar->Actions->Rules->Add->Add network-type rule/Add other-type rule.
    Here is the introduction.
     
    Last edited: Oct 25, 2021
  21. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    531
    Some fps are expected given that Im running 3.1 beta so not a problem at all.
    Mailwasher pro dl'd from Majorgeeks is another fp (I assume)... it has been uploaded.
     
  22. WiseVector

    WiseVector Registered Member

    Joined:
    Aug 16, 2020
    Posts:
    495
    Location:
    China
    Hi,
    Thanks for your report.
    We will analyse the file soon, if it's a FP, we will fix.
     
  23. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    531
    Thanks @WiseVector
     
  24. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    145

    OK, I understand now. It works. Thanks.
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,278
    Location:
    Among the gum trees
    I am also having problems with the free version of MailWasher, although it is the Pro trial. Email sent.

    Thanks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.