Dolphiner
Level 1
- Mar 1, 2022
- 12
It does, but not works that well. WV doesn't have the heuristic detection on phishing sites, so it can only blocks phishing sites by blacklisting them.
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Dec 14, 2018
- 643
@Matthew Wai
Since it was not flagged as malicious by the static scanning, we need more time to analyze the sample.
I can post the result here. Please wait.
Since it was not flagged as malicious by the static scanning, we need more time to analyze the sample.
I can post the result here. Please wait.
Matthew Wai
New Member
- Mar 11, 2022
- 6
I have solved the "false positives" problem by setting HIPS to "Rule-based Mode".
Will other functions such as advanced malware protection and anti-ransomware be affected by my HIPS setting?
Will other functions such as advanced malware protection and anti-ransomware be affected by my HIPS setting?
- Dec 14, 2018
- 643
Hi,
The Rule-based Mode means you have to write every single rule to get your PC protected. The default settings of all functions ( including advanced malware protection and anti-ransomware) will not work any longer.
For the security, it's better to set HIPS to Automatic Mode and add the scripts to the Exclusions of WVSX, so you can run them without alert.
Matthew Wai
New Member
- Mar 11, 2022
- 6
I found a mistranslation on this page: WiseVector StopX FAQ
Real-time Protection and Advanced Protection are two parts working respectively.
基础防护和高级防护是两个相对独立的板块。
They are two parts working independently of each other.
Real-time Protection and Advanced Protection are two parts working respectively.
基础防护和高级防护是两个相对独立的板块。
They are two parts working independently of each other.
- Dec 14, 2018
- 643
If you selected the "Rule-based Mode", real-time protection can still work as usual which is based on static detection.
HIPS is a part of Advanced Protection which is based on behavior detection. Once setting HIPS to "Rule-based Mode", it will work by following your rules.
Here is the introduction of HIPS Level. Hope it helps.
Hi what are the best settings to put firewall,hips at? For example firewall at max settings ,hips at max settings?
I have finally fixed the voodoo problem.I had to put my windows firewall settings back to defaults .I think it was a wisevector firewall problem i was having.I do not have wisevector installed at the moment and voodoo is working with windows firewall .This is why I asked about the settings in wisevector above,I noticed that also version 3.05 has been pulled.
So for now I only have voodooshield installed and wondering about wisevector and the proper settings for each section(firewall.etc).
I have finally fixed the voodoo problem.I had to put my windows firewall settings back to defaults .I think it was a wisevector firewall problem i was having.I do not have wisevector installed at the moment and voodoo is working with windows firewall .This is why I asked about the settings in wisevector above,I noticed that also version 3.05 has been pulled.
So for now I only have voodooshield installed and wondering about wisevector and the proper settings for each section(firewall.etc).
Question for @WiseVector ~ Can v3.05 with both Firewall & HIPS set to 'High' interfere with Microsoft Defender updates?
Reason for query: On Tuesday Microsoft Defender totally disabled itself on my Windows10 21H2 PC because it couldn't install 'Update for Microsoft Defender antimalware platform KB4052623 (Version 4.18.2202.4)'. Retrying installation within Windows Security repeatedly failed with 'download error' or failed part way through installing. I disabled WVSX (so there was no other RTP AV) and rebooted PC and update went through without any further issue. I can't be certain whether it was the reboot or disabling WVSX (or both) which cleared the problem hence my question... is there anything about WVSX or specifically about 'High Security' settings which could have interfered with Defender updates?
Thanks.
Reason for query: On Tuesday Microsoft Defender totally disabled itself on my Windows10 21H2 PC because it couldn't install 'Update for Microsoft Defender antimalware platform KB4052623 (Version 4.18.2202.4)'. Retrying installation within Windows Security repeatedly failed with 'download error' or failed part way through installing. I disabled WVSX (so there was no other RTP AV) and rebooted PC and update went through without any further issue. I can't be certain whether it was the reboot or disabling WVSX (or both) which cleared the problem hence my question... is there anything about WVSX or specifically about 'High Security' settings which could have interfered with Defender updates?
Thanks.
(May be by-products of running it in a Virtual Machine)
A couple questions:
A couple questions:
- Ive noticed that static AI does not detect malicious scripts (Javascript, Batch, Powerhsell scripts, etc) when ive put WVSX against malware, only the Behavioral AI detects them upon execution of the malicious code. Will the static AI engine get the ability to detect scripts before their execution?
- The software makes an awful lot of connections to the cloud, in a matter of 4 days it has done just over a thousand connections to cloud1.wisevector.com, cloud2.wisevector.com and cloud3.wisevector.com, which is an order of magnitude more connections to the cloud than any other AV ive used, so what warrants these many connections to the cloud?
- When I had the Firewall Level set to Low Security, it still prompts me to block or allow requests regarding untrusted applications, although on in your blog it says "Low-level Security: It relies entirely on the AI‘s independent judgment, and basically there will be no pop-ups.".
- The program has considerable disk usage after installation, on my host PC it used 25%~ and on our laptop it maxes out disk usage, and when detecting a threat when I did tests in a VM it also maxed out disk usage.
- Upon detecting a threat, most often Wisevector Service Application spikes in resource usage, but sometimes WiseVector Main Program spikes instead, sometimes even both spike in resource usage, CPU in particular (Though this was when I tested it with the static engine disabled with only the Behavioral AI enabled).
- Dec 14, 2018
- 643
Hi,
Yes, you can set to "High". There is no interfere with MD updates. Was there any pop-up from WVSX while the update failed?
Next time if the same issue occur, please try to reboot the PC first or disable WVSX. When you did the both at the same time, the reason of the download error can't be found.
- Dec 14, 2018
- 643
WVSX detects malicious scripts by behavior detection, that's the reason why they can be detected after their execution.
It's normal, since WVSX uses Stream Update technique.
Can you please show me what are the pop-ups?
Please show me the screenshot about the disk usage. Thanks.
If the high CPU usage occur in most of the time, please try to disable "Scan on file creation" in the Real-time Protection.
- Apr 6, 2016
- 440
Hi,
Just out of my interest to your work and product, shouldn't you fix these kind of issues/bugs instead of suggesting users change settings? because it seems you are aware that feature is sometimes causing high cpu usage for users.
or is it something you're already working on a fix for it
What I meant was, will the static AI engine that predicts malicious get the ability to detect scripts aswell?
Despite having the Firewall Mode set to Low Security I still get pop ups, even though when I have the HIPS set to low security it automatically allows or blocks events, no user interaction required.
It seems both seem to be purely situational, I was unable to replicate the issue of CPU usage on my host, though I was able to replicate the disk usage in my VM, Video of it 2022-03-21 16-54-56
The CPU usage seems to be related to the Behavioral AI taking action against threats (Possibly related to Wisevector rolling back malicious changes), which is understandable and isnt concerning when I have so far not seen the static AI miss a single sample when I have had it turned on, it also never lasts longer than maybe 10 seconds.
Last edited:
No popups & yes I thought of that (that I should have separated test of whether reboot and/or disabling WVSX resolved issue) just as I hit reboot button
To be honest I'm not interested in using an AV that allows its protection to be disabled (and fails to notify user) if an update fails anyway... irrespective of whether another program was involved or not so Defender has been disabled on my PC. Unfortunately WVSX doesn't register itself in windows security nor does it work with Avast fully activated (which I'm using again) so I've had to just retain WVSX just as a secondary scanner for now.
Well, knowing if a change of settings solves a problem could, I think, help a developer know much more about where the problem originates from.
If the change of settings doesn’t fix it, then would mean more time for the developers to investigate the problem
- Apr 6, 2016
- 440
Yea well Developer did not said that like "try changing x settings and let us know if the issue still persists or it got fixed" if this was the case sure, we knew they are actually trying to see what's the problem.
but developer said if you are having high cpu usage, turn off x settings
which means developer already know what's the problem and where it's coming from.
2 different things
- Dec 14, 2018
- 643
Static AI engine can detect some malicious script, but most of them will be detected by the behavior detection. We designed WVSX like this.
Thanks for the screenshot. Since the Risk level is High, there will be a pop-up. We will add the introduction in the blog. (ps: basically there will be no pop-ups doesn't mean no pop-ups at all)
Since you are testing malicious samples, if you think high CPU usage is not OK, I suggested you to disable the "Scan on file creation". But it is not recommended for normal users.
Last edited:
- Dec 14, 2018
- 643
Hello,
A short time of high CPU usage is normal.
Continuous high CPU usage is abnormal ( if anyone encountered this issue, please let me know, thanks).
Since ScandinavianFish were testing samples, I suggested to change the settings. It's not recommened for other users.
I see, thats good to know, it would be good for the less technical user to have both the firewall and HIPS completely automated, even if they rarely will have an pop up regarding an suspicious program, though I can understand if it maybe shouldnt be like that incase it blocks an legitimate program.
I often test with the Real-Time Protection disabled in order to test the capabilities of the behavioral component of WVSX, and the CPU spike happens with only the Advanced Malware Protection enabled (along with HIPS and the Firewall), and as pretty much no one in a real-life scenario will have RTP disabled along with the fact I have seen very few samples get past the first layer of protection, it doesnt warrant concern. I mentioned it as it was more to point out that the behavioral component can get pretty CPU intensive, though it rarely lasts more than a few seconds.
Similar threads
