Oh, by the way. About 5 days ago I tried KnowBe4 and WV could only fight .exe attacks (which are 3 out of 23 of the KnowBe4 test). I just repeated it and it has already learned to fight the non exe!!! Amazing!!
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
Running Win11x64 with YogaDNS configured for NextDNS and with NordVPN running wireguard with no DNS changes. I have had this configuration running for over 6mths flawlessly. Upon launching WiseVector 3.03 my DNS is changed instantly to NordVPN's ISP. Exit WiseVector from the tray and instantly my DNS returns to NextDNS. I can reproduce this every single time. I notice the DNS change and restored a backup that I knew worked flawlessly. I then kept NextDNS open in a browser window and repeated all the changes I had made until it was 100% reproducible. I uninstalled WiseVector and am letting others know. If I was a betting man my money would have been on NordVPN overriding my settings and changing the DNS anyway. I would have lost. I don't understand the conflict, only that it is there and reproducible.
- Dec 14, 2018
- 643
Hi,
Copy them is OK, we didn't reproduce the issue you have encountered.
Yes, it's possible. You can manually add the extensions that you want to rollback.
HIPS and firewall are two different features working respectively. Here is the introduction.
How did you set the rule? There should be no popup again.
Good suggestion. We will consider to add this button.
Thanks for your test and positive feedback! We will keep WVSX improving.
Last edited:
- Dec 14, 2018
- 643
Please don't exit WVSX at once when this issue occur.
If it's convenient, can you please try to disable the features in the yellow frame one by one and tell me the result? We will do the test based on your information and try to find out the conflict.
Thanks.
Last edited:
Yes! I made the KB4 test afterwards and nothing was triggered. I guess first time I hit Ctrl+X instead of Ctrl+C!Hi,
Only manually delete or modify those test folders, WVSX will trigger as ransomware behaviour. Copy them is OK, we didn't reproduce the issue you have encountered.
Yes, it's possible. You can manually add the extensions that you want to rollback.
HIPS and firewall are two different features working respectively. Here is the introduction.
How did you set the rule? There should be no popup again.
Good suggestion. We will consider to add this button.
Thanks for your test and positive feedback! We will keep WVSX improving.
About extensions, I mean just a tick box which allows to get any file, not manually add them (will probably forget to do it hehe).
I know HIPS and firewall are different features, but what is machine learning related to? That is my question.
The rule was set on a pop-up. It always happens. For example the program tries to connect to IP1 and then IP2. Popup for IP1 triggers, I click on allow and remember program path. Then second popup of IP2 appears, but the rule just created "resolve" the issue, it has already been allowed.
And thank you for hearing suggestion!!
See you!
- Dec 14, 2018
- 643
For saving resources, WVSX is not designed to rollback all files in default.
ML plays an important role in the features. Sorry, I can't tell you the technical details.
Can you please show me the screenshot of the popup? Thanks.
I just mean having an option. I did increase limit to 9999 MB. I guess WV will stop earlier... But if a random tries to encrypt my documents, it is much more than 10 GB...
I just meant if it is just as Malware and Firewall, because if so, the level of protection should also be shown up as Malware/HIPS and firewall do when you right click on taskbar. So, I just meant if it is protection related or just for improving WV!! Not technical details! For having the 3 on taskbar: ML, HIPS and firewall levels all together!
You can reproduce with any prompt of a program trying to connect to Internet if set up to maximum on firewall. It will try 2 times to connect, u allow it on first popup, the second will appear also although redundant. Once I am with the PC I will try to record it!
Thanks and see u!
I unchecked every box in settings, one by one, until I had completely disabled all protection. No firewall, no HIPS, no ransomware, no self defense, nothing. It still overrides my DNS settings and as proof of concept as soon as I exit WiseVector from the tray it returns to normal. I will leave it installed for now but not running to help trouble shoot things.
Dolphiner
Level 1
- Mar 1, 2022
- 12
WiseVector StopX V3.06 April 13, 2022
1. Enhance the detection of Shellcode, which can monitor the entire life cycle of Shellcode. Malicious programs often embed well-known customized Shellcode to execute malicious instructions to avoid static detection, such as Meterpreter, CobaltStrike, etc. This function has a detection rate of close to 100% for well-known shellcodes, which can cut off the behavior chain of malicious programs in the early stage of the attack.
2. Enhance the detection of ransomware, add multiple dimensions and models to detect ransomware more effectively.
3. Active defense enhances detection of advanced injection techniques.
4. Other bug fixes.
Download address: https://update1.wisevector.com/WiseVector_Setup_V306.exe
Recommended for experienced users to download and use. It can be installed by overwriting, and online upgrade is not supported for the time being.
Translated by Google.
1. Enhance the detection of Shellcode, which can monitor the entire life cycle of Shellcode. Malicious programs often embed well-known customized Shellcode to execute malicious instructions to avoid static detection, such as Meterpreter, CobaltStrike, etc. This function has a detection rate of close to 100% for well-known shellcodes, which can cut off the behavior chain of malicious programs in the early stage of the attack.
2. Enhance the detection of ransomware, add multiple dimensions and models to detect ransomware more effectively.
3. Active defense enhances detection of advanced injection techniques.
4. Other bug fixes.
Download address: https://update1.wisevector.com/WiseVector_Setup_V306.exe
Recommended for experienced users to download and use. It can be installed by overwriting, and online upgrade is not supported for the time being.
Translated by Google.
- Dec 14, 2018
- 643
Introduction of the Machine Learning levels: Generally, setting on Aggressive, WVSX can detect more suspicious files during static scanning, but there might be more false positives. Setting on Normal or High is appropriate for most users. The settings will be effective when you perform static scanning only.
Not every single of the 10GB files being encrypted are important for the users, therefore we are inclined to rollback the important ones first to save the resources.
Yes, we tested in this way, but not reproduced.
- Dec 14, 2018
- 643
This issue is very strange, since WVSX doesn't have the ability to modify DNS...
- Dec 14, 2018
- 643
V3.06 was released!
Update log:
1. Improved Shellcode detection. WiseVector StopX can monitor the Shellcode’s full life cycle. Malware writers often use well-known customized Shellcode (e.g. Meterpreter and CobaltStrike) to execute malicious instructions to avoid static detection. WiseVector StopX can detect this type of Shellcode nearly 100%, therefore it can stop malware at the early stage.
2. Improved ransomware detection. Added multiple modules to detect ransomware.
3. Improved Behaviour Detection to detect modern injection techniques.
4.Fixed other bugs.
Update log:
1. Improved Shellcode detection. WiseVector StopX can monitor the Shellcode’s full life cycle. Malware writers often use well-known customized Shellcode (e.g. Meterpreter and CobaltStrike) to execute malicious instructions to avoid static detection. WiseVector StopX can detect this type of Shellcode nearly 100%, therefore it can stop malware at the early stage.
2. Improved ransomware detection. Added multiple modules to detect ransomware.
3. Improved Behaviour Detection to detect modern injection techniques.
4.Fixed other bugs.
Please download via: https://update2.wisevector.com/WiseVector_StopX_V306.exe
It can be installed by overwriting. Online update is not available now.
It can be installed by overwriting. Online update is not available now.
Nikolay Kralev
New Member
- Apr 20, 2017
- 8
Does WiseVector StopX ver 3.06 fixe the restart and shutting down problem for windows 11 ?
Unfortunately no. I still have issue with Kaspersky and WiseVector running together for reboot and shutdown. It hang with the circle progress running
It does have the ability to override YogaDNS which acts as a network filter for all DNS traffic. WiseVector installs a network filter, correct? How else can it monitor or filter web traffic? Since this issue happens whether any active protection is enabled or not simply by launching the .exe, then one can conclude that the way WiseVector ties into network traffic overrides the way YogaDNS overrides network traffic.
- Aug 16, 2021
- 230
- Dec 14, 2018
- 643
What version of Kaspersky you have installed? When exiting Kaspersky, will the issue still occur?
- Dec 14, 2018
- 643
We didn't reproduce the issue, so can't find the reason for the problem.
- Dec 14, 2018
- 643
Hi,
WVSX does have the WFP driver (a network filter), which is a part of the network protection, but it will not override the DNS ( my bad, I shouldn't say it doesn't have the ability).
I sent a message to you, please reply if it's convenient for you. Thanks.
A few more questions:
Some things that should be addressed in future releases:
- How does Network Intrusion Detection and Web Protection work? Because I have found Network Intrusion Detection to block malicious sites even when Web Protection is disabled, though it might just be an bug,
- Does or will the firewall block external network attacks such as DoS attacks and port scans?
- I saw on an older comment of yours that there are plans to make Behavioral AI available only in the paid version, is it still true or is it because it will be an different componentthan WIBD?
- For the firewall to be registered in Security Center as an actual third party firewall? Especially considering as right now you are prompted by both WVSX and Windows Firewall to allow or block connection attempts
- Creating AI model(s) for detecting phishing sites or/and Potentially Unwanted Programs?
- Adding password/PIN protection for the settings?
- Make the Rollback feature rollback all changes done by malicious software (i.e created registry keys, start up items, scheduled tasks, system setting changes, etc), as of right now it seems to just restore encrypted files and deleting some remnant files, and ive found it to leave empty autorun items behind.
Some things that should be addressed in future releases:
- You can remove WVSX from running at startup by using Autoruns
- You can terminate Wisevector.exe using Process Hacker, to which you can then terminate the WiseVector service (WiseVectorsvc.exe) which wont regenerate
- You can disable and even delete the WiseVector Task in Task Scheduler
Last edited:
Similar threads
