- Aug 12, 2015
- 29
Being light has nothing to do with the leakage of handles. It's invisible until you notice that your Windows is slow to react, despite having no RAM or CPU usage issues.
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Dec 14, 2018
- 643
Hi Ludditus,
Sorry for the inconvenience.
The problem seems to be a handle leak.
We will test in Windows 7 and try our best to reproduce the problem.
If we can reproduce, the problem will be resolved a.s.a.p.
Best Regards,
WiseVector
- Apr 28, 2015
- 8,910
- Apr 28, 2015
- 8,910
WiseVector 2.09 is out...
Last sample malware pack posted by @Der.Reisende today:
Last special sample malware pack posted by @Der.Reisende today:
Last sample malware pack posted by @Der.Reisende today:
Last special sample malware pack posted by @Der.Reisende today:
- Dec 14, 2018
- 643
Hi everyone,
WiseVector StopX V2.09 is released.
You can download the new version via https://www.wisevector.com/WiseVector_StopX.exe.
You can update directly through the update menu if you already have V2.X installed.
Please refer to the update log below:
1. Improved defense against Revenge Fileless Malware Family.
2. Resolved the Handle Leak in certain circumstances. ( Thanks @Ludditus for your feedback. The engineer who did this part of programming has been fired, since he has more than ten years of experience in computer programming, but made such a basic mistake. We can't bear with him...
3. Resolved some false positives in behavior detection.
Just kidding, however, in order to punish the engineer, all colleagues would not talk with him for a whole day.
WiseVector StopX V2.09 is released.
You can download the new version via https://www.wisevector.com/WiseVector_StopX.exe.
You can update directly through the update menu if you already have V2.X installed.
Please refer to the update log below:
1. Improved defense against Revenge Fileless Malware Family.
2. Resolved the Handle Leak in certain circumstances. ( Thanks @Ludditus for your feedback. The engineer who did this part of programming has been fired, since he has more than ten years of experience in computer programming, but made such a basic mistake. We can't bear with him...
3. Resolved some false positives in behavior detection.
Just kidding, however, in order to punish the engineer, all colleagues would not talk with him for a whole day.
- Apr 28, 2015
- 8,910
One could argue that his or her colleagues are no better because you should have a code review system in place before pushing it out to your consumers. You do have a code review system, right?2. Resolved the Handle Leak in certain circumstances. ( Thanks @Ludditus for your feedback. The engineer who did this part of programming has been fired, since he has more than ten years of experience in computer programming, but made such a basic mistake. We can't bear with him...
I would also hope that you endorse fuzzing and other automated testing techniques to find unforeseen bugs before other people do. Consulting professional teams for auditing is also a good idea.
- Aug 12, 2015
- 29
This is not a reason to fire a developer. If things were that way, almost everyone working at Microsoft and pretty much everywhere else in IT would be jobless.The engineer who did this part of programming has been fired, since he has more than ten years of experience in computer programming, but made such a basic mistake. We can't bear with him...
"Just kidding, however, in order to punish the engineer, all colleagues would not talk with him for a whole day.
" that was a joke mate
- Aug 12, 2015
- 29
Now, that's too weak a punishment. He should have been unable to access Sina Weibo and QQ for a week!"Just kidding, however, in order to punish the engineer, all colleagues would not talk with him for a whole day.
- Dec 14, 2018
- 643
Hi Opcode,
Thanks for your advice.
Yes, we have a code review system but it is imperfect at present.
We will improve the system a.s.a.p. and try to make no basic mistake anymore.
Best Regards,
WiseVector
- Apr 28, 2015
- 8,910
I'm actually using WiseVector on my main laptop to replace my beloved Avast
I almost happy with everything except 4 points:
1/ When I disabled WV's realtime protection and executed cmd-> sfc/scannow, WV service was still actively scanning and consuming 0.5-1% CPU. It was supposed to consume 0% CPU after being disabled
2/ WV "Upload file" seems to have a size limit. I tried to submit a ~770KB file but WV didn't show me any notification if the upload was successful or not
3/ The ransomware honeypot folders/bait folders look a bit unpleasant. Perhaps, can we have an option to hide them? Does it affect the protection at all?
4/ When I was in v2.08 and clicked "check for update", it didn't seem to update to v2.09. I had to manually install it
By the way, I seriously think WV has more potential than Cylance and it has broader support of file types. Cylance Home is completely useless against scripts
I almost happy with everything except 4 points:
1/ When I disabled WV's realtime protection and executed cmd-> sfc/scannow, WV service was still actively scanning and consuming 0.5-1% CPU. It was supposed to consume 0% CPU after being disabled
2/ WV "Upload file" seems to have a size limit. I tried to submit a ~770KB file but WV didn't show me any notification if the upload was successful or not
3/ The ransomware honeypot folders/bait folders look a bit unpleasant. Perhaps, can we have an option to hide them? Does it affect the protection at all?
4/ When I was in v2.08 and clicked "check for update", it didn't seem to update to v2.09. I had to manually install it
By the way, I seriously think WV has more potential than Cylance and it has broader support of file types. Cylance Home is completely useless against scripts
- Apr 28, 2015
- 8,910
In one of my VMs with WV 2.07 it has just auto updated some minutes ago to 2.09 via "Check for update"... but it did not auto run again, had to click manually over the WV short-cut and then I got 2.09
Update: a different WV 2.08 in a laptop has just auto updated to 2.09
Last edited:
- Dec 14, 2018
- 643
Hi Evjl's Rain ,
Very happy to know you are one user of WiseVector StopX.
1. Can you please tell me why you need disable StopX's realtime protection?
When you have the advanced detection enabled (although you disabled the realtime protection), the behavior detection is still recording every important action, such as process creation, remote thread and Windows hook. This is consuming CPU. When a suspicious behavior is detected, StopX will trace whole behavior chain to clean up malware leftover parts. If you just want to use StopX as a scanner, you have to disable realtime protection, advanced detection, ransomware detection and document protection.
2. When the size of file is over 20M, you will be informed the upload is failed. When upload is completed, there will be a notification "File has been uploaded successfully!". The file you wanted to submit is a false positive or a suspicious one? No notification? It was abnormal. Can you please submit another file to have a test?
3. You can hide the ransomware bait folders manually, but it's not suggested, since most ransomware don't encrypt hidden files. You can also customize your own bait folders look pleasant.
4. Maybe there is problem of auto update, we will have a update server located in Europe to resolve this soon. (@harlan4096 )
Best Regards,
WiseVector
Very happy to know you are one user of WiseVector StopX.
1. Can you please tell me why you need disable StopX's realtime protection?
When you have the advanced detection enabled (although you disabled the realtime protection), the behavior detection is still recording every important action, such as process creation, remote thread and Windows hook. This is consuming CPU. When a suspicious behavior is detected, StopX will trace whole behavior chain to clean up malware leftover parts. If you just want to use StopX as a scanner, you have to disable realtime protection, advanced detection, ransomware detection and document protection.
2. When the size of file is over 20M, you will be informed the upload is failed. When upload is completed, there will be a notification "File has been uploaded successfully!". The file you wanted to submit is a false positive or a suspicious one? No notification? It was abnormal. Can you please submit another file to have a test?
3. You can hide the ransomware bait folders manually, but it's not suggested, since most ransomware don't encrypt hidden files. You can also customize your own bait folders look pleasant.
4. Maybe there is problem of auto update, we will have a update server located in Europe to resolve this soon. (@harlan4096 )
Best Regards,
WiseVector
Last edited:
- Apr 28, 2015
- 8,910
@WiseVector: I had no issues downloading the new version, but just after applied it -> WV did not auto restarted.
hello:1. Can you please tell me why you need disable StopX's realtime protection?
When you have the advanced detection enabled (although you disabled the realtime protection), the behavior detection is still recording every important action, such as process creation, remote thread and Windows hook. This is consuming CPU. When a suspicious behavior is detected, StopX will trace whole behavior chain to clean up malware leftover parts. If you just want to use StopX as a scanner, you have to disable realtime protection, advanced detection, ransomware detection and document protection.
2. When the size of file is over 20M, you will be informed the upload is failed. When upload is completed, there will be a notification "File has been uploaded successfully!". The file you wanted to submit is a false positive or a suspicious one? No notification? It was abnormal. Can you please submit another file to have a test?
3. You can hide the ransomware bait folders manually, but it's not suggested, since most ransomware don't encrypt hidden files. You can also customize your own bait folders look pleasant.
4. Maybe there is problem of auto update, we will have a update server located in Europe to resolve this soon. (@harlan4096 )
1/ I disabled WV because it would speed up sfc /scannow (a known script to repair windows) => I didn't do anything during the repair, just waiting, so there was no problem to to temporarily turned off WV
2/ My file was only 775KB (SunsetScreen.exe), WV never showed anything after I clicked upload. I repeated it at least 10 times, no message. Smaller files are okay.
this is the VT link to the file: VirusTotal
I submitted because it was detected by WV version 1 and I failed to submit it at that time. Now, it is not detected anymore but I just want to test the file submission
3/ I understand. It's fine. I can live with it
4/ Maybe WV can update itself to a +2 version? like from 2.07 -> 2.09, but not from 2.08 to 2.09?
so far, I'm quite happy with WV
I just wonder why WV is so big on private bytes/commited size of RAM?
- Apr 28, 2015
- 8,910
In the laptop I'm currently working now WV has updated today from 2.08 to 2.09, the only issue was the auto restarted...
- Apr 28, 2015
- 8,910
- Dec 14, 2018
- 643
Hi,
Commit size is the amount of space reserved in the paging file for the process. Used when its pages need to be swapped out to make room in RAM for other processes. it refers to the amount of memory that the process executable has asked for - not necessarily the amount it is actually using.
WIseVector StopX uses memory-mapped files (create file mapping) to load the files to the virtual memory, some of them are stored on the external disk storage which can be used to exchange data when needed.
If you checked Google Chrome, you could find it is huge on commit size. In my computer, it is consuming around 900000K at present, so no worry here.
When you do nothing with WiseVector StopX, but still consuming CPU, it's probably because of streaming update.
Yes, it can do this.
Similar threads
