EndangeredPootis

Level 8
Verified
It does use signatures. In time it will be registered in Windows Security Center.
in this thread or in changelogs. I admit they don't put much info on their website
I have been using this AV for ~200 days and put it into Malwarehub. I know what it is capable of and what features it has. Not as much as the devs themselves
I don't know how they name the cloud engine. They call it streaming updates. When the internet connection is available, WV will have better detection rates than itself offline. Tests performed immediately after the internet connection was turned on + without performing a manual database update

3. We don’t have cloud files lookups at present
Signatures arent mentioned anywhere so like I said, it relies only on the behavior of programs.
 

EndangeredPootis

Level 8
Verified
This is not the case according to @harlan4096 and @Evjl's Rain who have both been testing it for some time.
But how can they prove it does have signatures and/or a cloud? they only mentioned a couple of comments by WV which contradicted themself, also, on their site they say they dont use "traditional" methods to detect malware, and a database/signatures and a cloud is traditional to pretty much all AV's.
 
Last edited:

harlan4096

Moderator
Verified
Staff member
Malware Hunter
2. Most features of WiseVector StopX rely on local, but our streaming updates rely on cloud.
3. We don’t have cloud files lookups at present.
I here try to interpret that they don't have cloud reputation checking, like Kaspersky KSN for example, but still they have some kind of streaming signatures updates based on cloud...

In fact, during my malware tests with WV these months, I've found many times some samples not detected, that I've sent via the integrated feature to send undetected files, and after some minutes I've click over "Check for updates" option and re-scan and the sample was now detected...

Anyway We should wait for @WiseVector better explanations :)
 

EndangeredPootis

Level 8
Verified
I here try to interpret that they don't have cloud reputation checking, like Kaspersky KSN for example, but still they have some kind of streaming signatures updates based on cloud...

In fact, during my malware tests with WV these months, I've found many times some samples not detected, that I've sent via the integrated feature to send undetected files, and after some minutes I've click over "Check for updates" option and re-scan and the sample was now detected...

Pretty sure they are saying that their UPDATES rely on the cloud, not their signatures, and again, you contradicted yourself.

This most likely isnt because of something to do with a cloud as it uses AI to detect malware, and even then, they said they dont have a cloud to check for malware, either that or they made a mistake, and if im wrong, I apologize for arguing.
 

WiseVector

From WiseVector
Verified
Developer
Hi EndangeredPootis,

Thank you for giving us a chance to stop being lazy :) Anyway we'd like to tell you more to make you or others have a better understanding of
WiseVector StopX.

The Real-Time protection include:

. Active processes scanning (Scan running processes)
. Process Execution Scanning (Scan application being executed)
. File Scanning (Scan files being created)

AI based Behavior Detection, The AI makes desicision based on multiple events, such as file metadata, API call, etc. Recently we realized the behavior name is not so user-friendly. Since many users don't understand why the program has been blocked, so we changed the behavior name to reflect the most important actor to let the Ai decide to block the program. For example, If there is a program make multiple API calls(CreateProcess->VirtualAlloc->WriteProcessMemory->CreateRemoteThread). Actually the most important API call is CreateRemoteThread. In this case the behavior will be named WIBD:Heur.Injector.XX. The XX usually are combination of numbers and letters which present the special API call graph. So we can understand what'the extract way the malware used to inject other process. The typical important actors are listed below,
.MBR Write
.Low-Level Disk Write
.Persistence
.Various registry events
.AppLocker Bypass
.Generic behavior (The detection name will be:"WIBD:HEUR.MalBehavior.XX")
.Suspicious file system events (Ransomware detection)
.Fileless malicious executions (Will be impoved in the next version)
.Process Manipulation (Will be impoved in the next version)
.Process Injection (Will be impoved in the next version)
.Credential stealing (Will be included in the next version)
.Memory events (Will be included in the next version)

We have a powerful unsupervised clustering algorithm running in the cloud. The purpose of the clustering operation is to put the similar programs into different subsets. So, the same subset of objects will have the similar the properties. For missed samples or false positives, The algorithm will extract unique signatures from the properties and then deliver it to the end users automatically. The whole process will only take seconds.
Samples do not belong any of the clusters will be analyzed manually. In this case it will take hours.
 

EndangeredPootis

Level 8
Verified
Hi EndangeredPootis,

Thank you for giving us a chance to stop being lazy :) Anyway we'd like to tell you more to make you or others have a better understanding of
WiseVector StopX.

The Real-Time protection include:

. Active processes scanning (Scan running processes)
. Process Execution Scanning (Scan application being executed)
. File Scanning (Scan files being created)

AI based Behavior Detection, The AI makes desicision based on multiple events, such as file metadata, API call, etc. Recently we realized the behavior name is not so user-friendly. Since many users don't understand why the program has been blocked, so we changed the behavior name to reflect the most important actor to let the Ai decide to block the program. For example, If there is a program make multiple API calls(CreateProcess->VirtualAlloc->WriteProcessMemory->CreateRemoteThread). Actually the most important API call is CreateRemoteThread. In this case the behavior will be named WIBD:Heur.Injector.XX. The XX usually are combination of numbers and letters which present the special API call graph. So we can understand what'the extract way the malware used to inject other process. The typical important actors are listed below,
.MBR Write
.Low-Level Disk Write
.Persistence
.Various registry events
.AppLocker Bypass
.Generic behavior (The detection name will be:"WIBD:HEUR.MalBehavior.XX")
.Suspicious file system events (Ransomware detection)
.Fileless malicious executions (Will be impoved in the next version)
.Process Manipulation (Will be impoved in the next version)
.Process Injection (Will be impoved in the next version)
.Credential stealing (Will be included in the next version)
.Memory events (Will be included in the next version)

We have a powerful unsupervised clustering algorithm running in the cloud. The purpose of the clustering operation is to put the similar programs into different subsets. So, the same subset of objects will have the similar the properties. For missed samples or false positives, The algorithm will extract unique signatures from the properties and then deliver it to the end users automatically. The whole process will only take seconds.
Samples do not belong any of the clusters will be analyzed manually. In this case it will take hours.
Alright, then I understood it all correctly.
 

Mops21

Level 29
Verified
Trusted
Content Creator
Hi Noche,

Thanks for your interest in WiseVector Stopx. Currently we are beta testing WiseVector StopX V2.50 in China. If everything goes well, we will release the English version in the next week.

Hi @WiseVector

I have some question for the WiseVector 2.5

1. Is that the Beta Build or the Final Version or the Alpha or RC Version

2. And can you tell us more Infos about it please and post some screenshots please

With best Regards
Mops21
 

Noche

Level 14
1.png2.png3.png4.png

Installed today and testing. :) (y)
 

WiseVector

From WiseVector
Verified
Developer
Hi @WiseVector

I have some question for the WiseVector 2.5

1. Is that the Beta Build or the Final Version or the Alpha or RC Version

2. And can you tell us more Infos about it please and post some screenshots please

With best Regards
Mops21
Hi,

Thanks for your interests in WiseVector StopX.
If every thing goes smoothly, we will release a stable English version next week and information about it will be posted at the mean time.

Regards,
WiseVector
 

Chuck57

Level 4
Verified
Finally finished reading this entire thread, downloaded and am running a quick scan right now. First, seems to be no conflict with Hard Configurator along with ConfigureDefender at high. Second the "quick" scan isn't very quick, but it's a first run so I expected it to take some time. Third, it is remarkably light on the system, which is appreciated.

So far, I'm liking it.