Deprecated WiseVector Free AI Driven Security

SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
WiseVector said:
Hi,

Of course, not. If an application utilizes Isass.exe for internet connection, it must be malware...

Since the communication is not encrypted (http 80 from your screenshot). You can use WireShark to capture the traffic between your computer and the remote IP.
The network packets are plain texts, you can easily inspect what caused this behavior.
Click to expand...
It only happens when WiseVector is run for the first time after installation. So, currently I'm not able to reproduce it. But this happened too the last time I tried WiseVector so I'm sure something related to WiseVector is triggering it. In my case the domain it tried to connect is owned by cloudflare. Let us know if you can reproduce this on your end and if yes then whether the domain is different in your case or not.
WiseVector said:
Can you please tell me what is the CPU usage usually when your system is idle?
WiseVector StopX scans the new files added in your computer, so it uses CPU when your system is updating or something else may cause new file added.
Click to expand...
After asking that I personally installed it and the CPU usage is fine now but still it's never 0% when idle. Is this normal? Check this gif file.
wise.gif
 
  • Like
  • +Reputation
Reactions: JB007, Stopspying, [correlate] and 6 others
WiseVector

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
SeriousHoax said:
It only happens when WiseVector is run for the first time after installation. So, currently I'm not able to reproduce it. But this happened too the last time I tried WiseVector so I'm sure something related to WiseVector is triggering it. In my case the domain it tried to connect is owned by cloudflare. Let us know if you can reproduce this on your end and if yes then whether the domain is different in your case or not.

After asking that I personally installed it and the CPU usage is fine now but still it's never 0% when idle. Is this normal? Check this gif file.
View attachment 234850
Click to expand...

Hi,

After doing some search. I've found similar behavior here: Automatic connection from LSASS to different IPs. Is this the usual behavior?
More details: Certificate Revocation Checking in Windows Vista and Windows Server 2008

And from this page Performance Report for ocsp2.globalsign.com/gsdomainvalsha2g2 | Netcraft We will know "104.18.20.226 " belongs to globalsign. So don't worry, you don't get hacked. It's just OCSP protocol.

CPU usage below 1% is normal. As i mentioned before. WV will scan newly added files. After 2.5 WV will also scan newly allocated memory page so it can detect advanced memory attack techniques. Which include:

Reflective Dll Injection,
Process Hollowing,
Manually PE loading (Exe and Dll),
DotnetToJS, Sharpshooter, .Net code in PowerShell.
Process Doppelgänging
Process Reimaging
Mimikatz

WV will also scan the system to identify hijacked or remote threads. All of this need to consume CPU. Though we have designed a good algorithm to cache clean memory pages and threads, you will still notice a small amount of CPU usage.
 
  • Like
  • Thanks
Reactions: JB007, Stopspying, Protomartyr and 8 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
WiseVector said:
After 2.5 WV will also scan newly allocated memory page so it can detect advanced memory attack techniques. Which include:

Reflective Dll Injection,
Process Hollowing,
Manually PE loading (Exe and Dll),
DotnetToJS, Sharpshooter, .Net code in PowerShell.
Process Doppelgänging
Process Reimaging
Mimikatz

WV will also scan the system to identify hijacked or remote threads. All of this need to consume CPU. Though we have designed a good algorithm to cache clean memory pages and threads, you will still notice a small amount of CPU usage.
Click to expand...

Very nice. I'm looking forward to it. Thank you! (y)
 
  • Like
Reactions: JB007, Stopspying, WiseVector and 7 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
@WiseVector I enabled ransomware protection and started getting a few alerts. I could not find any Help files or FAQ in GUI or on your website. I think you should consider adding these in order to make the ransomware protection more user-friendly. I believe an average user would find it difficult to make use of this feature without more info. Otherwise, the GUI is simple and functional.(y):)
 
  • Like
Reactions: JB007, Dave Russo, Stopspying and 6 others
cosmos

cosmos

Level 1
Feb 7, 2020
39
cosmos said:
Thanks for the clarification. I've run into some quirks, like receiving errors during installation of Adobe Reader and Acronis Drive Monitor. Uninstalling wisevector solved the issues. Not good first impressions here.
Click to expand...
Although these issues did not appear again, I've bumped into some other ones:
1) After installing LibreOffice Still (stable) LibreOffice_6.2.8_Win_x64.msi (MD5: 4ef6b10fb4861cdc14671938759c78ba) and trying to start the program for the first time, Libreoffice went into a boot loop and finally presented me a window to boot in LibO safe mode or boot normally. Selecting the latter continued the boot loop. I did not receive any message from wisevector at the time. After disabling it though, Libreoffice started normally.

2) On the same system, I ran hiren's bootcd which contains a small utility named All users cleaner. While running, wisevector popped up informing me that both that as well as the hiren's startup bat are trojans and asked me to whitelist them. I did but then the same prompt appeared again and again.

I'm sorry, but ΙΜΗΟ this product is clearly far away from being ready for production use, considering the issue it caused on an application like LibreOffice alone, so I would hesitate to use it even on my own rigs. I do hope the best thogh for the development team, since there are clearly signs of innovative technology.
 
Last edited:
  • Like
  • Applause
Reactions: JB007, Mercenary, Dave Russo and 6 others
WiseVector

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
Hi@oldschool,

Thank you for your advice and feedback.
When you enabled ransomware protection, please don't try to open or modify the bait files for protection. For example, when you use Microsoft Office to open the bait file, Microsoft Office will create a new ".tmp" file in the bait folder which exhibits ransomware-like behavior. That's why you got a few alerts.
Please refer to the screenshot. When clicking "set up", you will see all the files. They are the bait files used to entice ransomware.

3.JPG
 
Last edited:
  • Like
Reactions: JB007, Mercenary, Dave Russo and 9 others
WiseVector

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
cosmos said:
Although these issues did not appear again, I've bumped into some other ones:
1) After installing LibreOffice Still (stable) LibreOffice_6.2.8_Win_x64.msi (MD5: 4ef6b10fb4861cdc14671938759c78ba) and trying to start the program for the first time, Libreoffice went into a boot loop and finally presented me a window to boot in LibO safe mode or boot normally. Selecting the latter continued the boot loop. I did not receive any message from wisevector at the time. After disabling it though, Libreoffice started normally.

2) On the same system, I ran hiren's bootcd which contains a small utility named All users cleaner. While running, wisevector popped up informing me that both that as well as the hiren's startup bat are trojans and asked me to whitelist them. I did but then the same prompt appeared again and again.

I'm sorry, but ΙΜΗΟ this product is clearly far away from being ready for production use, considering the issue it caused on an application like LibreOffice alone, so I would hesitate to use it even on my own rigs. I do hope the best thogh for the development team, since there are clearly signs of innovative technology.
Click to expand...
Hi,

Thank you for your feedback.
Can you please tell me what's the version of WiseVector StopX you are using and what's your operating system? We will download LibreOffice for a test.
Can you please send Hiren's BootCD to "support@wisevector.com" or tell me where did you download it? We would like to have a analysis.

Regards,
WiseVector
 
Last edited:
  • Like
Reactions: JB007, Dave Russo, stefanos and 8 others
cosmos

cosmos

Level 1
Feb 7, 2020
39
WiseVector said:
Can you please tell me what's the version of WiseVector StopX you are using and what's your operating system?
Click to expand...
2.53 on Windows 10 Home 64bit, build 1909.

We will download LibreOffice for a test.
Click to expand...
You should try to download the specific version I had the issue with, if possible

Can you please send Hiren's BootCD to "support@wisevector.com" or tell me where did you download it? We would like to have a analysis.
Click to expand...
Should be version 15.2, check Old Versions | Hiren's BootCD PE
 
  • Like
Reactions: JB007, Dave Russo, WiseVector and 7 others
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,141
@WiseVector

I went to your website and downloaded WiseVector StopX and installed

智量 | 人工智能驱动安全

智量安全官方网站,运营智量终端安全软件等系列免费杀毒软件产品
www.wisevector.com www.wisevector.com

I did check for updates and after updating it still showed v2.09 for my Windows 10 Home 64bit, build 1909

Where to get the v2.53? Thanks
 
  • Like
Reactions: JB007, Dave Russo, simmerskool and 7 others
oldschool

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,613
  • Like
Reactions: JB007, Mercenary, Dave Russo and 9 others
WiseVector

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
cosmos said:
2.53 on Windows 10 Home 64bit, build 1909.


You should try to download the specific version I had the issue with, if possible


Should be version 15.2, check Old Versions | Hiren's BootCD PE
Click to expand...
Hi,

1. We have downloaded LibreOffice_6.2.8_Win_x64.msi which contains several Apps ( for example, Writer, Calc, Math and ect.) We tried all these Apps one by one, but unfortunately we didn't reproduce the problem you encountered. Can you please tell me which application you were using?
2. All Users Cleaner performed dangerous actions. We whitelisted it and WiseVector StopX didn't alarm again. Can you please send me the screenshot of the prompt?

Regards,
WiseVector
 
  • Like
Reactions: JB007, Mercenary, simmerskool and 9 others
cosmos

cosmos

Level 1
Feb 7, 2020
39
WiseVector said:
Hi,

1. We have downloaded LibreOffice_6.2.8_Win_x64.msi which contains several Apps ( for example, Writer, Calc, Math and ect.) We tried all these Apps one by one, but unfortunately we didn't reproduce the problem you encountered. Can you please tell me which application you were using?
Click to expand...
I simply executed the libreoffice desktop link. But it kept crashing and restarting, until it presented me with a prompt to start libreoffice in a safe mode.

2. All Users Cleaner performed dangerous actions. We whitelisted it and WiseVector StopX didn't alarm again. Can you please send me the screenshot of the prompt?
Click to expand...
Unfortunately I did not keep a screenshot, sorry.
 
  • Like
Reactions: JB007, WiseVector, [correlate] and 4 others

Similar threads

Brownie2019
    • HaHa
On Sale! Ashampoo AI Assistant⁠ - artificial intelligence / €10 / month
Replies
4
Views
866
Discounts and Deals
Gangelo
Gangelo
Victor M
    • Sad
    • Like
Technology AI now surpasses humans in almost all performance benchmarks
Replies
0
Views
339
Technology News
Victor M
Victor M
I
    • Like
    • HaHa
    • Wow
Technology NSA is starting an artificial intelligence security center
Replies
4
Views
1,030
Technology News
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top