Deprecated WiseVector Free AI Driven Security

[WiseVector]

@WiseVector any news about register it as av? still no eta?

Sorry, still not...but we are trying.

 

[Vitali Ortzi]

Falsely detects fitgirl repack compression algorithm even though i sent it as false positives a few months ago

 

[WiseVector]

Falsely detects fitgirl repack compression algorithm even though i sent it as false positives a few months ago

Hi,

"fitgirl repack compression algorithm" looks like a kind of algorithm but not a file or an APP. We receive a great number of files from our users everyday, sorry, I can't help you just by knowing this info. Can you please send it to "virus@wisevector.com"? Then we can solve this as soon as possible.
Thanks!

 

[MalwareTypes]

@WiseVector - I've installed this one on my dad's old laptop with Windows 8.1 (cannot handle Windows 10) and during this week he's been getting this one like on 5 different occasions:

WIBD:HEUR.InfoStealer.F011
C:\Windows\System32\svchost.exe

Shoul I be worried or could this be a false positive on Windows 8.1?

Usually I would just go there and install everything from scratch but I don't have the time right now. I told my younger brother to run Norton Power Eraser and Emsisoft Emergency Kit and tell me if something appeared, but nothing came up. However when running Norton Power Eraser the warning appeared again, telling that it was blocked but there has been nothing quarantined so far.

 

[WiseVector]

@WiseVector - I've installed this one on my dad's old laptop with Windows 8.1 (cannot handle Windows 10) and during this week he's been getting this one like on 5 different occasions:

WIBD:HEUR.InfoStealer.F011
C:\Windows\System32\svchost.exe

Shoul I be worried or could this be a false positive on Windows 8.1?

Usually I would just go there and install everything from scratch but I don't have the time right now. I told my younger brother to run Norton Power Eraser and Emsisoft Emergency Kit and tell me if something appeared, but nothing came up. However when running Norton Power Eraser the warning appeared again, telling that it was blocked but there has been nothing quarantined so far.

Hi MalwareTypes,

It's not false positive. The detection means svchost.exe is reading several sensitive data in the system.(Browser passwords, FTP passwords, mail passwors, etc.)
The behavior had been blocked by WiseVector StopX so your password is safe. The svchost.exe is system file so WVSX will not quarantine it.

Please do a full system scan use WVSX to see if it can detect the real malware. Svchost.exe can be hosted by a malicious dll. Or it can be injected by a kernel mode driver. Sometime it is difficult to find the real source of the malicious behavior. If the problem persists, you'd better reinstall your OS since the stealer malware can cause serious damage. If you have good knowledge of computer system, first disconnect your computer from network. Download process monitor to see which svchost.exe is accessing sensitive data. Then use process explorer to find possible malicious dlls in svchost.exe.

 

[MalwareTypes]

Hi MalwareTypes,

It's not false positive. The detection means svchost.exe is reading several sensitive data in the system.(Browser passwords, FTP passwords, mail passwors, etc.)
The behavior had been blocked by WiseVector StopX so your password is safe. The svchost.exe is system file so WVSX will not quarantine it.

Please do a full system scan use WVSX to see if it can detect the real malware. Svchost.exe can be hosted by a malicious dll. Or it can be injected by a kernel mode driver. Sometime it is difficult to find the real source of the malicious behavior. If the problem persists, you'd better reinstall your OS since the stealer malware can cause serious damage. If you have good knowledge of computer system, first disconnect your computer from network. Download process monitor to see which svchost.exe is accessing sensitive data. Then use process explorer to find possible malicious dlls in svchost.exe.

Run both the Quick and Full Scan and nothing came up. For whatever it's worth the message hasn't popped up again.

I guess I'll have to reinstall the OS in the next weeks, luckily he uses mostly his phone to check his mail and Facebook. Thanks for answering!

 

[SearchLight]

Good program. Any decision on how long it will remain freeware or will it be shifting to a freemium model?

 

[Lenny_Fox]

Installed it today just for the fun of trying it out.

 

[Kongo]

Good program. Any decision on how long it will remain freeware or will it be shifting to a freemium model?

The developer said, that there will be a free and a paid version some weeks ago if i remember correctly.

 

[SearchLight]

The developer said, that there will be a free and a paid version some weeks ago if i remember correctly.

I hope the free version retains it's current capabilities, and the paid just additional features rather than being crippled.

 

[Lenny_Fox]

@WiseVector compliments for the user interface design. It is simple, but allows detailled configuration when opening the settings.

I have Code Integrity and Block Child processes enabled in Windows Defender Exploit protection. Most other AV's inject theiir DLL without user having any control on it. What I really like is the exclusion of files (excutables) for advanced protection. This prevents that the WiseVector DLL is injected .

WD Exploit Protection blocks all DLL's which are non-Microsoft signed for my Office apps. Most AV's don't allow this level of user configuration (causing an error when lanunching Office programs). Wisevector with its really simple user interface allows me to exclude Office programs from advanced protection (which is great because WD Exploit protection takes care of that).

Compliments to your UX designers

 

[WiseVector]

I hope the free version retains it's current capabilities, and the paid just additional features rather than being crippled.

Hi,
Yes, current features will be kept free.

 

[WiseVector]

@WiseVector compliments for the user interface design. It is simple, but allows detailled configuration when opening the settings.

I have Code Integrity and Block Child processes enabled in Windows Defender Exploit protection. Most other AV's inject theiir DLL without user having any control on it. What I really like is the exclusion of files (excutables) for advanced protection. This prevents that the WiseVector DLL is injected .

WD Exploit Protection blocks all DLL's which are non-Microsoft signed for my Office apps. Most AV's don't allow this level of user configuration (causing an error when lanunching Office programs). Wisevector with its really simple user interface allows me to exclude Office programs from advanced protection (which is great because WD Exploit protection takes care of that).

Compliments to your UX designers

Hi,
Thanks for your positive feedback.
I would like to tell this to our UX designer. He must be very happy.

 

[SearchLight]

Hi,
Yes, current features will be kept free.

Thanks. I am sure we all appeciate that!

 

[Lenny_Fox]

Hi,
Yes, current features will be kept free.

That is great news. Thanks a lot.

I really like the level of control of advanced malware protection and document protection. Other AV companies (with WV's ability to exclude processes from having the WV-dll injected ) and Microsoft (with level of configuration of the protected folders) can learn a lot of WV .

Questions: Are memory inspection and intruction tracer additional rating info for the AI or do they provide sort of behavioral protection?

 

[WiseVector]

Hi@Lenny_Fox,

Since WiseVector StopX is fundamentally AI based, all features including memory inspection and intruction tracer use AI techniques. These features use behavioral analysis as well more or less.
Some tests showing how the features work:WiseVector Stop-X (#481).
Some info about the features:WiseVector StopX Release History

Have a nice day!

 

[bjm_]

Would anyone like to see checksum hash of detected items added to WiseVector Logs?
Would anyone like to share their experience with WV Heuristics set on High or Aggressive?

 

[Lenny_Fox]

I have increased heuristics to high, but disabled check running processes (thinking it would not touch the processes launched before WV at boot and user logon).

So far (for 2 days) no problems or false positives

 

[bjm_]

I have increased heuristics to high, but disabled check running processes (thinking it would not touch the processes launched before WV at boot and user logon).

So far (for 2 days) no problems or false positives

Yeah, I was wondering whether Heuristic Analysis High-Aggressive (false positive) detection might stop (interrupt) Windows startup. Do all detections wait for user action Exclude or Quarantine?
Will Windows be able to reach login &or desktop with boot process Heuristic detection?
Maybe, Heuristic Analysis does not act alone. Maybe, Heuristic Analysis is part of the process flow. IDK

 

[Lenny_Fox]

Yeah, I was wondering whether Heuristic Analysis High-Aggressive (false positive) detection might stop (interrupt) Windows startup. Do all detections wait for user action Exclude or Quarantine?

I have not seen a warning, but according to settings options, WV can warn user (probably with choice to allow or block). WV icon appears immediately after desktop displays (much earlier than SpyShelter Free). So I guessed that by not checking already running processes, it would reach the desktop in case of false positive with high heuristics.

Before trying out possible risky tweaks, I always run a quick data backup with SyncBack Free and set a restore point. I also have an image backup in case Windows restore fails.