Hi,Falsely detects fitgirl repack compression algorithm even though i sent it as false positives a few months ago
Hi MalwareTypes,@WiseVector - I've installed this one on my dad's old laptop with Windows 8.1 (cannot handle Windows 10) and during this week he's been getting this one like on 5 different occasions:
Shoul I be worried or could this be a false positive on Windows 8.1?
Usually I would just go there and install everything from scratch but I don't have the time right now. I told my younger brother to run Norton Power Eraser and Emsisoft Emergency Kit and tell me if something appeared, but nothing came up. However when running Norton Power Eraser the warning appeared again, telling that it was blocked but there has been nothing quarantined so far.
It's not false positive. The detection means svchost.exe is reading several sensitive data in the system.(Browser passwords, FTP passwords, mail passwors, etc.)
The behavior had been blocked by WiseVector StopX so your password is safe. The svchost.exe is system file so WVSX will not quarantine it.
Please do a full system scan use WVSX to see if it can detect the real malware. Svchost.exe can be hosted by a malicious dll. Or it can be injected by a kernel mode driver. Sometime it is difficult to find the real source of the malicious behavior. If the problem persists, you'd better reinstall your OS since the stealer malware can cause serious damage. If you have good knowledge of computer system, first disconnect your computer from network. Download process monitor to see which svchost.exe is accessing sensitive data. Then use process explorer to find possible malicious dlls in svchost.exe.
Hi,@WiseVector compliments for the user interface design. It is simple, but allows detailled configuration when opening the settings.
I have Code Integrity and Block Child processes enabled in Windows Defender Exploit protection. Most other AV's inject theiir DLL without user having any control on it. What I really like is the exclusion of files (excutables) for advanced protection. This prevents that the WiseVector DLL is injected .
WD Exploit Protection blocks all DLL's which are non-Microsoft signed for my Office apps. Most AV's don't allow this level of user configuration (causing an error when lanunching Office programs). Wisevector with its really simple user interface allows me to exclude Office programs from advanced protection (which is great because WD Exploit protection takes care of that).
Compliments to your UX designers
Yes, current features will be kept free.
Yeah, I was wondering whether Heuristic Analysis High-Aggressive (false positive) detection might stop (interrupt) Windows startup. Do all detections wait for user action Exclude or Quarantine?I have increased heuristics to high, but disabled check running processes (thinking it would not touch the processes launched before WV at boot and user logon).
So far (for 2 days) no problems or false positives
I have not seen a warning, but according to settings options, WV can warn user (probably with choice to allow or block). WV icon appears immediately after desktop displays (much earlier than SpyShelter Free). So I guessed that by not checking already running processes, it would reach the desktop in case of false positive with high heuristics.Yeah, I was wondering whether Heuristic Analysis High-Aggressive (false positive) detection might stop (interrupt) Windows startup. Do all detections wait for user action Exclude or Quarantine?