Deprecated WiseVector Free AI Driven Security

pxxb1

Level 10
Verified
Well-known
Jan 17, 2018
473
:giggle:Hello Everyone,

WiseVector StopX V2.70 is here,

What's new:
1. Added lightweight rollback to roll back changes caused by some destructive malware, such as ransomware. This feature has been designed to remain lightweight and users can hardly notice any performance degradation.
2. Redesigned the real-time file monitoring, it is more sensitive and faster than before.
3. Redesigned the Behavior Detection. Now the Behavior Detection can identify more unknown file infector viruses, being more capable of detecting advanced threats.
4. Improved Memory Protection to detect RAT trojan abuses legitimate processes to hide their malicious implants, such as Gh0st, Meterpreter and CobaltStrike.
5. Malware quarantine is now sorted by date. Quarantine reason is added.
6. The UI is not transparent now, so that the interface can be displayed more clearly. Some new skins are added.
7. Improved the ability to delete malicious files being locked.
8. Now users can select whether or not to automatically download and install program updates.

The download link:
https://update2.wisevector.com/WiseVector_StopX_V27.exe
https://www.wisevector.com/WiseVector_StopX_V27.exe

Please pick up the faster one.
After a few days of testing, V2.67 can update to V2.70 automatically. Now you can perform an overwrite install or fresh install.

Cheers & Best Regards,
WiseVector

Good job!

One thing, when installing it says; space need, it should read space needed, and 45m, that should be 45mb.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
WIll you be adding the network feature you discussed some time ago soon? Will it be a firewall or just network inspection?
Hi,
Yes, we are going to add the network protection in our next release and this feature would be paid.
There are some free firewalls on the market. I would like to know what features are useful or useless for you and are there some features you really need but they don't have.
We have a general plan to develop our network protection, meanwhile we would like to ensure every feature suits for the needs of our users. So could you please advise?
Thanks!
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
In my opinion u should start to cover windows lack... an outbound notification that give u a chance to allow or deny a program. Later if u can put a window message with a cloud lookup for a safe or unsafe answer in realtime will be the top.
Thanks for your suggestion.
Yes, checking hash is one effective way to detect malware.
However, according to our observation, nowadays whitelist programs are often abused by malware ( such as Stealer and RAT ) to connect network. So only checking hash is far from enough to block modern attack.:)
 

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
Tested and working great.
The ransomware is successfully blocked and encrypted files are rolled back. All read me of the ransomware are removed correctly.
This is awesome, good job WV team!
WVTEST.jpeg

I have a suggestion:
Put a label indicating that this is the path to the file, and its relative action, and allow the “panel” slide to display the entire path when it is too long.
It might also be useful to allow the Threat Remediation window to be enlarged.
See the spoiler for the image.
1608736285773.png
 

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
@WiseVector
I tried the test as well.
I disabled the protections to get the ransomware protection and its remediation to turn on.
The files that are being rolled back are no longer readable. Some files have not been rolled back (maybe), also in the WiseVector folder where it saves copies of the files remain as much (I suppose they are the ones that have not been rolled back).

Is it a bug? I don't want that WV can't restore the files when so many files are encrypted (in fact for a second WV stops responding).
Or am I doing something wrong?

Link video: 2020-12-23 18-34-56

Tested with the sample (CrySis). Thanks @Der.Reisende for the sample on the hub.
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705

How well does WiseVector StopX work with Windows Defender?

It’s OK to run Windows Defender together with WiseVector StopX. But once Windows Defender detects a suspicious file, the file will be locked by Windows Defender and other AV cannot access to it, so there might be a misunderstanding that WiseVector StopX does nothing when threats occur.
WiseVector StopX FAQ
@WiseVector Would you want WiseVector StopX 2.70 users (at this time) to think of WV as a companion security solution? Or, would you prefer WiseVector StopX 2.70 users to think of WV (at this time) as a sole security solution? And with future WiseVector StopX releases (at some time). Would you like WiseVector StopX users to think of WV as their sole security solution?
Thanks
 

bjm_

Level 15
Verified
Top Poster
Well-known
May 17, 2015
705
@WiseVector
Does this Exclude event populate to Exclusions.
I'm not finding this Exclude event with Exclusions.
Is this type of Exclude event a one way Exclude?
Does this type of Exclude event have a Remove (exclusion) action?
png_8412.png

Edit: Okay....I found how to remove this Exclude event -
png_8414.png

I was thinking all Exclude events would populate with Exclusions -
My bad - ;)
Thanks
 
Last edited:
F

ForgottenSeer 89360

Tested and working great.
The ransomware is successfully blocked and encrypted files are rolled back. All read me of the ransomware are removed correctly.
This is awesome, good job WV team!
View attachment 251721
I have a suggestion:
Put a label indicating that this is the path to the file, and its relative action, and allow the “panel” slide to display the entire path when it is too long.
It might also be useful to allow the Threat Remediation window to be enlarged.
See the spoiler for the image.
Please change the text in this alert to “Recovery Needed”, “Needs Recovery” or “Needs to be recovered”. The first one is best in my opinion. “To recovery” is not grammatically correct :)
You can also leave just “Recover” and “Quarantine”.
 

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
Hi,
Yes, we are going to add the network protection in our next release and this feature would be paid.
There are some free firewalls on the market. I would like to know what features are useful or useless for you and are there some features you really need but they don't have.
We have a general plan to develop our network protection, meanwhile we would like to ensure every feature suits for the needs of our users. So could you please advise?
Thanks!
Hello! I am happy to see the development of your product making progress. Often when security software companies start working on implementing a firewall into their product, they really seem to rush it. I have used just about every firewall over the years, and can honestly say that for every one product that gets a feature right, 10 other products fail on that same feature. It is very hard to find a solution that 'checks all the boxes' and has a nice graphical user interface to go along with it.

Here is what I would recommend you focus on:

1. Don't rush the production of the firewall module, take your time and get it right. There are tons of them out there. I recommend focusing on making one that stands out.

2. Take a very close look at Little Snitch (for MacOS) Little Snitch 4 and try to implement all of the beneficial user interface features you can. There are very few firewalls for Windows that have the features that LittleSnitch does. Another one to take a look at is Glasswire (GlassWire - Personal Firewall & Network Monitor). A lot of the people using Glasswire are trying to find a Windows version of LittleSnitch, but it fails them in a lot of ways. If you could successfully implement all of the interface features these have, you would really have something that would appeal to a lot of people, I am certain of this. If you are willing to take the time to read through this list of Glasswire user feature requests, and focus on some of those, it would help you get a good idea of what people are looking for: Future Feature Requests! Unfortunately, the Glasswire developers really seem to ignore a lot of the requests, even though they are sorely needed.

3. Include quality stateful packet filtering, fragmented traffic, protocol analysis, anti-arp spoofing, ipv6, anti-DDOS, etc. Many 'firewalls' now days are really weak in this regard and don't do much other than allow/black programs access to the internet. I think it is really important to have very strong packet filtering. It needs to be stronger than Windows Firewall, or people will switch to any of the number of WFW management software already out there (Private Winten, Windows Firewall Control, Glasswire, etc.). It is good to have a nice interface to allow/black, but incoming packet filtering is very important.

4. Offer alternative modes. Some users will want to be able to be prompted and customize the rules on-the-fly using the prompt, while other users will want to simply allow or block access. Take a close look at the differences between ESET firewall, Kaspersky firewall, Comodo firewall, etc. Glean what you can from them and come up with something powerful, yet sleek. The default prompt should be very simple, but it should also have a button somewhere in the prompt that expands the prompt and displays more detailed information, and allows for greater customization.

5. Integrate it into some sort of white-list, but allow users to enable/disable this feature. Some users will love the majority of software they use being auto-whitelisted and not getting prompts, while other users will want to opt-out and handle the prompts themselves. Kaspersky firewall/application control is really nice in that it not only does this, but also clearly displays the user-ratings for the program in question. If someone is 95% sure they want to allow something, and sees that over 1,000 other users also allowed it, and that it is very common software, it is very re-assuring. Comodo and other firewalls also allow automatic white-listing of software that are signed by certain software companies, such as Microsoft, etc. It is a nice feature to have for the average user, and greatly reduces pop-ups.

6. I really believe that the more you interact with users in forums like these, as you develop the firewall, and really listen to user-feedback and ideas, you will end up with a rock-solid firewall. Sadly, a lot of software development companies start off doing this, and when they start getting some sales, they quickly loose interest. If you can maintain an active relationship with the forum security communities, you will be in really good hands. The majority of users that bother reading/posting in these forums have a lot of experience with a wide variety of firewall software and will have a lot of good ideas for the interface. Unfortunately, a lot of developers seem to be working on a really nice firewall, and part way through get burned out. I am no programmer, but I really think that firewalls are a lot more work than most developers originally think. Unless you are willing to go the extra mile, it is probably a complete waste of time to bother at all, since there are so many alternative solutions out there. Your WiseVector seems to have some unique attributes going for it, so the firewall should stand out as well, especially if you want it to be the reason people are willing to pay for your software.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
have a suggestion:
Put a label indicating that this is the path to the file, and its relative action, and allow the “panel” slide to display the entire path when it is too long.
It might also be useful to allow the Threat Remediation window to be enlarged.
Hi,
Thanks a lot for your testing.
Your suggestion is good. We will get Threat Remediation window more legible. Please hover over an item, the full file path will be shown.:)
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
I would like to see a firewall with similar capabilities:
1. Ability to block a list of IP addresses in a single network rule so that I can use these (crazy-max/WindowsSpyBlocker) and similar filtering lists.
2. Interactive mode with a request for network access for all applications with the ability to create simple rules from a request like deny all or allow all.
3. List of active network connections with the ability to create blocking rules, directly from the list.

Other requests are not so important, but it would be interesting to have a built-in whois with host names and server geography. It would also be very convenient to have built-in simple rule templates, such as: deny shared access, deny remote access, deny ping (echo) requests, etc.
Thank you for sharing your thoughts! It's very useful for us.:giggle:
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
@WiseVector
I tried the test as well.
I disabled the protections to get the ransomware protection and its remediation to turn on.
The files that are being rolled back are no longer readable. Some files have not been rolled back (maybe), also in the WiseVector folder where it saves copies of the files remain as much (I suppose they are the ones that have not been rolled back).

Is it a bug? I don't want that WV can't restore the files when so many files are encrypted (in fact for a second WV stops responding).
Or am I doing something wrong?

Link video: 2020-12-23 18-34-56

Tested with the sample (CrySis). Thanks @Der.Reisende for the sample on the hub.
Thanks for your testing.
We seldom test WVSX with most protections disabled. The problem you encountered might be caused by this.
Can you please PM the sample to me? Then we can have a test.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top