- May 30, 2015
- 277
when you click on the file, it doesn't even get a chance to open, so yes, probably.... but that's good thing, eh?
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Jul 26, 2012
- 353
I have noticed WV v2.70 and 2.71 are using a lot more CPU than the previous version. It also takes much longer to analyze a newly downloaded applications with a big delay. Is it due to the new rollback feature?
- Dec 14, 2018
- 643
Hi Evjl's Rain,
Long time no see.
Thanks for your feedback! 1. When you notice the high CPU usage what are you doing with your PC?
2. What do you mean by analyzing the application? The big delay occured when you just executed the APP or completed the downloading?
Our rollback feature is designed to remain lightweight and users can hardly notice any delay, so the issue you discribed is probably not caused by it.
hello, long time no see. I disappeared because WV 2.6x was too good and too stable that I had nothing to commentHi Evjl's Rain,
Long time no see.
1. When you notice the high CPU usage what are you doing with your PC?
2. What do you mean by analyzing the application? The big delay occured when you just executed the APP or completed the downloading?
Our rollback feature is designed to remain lightweight and users can hardly notice any delay, so the issue you discribed is probably not caused by it.
1. I noticed the high CPU usage when I launched a program (relatively large) which I just downloaded. Downloading doesn't cause any issue
2. When the program launched for the first time, WV analyzed that program which caused a noticeable delay in start time. Later, the program boots instantly
I noticed it when I tried to update my chromium portable using chrlauncher. These are the steps I did:
1. download the program here: https://github.com/henrypp/chrlauncher/releases/download/v.2.5.7/chrlauncher-2.5.7-bin.zip
2. Extract the "64" folder -> run "chrlauncher.exe"
3. The launcher will download chromium and install automatically
4. after it finishes, chromium will be launched automatically -> now, I see a 10-second delay + high CPU usage from WV
5. With version 2.6x, there was almost zero delay. I verified this
This is what I think
v2.67: lets the program runs -> analyzes the program later/simultaneously
v2.71: pauses the program and analyzes -> when it finishes -> the program is allowed to run -> this causes delay
Last edited:
- Dec 14, 2018
- 643
Thank you for telling me the details.
We have tested and didn't reproduce the issue you encountered. There was no delay when start chromium portable using chrlauncher in our testing.
This program is not large, just 1800KB. Can you please try to run it directly throught " Chrlauncher->64->bin->chromium.exe" to see whether or not the delay will happen again?
Hello, thank you for the reply. It's very difficult to explain just by words so I decided to record 2 videos to clearly demonstrate the difference
in these videos, you can clearly see there was a big big delay after I pressed "check for update" which would launch the application
in version 2.67, the delay was non-existent. Furthermore, chromium seemed to lag a lot as my computer was unresponsive during the first run with v2.71
The second run was instantaneous
v2.67
you can skip to 1:12
v2.71
skip to 1:16
- Dec 14, 2018
- 643
Hi,
Thanks a lot for your videos.
We guess the delay was due to there were two large files (150mb) named Chrome.dll and Interactive_ui_tests.exe in Chrlauncher/bin/64. WVSX V2.71 took times to scan them. But 10 seconds delay was too long which was probably related to the hardware configurations.
V2.67 didn't have this problem may be because the files have been scanned and cached.
In the next version 2.72 We will get WVSX improved to scan large files.
Thanks a lot for your videos.
We guess the delay was due to there were two large files (150mb) named Chrome.dll and Interactive_ui_tests.exe in Chrlauncher/bin/64. WVSX V2.71 took times to scan them. But 10 seconds delay was too long which was probably related to the hardware configurations.
V2.67 didn't have this problem may be because the files have been scanned and cached.
In the next version 2.72 We will get WVSX improved to scan large files.
- Jul 26, 2012
- 353
i just tested wv on windows sandbox under shadow defender (just to be sure i`m safe) against the following ransomwares:
the basic protection was off. copied some pics and some useless text files on desktop to see if they will get encrypted. the result was great! nothing was encrypted, the behavioural blocker simply works. the rollback feature alerted me whenever it was the case. you are doing a great job @WiseVector
conti, darkside, loki 1, loki 2, maze, modi loader, revil, ryuk, stop, wasted, zepelin
the basic protection was off. copied some pics and some useless text files on desktop to see if they will get encrypted. the result was great! nothing was encrypted, the behavioural blocker simply works. the rollback feature alerted me whenever it was the case. you are doing a great job @WiseVector
did the same test with mbam. real time shield off, ransomware shield was up and running- it caught nothing.. all the system was encrypted, it only alerted me from time to time about accessing a ransomware website. (if the moderators think the off topic is not permited, please delete/edit it.
Last edited:
- Dec 14, 2018
- 643
Hi everyone!V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.
The download link:
Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.
Good day!
Great!!! Thank you for the update
I confirm the issue with big files in version 2.71 is completely solved! It's as fast as v2.67
I confirm the issue with big files in version 2.71 is completely solved! It's as fast as v2.67
- May 30, 2015
- 277
yep, just checked, and it has updated silently, in the background....
- May 30, 2015
- 277
ok, just an observation... I have a
with 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning...
there doesn't seem to anything of interest in Temp.... just thought you'd like to know...
Test File: PDF With Embedded DOC Dropping EICAR
by Didier Stevenswith 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning...
there doesn't seem to anything of interest in Temp.... just thought you'd like to know...
- Jan 17, 2014
- 503
hmm, thats interesting, I've got 2.72 installed and it detects the pdf as soon as it is extracted.
- May 30, 2015
- 277
yeah, that's what used to happen..... but now the PDF opens, and I get the malware warning... very odd.
ok, that is odd... I was testing with a saved zip file, but if I download a fresh PDF(zip) file, it is stopped on execution... would there be any reason for that?
so, if I extract the file from the downloads folder, it is stopped on extraction.... but if I extract the file from a different folder, the PDF file is opened, and WVSX issues the warning...
Last edited:
Confirmed not leaking with Kaspersky anymore. Thanks!
V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.
The download link:
Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.
Good day!
I just downloaded and installed WVSX from the homesite, the installation said v.2.67.
- Dec 14, 2018
- 643
Hi,I just downloaded and installed WVSX from the homesite, the installation said v.2.67.
I just checked, the installer on our official website is V2.72.
Can you please check the date of the installer you had downloaded? The date should be 2021/1/14.
13, but it should not be 2.67 then. .71 could be expected.
Anyway, i`ve got the right one now.
- Dec 14, 2018
- 643
Thanks!
We tested the sample.
Since you exited WVSX before started the sample , WVSX was unable to record the relationship between processes, for example the parent-child relationship. In this case, the parent process wasn't blocked completely and the child process was started repeatedly.
Please keep WVSX running when testing malware.
Similar threads
