Update WiseVector Free AI Driven Security

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
:)Hi everyone!

V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.

The download link:

Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.

Good day!;)
 

porkpiehat

Level 6
May 30, 2015
255
ok, just an observation... I have a

Test File: PDF With Embedded DOC Dropping EICAR​

by Didier Stevens

with 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning...
Screenshot 2021-01-13 203218.png

there doesn't seem to anything of interest in Temp.... just thought you'd like to know...
 

Antimalware18

Level 8
Verified
Jan 17, 2014
399
ok, just an observation... I have a

Test File: PDF With Embedded DOC Dropping EICAR​

by Didier Stevens

with 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning... View attachment 252929
there doesn't seem to anything of interest in Temp.... just thought you'd like to know...

hmm, thats interesting, I've got 2.72 installed and it detects the pdf as soon as it is extracted.
 

porkpiehat

Level 6
May 30, 2015
255
hmm, thats interesting, I've got 2.72 installed and it detects the pdf as soon as it is extracted.
yeah, that's what used to happen..... but now the PDF opens, and I get the malware warning... very odd.

ok, that is odd... I was testing with a saved zip file, but if I download a fresh PDF(zip) file, it is stopped on execution... would there be any reason for that?

so, if I extract the file from the downloads folder, it is stopped on extraction.... but if I extract the file from a different folder, the PDF file is opened, and WVSX issues the warning... :confused:
 
Last edited:

dlr5668

New Member
Jan 4, 2021
3
:)Hi everyone!

V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.

The download link:

Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.

Good day!;)
Confirmed not leaking with Kaspersky anymore. Thanks!

 

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
@WiseVector Hi!

I was testing some viruses yesterday and I noticed something strange.
Video.
WiseVector is closed and in notify mode. I started the virus then opened WiseVector and it found the virus and blocked it. I clicked on many notifications and once I was done, part of the virus process remained open. (Apparently that process doesn't look malicious). There is also a.bat file left in the folder created by the virus.
I have written this so that you can understand the problem (assuming it is one), solve it or improve something.
I sent the sample to you privately.
Thanks @Der.Reisende for the sample on the hub.

VIdeo: 2021-01-05 19-49-58_Tri
Thanks!
We tested the sample.
Since you exited WVSX before started the sample , WVSX was unable to record the relationship between processes, for example the parent-child relationship. In this case, the parent process wasn't blocked completely and the child process was started repeatedly.
Please keep WVSX running when testing malware.:)
 

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
yeah, that's what used to happen..... but now the PDF opens, and I get the malware warning... very odd.

ok, that is odd... I was testing with a saved zip file, but if I download a fresh PDF(zip) file, it is stopped on execution... would there be any reason for that?

so, if I extract the file from the downloads folder, it is stopped on extraction.... but if I extract the file from a different folder, the PDF file is opened, and WVSX issues the warning... :confused:
Hi,
With the realtime protection enabled, WVSX blocked the sample immediately when double click on it.
Capture21.PNG
Do you mean that WVSX didn't block the sample when you ran it?
 
Last edited:

porkpiehat

Level 6
May 30, 2015
255
Hi,
With the realtime protection enabled, WVSX blocked the sample immediately when double click on it.
View attachment 252953
Do you mean that WVSX didn't block the sample when you ran it?
when the zip is downloaded, and you extract it, it is blocked... but if I move the zip to another folder location called 'security tests', and extract it, the PDF file opens, but you still get the 'malware blocked' popup... so I can only assume that the dropper has been taken care of, as I cannot find an offending TMP file.
Screenshot (1).png
 
Last edited:

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
when the zip is downloaded, and you extract it, it is blocked... but if I move the zip to another folder location called 'security tests', and extract it, the PDF file opens, but you still get the 'malware blocked' popup... so I can only assume that the dropper has been taken care of, as I cannot find an offending TMP file.
Thanks for your reply.
Can you please tell me what's your default PDF reader? We will try to reproduce what you have posted.
 

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
Just for your information.
I just downloaded Revo Uninstaller and WVSX flagged it as malware.
Hi,
Thanks for your feedback.
Can you please tell me it was flagged as malware by our static detection or behavior detection?
Please be noted that without exiting WVSX, there will be an malware alert whenever a program is trying to uninstall WVSX or modify the files in our installation folder.
 
Top