Update WiseVector Free AI Driven Security

WiseVector

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
:)Hi everyone!

V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.

The download link:

Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.

Good day!;)
 
  • Like
  • Applause
  • +Reputation
Reactions: Andrew999, Moonhorse, roger_m and 17 others
porkpiehat

porkpiehat

Level 6
May 30, 2015
255
ok, just an observation... I have a

Test File: PDF With Embedded DOC Dropping EICAR​

by Didier Stevens

with 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning...
Screenshot 2021-01-13 203218.png

there doesn't seem to anything of interest in Temp.... just thought you'd like to know...
 
  • Like
Reactions: Protomartyr, SeriousHoax, WiseVector and 3 others
Antimalware18

Antimalware18

Level 8
Verified
Jan 17, 2014
399
porkpiehat said:
ok, just an observation... I have a

Test File: PDF With Embedded DOC Dropping EICAR​

by Didier Stevens

with 2.71 the file did not get a chance to open, as WVSX jumped all over it.... but with 2.72 the DOC file opens, and I get this warning... View attachment 252929
there doesn't seem to anything of interest in Temp.... just thought you'd like to know...
Click to expand...

hmm, thats interesting, I've got 2.72 installed and it detects the pdf as soon as it is extracted.
 
  • Like
Reactions: Protomartyr, WiseVector, roger_m and 2 others
porkpiehat

porkpiehat

Level 6
May 30, 2015
255
Antimalware18 said:
hmm, thats interesting, I've got 2.72 installed and it detects the pdf as soon as it is extracted.
Click to expand...
yeah, that's what used to happen..... but now the PDF opens, and I get the malware warning... very odd.

ok, that is odd... I was testing with a saved zip file, but if I download a fresh PDF(zip) file, it is stopped on execution... would there be any reason for that?

so, if I extract the file from the downloads folder, it is stopped on extraction.... but if I extract the file from a different folder, the PDF file is opened, and WVSX issues the warning... :confused:
 
Last edited:
  • Like
Reactions: Protomartyr, WiseVector, roger_m and 1 other person
D

dlr5668

New Member
Jan 4, 2021
3
WiseVector said:
:)Hi everyone!

V2.72 is released!
V2.71 can update to V2.72 directly when "Automatically download and install program updates" is enabled.
Sorry,V2.67 can't update automatically now.

The download link:

Update log:
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Performance improved.

Good day!;)
Click to expand...
Confirmed not leaking with Kaspersky anymore. Thanks!

 
  • Like
Reactions: Protomartyr, SeriousHoax, WiseVector and 3 others
WiseVector

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
marcopaone said:
@WiseVector Hi!

I was testing some viruses yesterday and I noticed something strange.
Video.
WiseVector is closed and in notify mode. I started the virus then opened WiseVector and it found the virus and blocked it. I clicked on many notifications and once I was done, part of the virus process remained open. (Apparently that process doesn't look malicious). There is also a.bat file left in the folder created by the virus.
I have written this so that you can understand the problem (assuming it is one), solve it or improve something.
I sent the sample to you privately.
Thanks @Der.Reisende for the sample on the hub.

VIdeo: 2021-01-05 19-49-58_Tri
Click to expand...
Thanks!
We tested the sample.
Since you exited WVSX before started the sample , WVSX was unable to record the relationship between processes, for example the parent-child relationship. In this case, the parent process wasn't blocked completely and the child process was started repeatedly.
Please keep WVSX running when testing malware.:)
 
  • Like
Reactions: blueblackwow65, roger_m, marcopaone and 5 others
WiseVector

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
porkpiehat said:
yeah, that's what used to happen..... but now the PDF opens, and I get the malware warning... very odd.

ok, that is odd... I was testing with a saved zip file, but if I download a fresh PDF(zip) file, it is stopped on execution... would there be any reason for that?

so, if I extract the file from the downloads folder, it is stopped on extraction.... but if I extract the file from a different folder, the PDF file is opened, and WVSX issues the warning... :confused:
Click to expand...
Hi,
With the realtime protection enabled, WVSX blocked the sample immediately when double click on it.
Capture21.PNG
Do you mean that WVSX didn't block the sample when you ran it?
 
Last edited:
  • Like
Reactions: roger_m, Protomartyr, harlan4096 and 2 others
porkpiehat

porkpiehat

Level 6
May 30, 2015
255
WiseVector said:
Hi,
With the realtime protection enabled, WVSX blocked the sample immediately when double click on it.
View attachment 252953
Do you mean that WVSX didn't block the sample when you ran it?
Click to expand...
when the zip is downloaded, and you extract it, it is blocked... but if I move the zip to another folder location called 'security tests', and extract it, the PDF file opens, but you still get the 'malware blocked' popup... so I can only assume that the dropper has been taken care of, as I cannot find an offending TMP file.
Screenshot (1).png
 
Last edited:
  • Like
Reactions: WiseVector, roger_m, Protomartyr and 2 others
WiseVector

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
porkpiehat said:
when the zip is downloaded, and you extract it, it is blocked... but if I move the zip to another folder location called 'security tests', and extract it, the PDF file opens, but you still get the 'malware blocked' popup... so I can only assume that the dropper has been taken care of, as I cannot find an offending TMP file.
Click to expand...
Thanks for your reply.
Can you please tell me what's your default PDF reader? We will try to reproduce what you have posted.
 
  • Like
Reactions: roger_m, Gandalf_The_Grey, Protomartyr and 2 others
WiseVector

WiseVector

From WiseVector
Verified
Developer
Dec 14, 2018
399
pxxb1 said:
Just for your information.
I just downloaded Revo Uninstaller and WVSX flagged it as malware.
Click to expand...
Hi,
Thanks for your feedback.
Can you please tell me it was flagged as malware by our static detection or behavior detection?
Please be noted that without exiting WVSX, there will be an malware alert whenever a program is trying to uninstall WVSX or modify the files in our installation folder.
 
  • Like
  • Thanks
Reactions: roger_m, Correlate, Protomartyr and 1 other person

Similar threads

SearchLight
Q&A WiseVector AI - A Good Complement to your Anti-Virus?
Replies
2
Views
979
Other Security for Windows
SearchLight
SearchLight
SecurityNightmares
Video Security Unlocked - The Microsoft Security Podcast
Replies
15
Views
1,528
Security and Antivirus Videos
SecurityNightmares
SecurityNightmares
silversurfer
Security Alert Intel's Habana Labs hacked by Pay2Key ransomware, data stolen
Replies
0
Views
326
Security News
silversurfer
silversurfer
Top