- Feb 26, 2018
- 97
Another video:
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Feb 7, 2014
- 1,540
MSITC WiseVector StopX AI based detection and prevention of APT simulation
1. APTSimulator from NextronSystems was used, which can be downloaded from Github (https://github.com/NextronSystems/APT...).
2. The simulator stops the program execution for some options. I did not investigate further on why this is the case.
3. I skipped option 3 "Credential Access" because my virtual test machine then hardly reacted.But the used tool ProcDump from Sysinternals was detected as suspicious/malicious by WiseVector StopX and was blocked.
4) It should be obvious that WiseVector StopX does not raise an alarm for actions like adding user accounts to local groups, because these are legitimate actions. The reloading of malicious code, e.g. in "Defense Evasion", was detected and the malicious file was moved to quarantine.
Network-oriented actions, such as the reloading of malicious Powershell scripts from the Internet, were detected and successfully prevented by HIPS or the firewall.
In summary, WiseVector StopX does a very good job all things considered. The majority of the test sets were successfully detected and blocked. In my opinion, the AI capabilities of WiseVector StopX which are now reflected in all modules such as AV, HIPS or Firewall, are still very impressive.
WiseVector thus impressively proves that not only the major players are capable of offering effective and efficient malware protection
1. APTSimulator from NextronSystems was used, which can be downloaded from Github (https://github.com/NextronSystems/APT...).
2. The simulator stops the program execution for some options. I did not investigate further on why this is the case.
3. I skipped option 3 "Credential Access" because my virtual test machine then hardly reacted.But the used tool ProcDump from Sysinternals was detected as suspicious/malicious by WiseVector StopX and was blocked.
4) It should be obvious that WiseVector StopX does not raise an alarm for actions like adding user accounts to local groups, because these are legitimate actions. The reloading of malicious code, e.g. in "Defense Evasion", was detected and the malicious file was moved to quarantine.
Network-oriented actions, such as the reloading of malicious Powershell scripts from the Internet, were detected and successfully prevented by HIPS or the firewall.
In summary, WiseVector StopX does a very good job all things considered. The majority of the test sets were successfully detected and blocked. In my opinion, the AI capabilities of WiseVector StopX which are now reflected in all modules such as AV, HIPS or Firewall, are still very impressive.
WiseVector thus impressively proves that not only the major players are capable of offering effective and efficient malware protection
I installed the latest beta on Win10x64 running NordLynx. I changed the Firewall to "Block All" and nothing was blocked. I continued to browse sites and download torrents. This was a fairly simple test that no Firewall should fail at.
- Dec 14, 2018
- 643
- Dec 14, 2018
- 643
Thank you for your feedback, this problem should be related to NordLynx, we will install and test it with WVSX.
- Apr 13, 2013
- 3,224
Although the Powershell requests were indeed detected, it did have issue with the lolbins (nslookup and certutil), with curl being detected only at FW levels above automatic. But as I have mentioned previously, not an issue if paired with CF.
- Mar 29, 2018
- 7,613
Wow, a modern security app that is XP compatible? Who does this? 
Calling all vintage XP users!
Calling all vintage XP users!
- Dec 14, 2018
- 643
Thanks for the test, from the description of this APT simulation tool we know that curl is used to simulate Cobalt Strike, and we have to say that it is very similar to the real Cobalt Strike communication, the URL address is very similar, and the HTTP header is also very similar. However, when actually extracting network signatures, we will try to avoid URL or http header features because they can be easily modified.
WVSX has a multi-layer approach to protect users from real Cobalt Strike malware. For example, we have just executed a Cobalt Strike trojan we captured a few hours ago,
For nslookup and certutil, how did you execute them? From which menu? In our Win10 system, this simulation tool crashes frequently, which makes our tests very unproductive.
- Dec 14, 2018
- 643
Because a few of our users are still using XP. Maybe they are all Old-School.Wow, a modern security app that is XP compatible? Who does this?
- Apr 1, 2017
- 1,782
Do you trust the program not to compromise your cybersecurity while knowing that majority of US corporations have to share some know how with the NSA?
- Jul 29, 2017
- 296
Then use solutions only from US developers since only this will make you feel safe (no offence intended).
FYI, the developers of Wise Vector have a proven track record with a clear privacy policy displayed on their website.
There has been no indication so far that the data traffic back and forth from StopX is being used for anything other than the necessary app function.
FYI, the developers of Wise Vector have a proven track record with a clear privacy policy displayed on their website.
There has been no indication so far that the data traffic back and forth from StopX is being used for anything other than the necessary app function.
- Feb 7, 2014
- 1,540
Your giving your self unwanted stress, know 1 in their right mind bash a product because of the country it came from but bash it if it violates,bugs and lack of protection and if that was the case this thread would not have reached 80 pages, my advice to people with that mind set is the best path towards unity is empathy not opinions on what you find hard or easy to believe.
Last edited:
- Dec 12, 2016
- 1,363
I
Anyway I think blocking network access to wise vector should suffice
wouldn’t trust windows and any us program too if you are actually caring about privacy just don’t use windows altogether
Anyway I think blocking network access to wise vector should suffice
- Apr 28, 2015
- 8,910
In general it's very light... and yes it can be used as an on demand scanner, disabling resident protection modules.
- Feb 7, 2014
- 1,540
It's not a product I'll advise to use with realtime protection off, any plans to use it just create exclusions in WiseVector and the other security you are using.
I didn't see Harlan 40 post above he is more educated in this product than I am so listen to him.
I didn't see Harlan 40 post above he is more educated in this product than I am so listen to him.
Last edited:
- Feb 21, 2015
- 456
That's not a good idea, he won't be able to get streaming updates.
- Dec 14, 2018
- 643
Hi HoustonDude,
Please read our privacy policy here: WiseVector StopX Privacy Policy
Our users use WVSX because they trust us, it is impossible for us to betray the trust of them. We will never share anything with the government.
WVSX is very light, you can turn off all its protection modules in settings if you only want a scanner, but we do not recommend this.
There is nothing wrong with this security program more than any other Security program.It is top notch to me and other av companies should take a look at this av and learn from it , and that 400megs used and 5 services is unnecessary which other av's do have.
- Dec 12, 2016
- 1,363
True he would have downgraded security and probably more false positives as well but if data leaking is important for him it might help
- Dec 12, 2016
- 1,363
Similar threads
