Deprecated WiseVector Free AI Driven Security

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
MSITC WiseVector StopX AI based detection and prevention of APT simulation
1. APTSimulator from NextronSystems was used, which can be downloaded from Github (https://github.com/NextronSystems/APT...).

2. The simulator stops the program execution for some options. I did not investigate further on why this is the case.

3. I skipped option 3 "Credential Access" because my virtual test machine then hardly reacted.But the used tool ProcDump from Sysinternals was detected as suspicious/malicious by WiseVector StopX and was blocked.

4) It should be obvious that WiseVector StopX does not raise an alarm for actions like adding user accounts to local groups, because these are legitimate actions. The reloading of malicious code, e.g. in "Defense Evasion", was detected and the malicious file was moved to quarantine.

Network-oriented actions, such as the reloading of malicious Powershell scripts from the Internet, were detected and successfully prevented by HIPS or the firewall.

In summary, WiseVector StopX does a very good job all things considered. The majority of the test sets were successfully detected and blocked. In my opinion, the AI capabilities of WiseVector StopX which are now reflected in all modules such as AV, HIPS or Firewall, are still very impressive.

WiseVector thus impressively proves that not only the major players are capable of offering effective and efficient malware protection
 

DotNet

Level 1
Verified
Sep 4, 2017
34
I installed the latest beta on Win10x64 running NordLynx. I changed the Firewall to "Block All" and nothing was blocked. I continued to browse sites and download torrents. This was a fairly simple test that no Firewall should fail at.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
I installed the latest beta on Win10x64 running NordLynx. I changed the Firewall to "Block All" and nothing was blocked. I continued to browse sites and download torrents. This was a fairly simple test that no Firewall should fail at.

Thank you for your feedback, this problem should be related to NordLynx, we will install and test it with WVSX.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Network-oriented actions, such as the reloading of malicious Powershell scripts from the Internet, were detected and successfully prevented by HIPS or the firewall
Although the Powershell requests were indeed detected, it did have issue with the lolbins (nslookup and certutil), with curl being detected only at FW levels above automatic. But as I have mentioned previously, not an issue if paired with CF.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
Although the Powershell requests were indeed detected, it did have issue with the lolbins (nslookup and certutil), with curl being detected only at FW levels above automatic. But as I have mentioned previously, not an issue if paired with CF.

Thanks for the test, from the description of this APT simulation tool we know that curl is used to simulate Cobalt Strike, and we have to say that it is very similar to the real Cobalt Strike communication, the URL address is very similar, and the HTTP header is also very similar. However, when actually extracting network signatures, we will try to avoid URL or http header features because they can be easily modified.

WVSX has a multi-layer approach to protect users from real Cobalt Strike malware. For example, we have just executed a Cobalt Strike trojan we captured a few hours ago,

Capture14.png



For nslookup and certutil, how did you execute them? From which menu? In our Win10 system, this simulation tool crashes frequently, which makes our tests very unproductive. o_O
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,782
Do you trust the program not to compromise your cybersecurity while knowing that majority of Mainland China corporations have to share some know how with the government?
Do you trust the program not to compromise your cybersecurity while knowing that majority of US corporations have to share some know how with the NSA?
 

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
297
Then use solutions only from US developers since only this will make you feel safe (no offence intended).
FYI, the developers of Wise Vector have a proven track record with a clear privacy policy displayed on their website.
There has been no indication so far that the data traffic back and forth from StopX is being used for anything other than the necessary app function.
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Your giving your self unwanted stress, know 1 in their right mind bash a product because of the country it came from but bash it if it violates,bugs and lack of protection and if that was the case this thread would not have reached 80 pages, my advice to people with that mind set is the best path towards unity is empathy not opinions on what you find hard or easy to believe.
 
Last edited:

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,639
I
Greetings.

I am sorry to be that user but since WiseVector is produced in mainland China I just have a question to the security folks here. Do you trust the program not to compromise your cybersecurity while knowing that majority of Mainland China corporations have to share some know how with the government? (I am not accusing anyone I am just asking)

Second, how much impact that WiseVector has on the system resources and slowdown when ran in real time along side another Antivirus? (using WV as a supplemental scanner)

Can WV be used as a non-realtime supplemental scanner?

Thank you
wouldn’t trust windows and any us program too if you are actually caring about privacy just don’t use windows altogether
Anyway I think blocking network access to wise vector should suffice
 
  • Like
Reactions: oldschool and Nevi

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
It's not a product I'll advise to use with realtime protection off, any plans to use it just create exclusions in WiseVector and the other security you are using.
I didn't see Harlan 40 post above he is more educated in this product than I am so listen to him.
 
Last edited:

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
Greetings.

I am sorry to be that user but since WiseVector is produced in mainland China I just have a question to the security folks here. Do you trust the program not to compromise your cybersecurity while knowing that majority of Mainland China corporations have to share some know how with the government? (I am not accusing anyone I am just asking)

Second, how much impact that WiseVector has on the system resources and slowdown when ran in real time along side another Antivirus? (using WV as a supplemental scanner)

Can WV be used as a non-realtime supplemental scanner?

Thank you

Hi HoustonDude,

Please read our privacy policy here: WiseVector StopX Privacy Policy
Our users use WVSX because they trust us, it is impossible for us to betray the trust of them. We will never share anything with the government.

WVSX is very light, you can turn off all its protection modules in settings if you only want a scanner, but we do not recommend this.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top