Can you install it in a VM or say Shadow Defender and check it out?
WiseVector Free AI Driven Security
- Thread starter Thirio
- Start date
- Dec 14, 2018
- 643
It is a complement to the Behavior Detection and makes WVSX protection system more robust.
- Dec 14, 2018
- 643
Hi,
Thanks.
1. An attack includes various stages. Bypass ASR doesn't mean the system has been compromised , since WVSX or other AV can prevent, detect or intercept attack in any stage.
2. We have visited lolbas-project many times. However, we designed WVSX to fight in-the-wild threats. Usability and security should go hand in hand, so we can't block lolbins from running, otherwise there will be lots of FPs or Popups to interrupt users.
@WiseVector
No problem, I was just trying to be helpful regarding your question to @cruelsister about hard to detect scriptors.
No problem, I was just trying to be helpful regarding your question to @cruelsister about hard to detect scriptors.
I'm thinking about installing Wisevector on my grandparents laptops. They are both running Windows 10 with MS defender using simple windows hardening and defenderUI to harden both.
I think Wisevector would be a nice additional layer of protection. I have a few questions though. My grandparents get confused when presented with messages asking them to allow/quarantine treats in case any malicious items are encountered.
Can Wisevector be configured that it automatically quarantines any threats found? I see Wisevector added a hips module, in automatic mode will this allow safe files to run without any issues? And lastly does Wisevector auto update to newer program versions when released? Any answers to my questions is greatly appreciated!
I think Wisevector would be a nice additional layer of protection. I have a few questions though. My grandparents get confused when presented with messages asking them to allow/quarantine treats in case any malicious items are encountered.
Can Wisevector be configured that it automatically quarantines any threats found? I see Wisevector added a hips module, in automatic mode will this allow safe files to run without any issues? And lastly does Wisevector auto update to newer program versions when released? Any answers to my questions is greatly appreciated!
SO are you saying blocking LOLBins in Userspace would cause too many problems for home users or buisness users? Or both?
Thanks
- Apr 13, 2013
- 3,224
As I kind of intimated about this in a previous post, perhaps a simple (but I'm sure overly Wordy and unclear) explaination is needed:
The problem with LoLbin's is that an anti-malware application must not only be aware of What a file does but also WHY it is doing it. For instance, there is nothing wrong with a user writes a script to delete a given file, but there is an issue when a script attempts to delete many files (like for a System Wiper). In this case the security application used must differentiate between the two, flagging one (to avoid a false positive) and not the other (to catch a malicious action).
On the whole, WVSX walks this line nicely using both standard AV detection and AI functionality. However some things (like Scriptors) can get by such protection by being just a tad on the darker side of legitimate, something which I believer the brilliant folk at WV realize and so have added the FW and HIPS modules.
As a (very) simple example of the above, consider a Scriptor coded in Python (similar stuff can be done most popularly with Java or Go). One can use the "import socket" command to get Outbound access while also including a KeyboardEvent (pyhook, various commands) to monitor and package user input and then send it out to friends from the Steppes of Central Asia). This in essence will code what amounts to a LoLbin keylogger (can be prettied up to make it quite cool) and over all would not be a good thing.
If such a Scriptor was indeed coded AND was a true Zero-day, it would bypass most things (WVSX included) as these commands, both legitimate and used normally for High and Noble purposes have now in combination been perverted into creating something malicious. An anti-malware application that was not sensitive enough will allow this, while one far too sensitive will detect not only this but many, many other things resulting in a host of False Positives (and a product that detects everything really detects nothing).
WVSX seems to have been aware of this issue with the inclusion of the FW and HIPS modules as both the Network connection activity as well as the logging aspects would be blocked by changing the WV settings of FW and HIPS to the High Security level.
Of course one can also be well protected by the (cruel)CF + (default) WVSX combination.
Hope this helped...
Last edited:
- May 26, 2014
- 1,339
Does WVSX have a permanent cache or whitelist for safe files to reduce system impact on execution?
- Dec 14, 2018
- 643
Yes, please ensure the Default Action ( in the basic settings) is Quarantine.
Yes.
Sorry. It doesn't auto update to the latest version now. Overwrite installation is need or waiting a bit longer to get the newer program.
Last edited:
- Dec 14, 2018
- 643
WVSX only blocks LOLBins under certain circumstances. It's the job of all AV. So please don't worry.
- Dec 14, 2018
- 643
During the first scan, WVSX will scan all the files including whitelisting files. In the process, lots of metadata is extracted from the files and will be stored. Next time the scanning speed will be much more faster.
WVSX will not conduct in-depth behavior detection for some specific whitelisting files to improve performance.
- Dec 14, 2018
- 643
Thanks for the info.
An in-the-wild keylogger needs to know the current active window, and also needs to find a way to persistence, finally it may use smtp or other protocols to send the collected information to the hacker. All of this will result it can be easily detected in auto mode.
Actually there are many games intend to log keystrokes, If WVSX is too aggressive there will be a lot of popups. We need to think about whether WVSX need to be more strict about keylogging in auto mode.
Just so I understand, are you saying all AV's only block LOLBins under certain circumstances or are you saying your program is not an AV
Thanks
THanks much
You are you saying a standard user still needs to use LOLBins and not just Admins? I get so confused these days.
- Dec 14, 2018
- 643
WVSX is an AV. But it's different from the traditional AV. Based on AI, WVSX blocks LOLBins in another way.
Last edited:
when will new update be released?
- Dec 14, 2018
- 643
Within one month.
- Nov 16, 2018
- 52
Anyone seen how good the wisevector firewall is vs comodo? I'm wondering if I even need the firewall on comodo at all and just use the sandbox feature or just wisevector alone. I'm not sure what tweaking wisevector needs when running alone other than hips and firewall running on high setting.
- Oct 22, 2018
- 590
I haven't found any tests or reviews focusing on wisevector's firewall and HIPS. Since Comodo went crazy on me a few days ago, I've been hesitant to try it again. So, I've been running wisevector 3.03, everything on HIGH along with browser in the latest Sandboxie.
I doubt wisevector's HIPS and firewall have the power of Comodo firewall; I don't think any firewall/HIPS can match a properly configured Comodo firewall.
- Mar 29, 2018
- 7,613
See post #1848 above. Keep CF and forget the HIPS & FW in WV.
Similar threads
