Deprecated WiseVector Free AI Driven Security

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
Hi@Decopi,

Thanks for your feedback.
1. When adding a file (no matter it's safe or not) in the Exclusions of WVSX, it means all the behavior (including network connection) of the file is trusted by WVSX. "Exclusions" has more elevated permissions than personalized rules and "Rules" has more elevated permissions than the HIPS( it will block network connection when a program is suspicious) .
捕获.JPG
2. If you want to run an unsafe program, please try to disable the realtime protection of WVSX, but not add it in the Exclusions. But I feel curious that why you need to run an unsafe program? It was alerted as malicious by WVSX? Or you think it is a FP?
3. Please maximize the rule edit window when you need a longer space for "Program path exclusions".

Hope it helps.
 
Last edited:

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
I have a question about WiseVector StopX 3.05 and why it won't update when using a VPN?
Hi,
Please ping cloud1.wisevector.com or cloud2.wisevector.com to check the connection.
Can WVSX always update successfully when the VPN is disabled? Or if there is another AV installed, please check whether the update is blocked by it.
 
Last edited:

Decopi

Level 6
Verified
Oct 29, 2017
252
Thank you @WiseVector,

1. When adding a file (no matter it's safe or not) in the Exclusions of WVSX, it means all the behavior (including network connection) of the file is trusted by WVSX. "Exclusions" has more elevated permissions than personalized rules and "Rules" has more elevated permissions than the HIPS( it will block network connection when a program is suspicious) .

Finally, now is clear.
And unfortunately that's a problem!... because I was right.
In real world, running a file is one thing, and its network connection is another thing. They're two very different functions, complementary, independent, never subordinated.
If I allow an exclusion file to run, it doesn't (necessarily) mean that I allow its network connections.
Hope you receive my interpretation as a possible future WV upgrade, allowing WV firewall (rule) functions to work as a complement, never as a subordination of other WV functions.
It's not a matter of hierarchy. It's a matter of different functions. It's wrong to subordinate "firewall (rule) functions" to "running functions".

2. If you want to run an unsafe program, please try to disable the realtime protection of WVSX, but not add it in the Exclusions.

With all due respect, this is not a solution, this is a bad workaround.
The "unsafe" category is determined by WV, not by the user. So, if WV determines that a file is "unsafe", and the user wants to run it, then there is no choice, the user is forced to create a WV exclusion. And if by chance the user has lots of "unsafe" files determined by WV, well, then in this case is ridiculous to disable the WV realtime protection, lowering security level for the whole device.
Your suggestion is a particular workaround, negatively affecting the general solution.

But I feel curious that why you need to run an unsafe program? It was alerted as malicious by WVSX? Or you think it is a FP?

Bingo! Excellent question.
I can think about several examples where a user needs to create a WV exclusion (allowing an unsafe file to run), but same user at same time wants to block its (particular) network connections.
One example is "average Joe" (user) dealing with "unsafe" files. When WV determines that a file is unsafe, and average Joe needs this file running, the common (wrong) behavior is to allow this file to run. If this file is just a FP, no problem with network connections. But if WV is right, and the file indeed is unsafe, then blocking networking connection (rule) may reduce damage.
Another example is "advanced Joe" (user) dealing with FPs. I have at least 20 files that WV identified them as "unsafe" and I'm 99% sure they're FPs. So I allow them to run. But for many reasons, I want to block their network connections. Unfortunately, that can't be done with WV, I need a separated Firewall program to block WV "unsafe" (allowed exclusions) network connections. And no, reporting FPs to WV won't help when these FPs are constantly changed due to frequent updates/upgrades (also, if FPs detected by WV as unsafe are portable software, at any location change (drive, folder etc) WV always will block this FP again an again as a new unsafe file).

Please, let me be clear, I love current WV simplicity and minimalism. And I don't want to see WV bloated with endless options.
But in this case, will be very useful a simple option inside the exclusion function, asking the user if the exclusion should include "internet connections", "hips" etc (category of rules). It can be done by adding simple check boxes inside exclusion popup (for category rules). Unchecked boxes will mean actual WV default behavior, 100% allowing an unsafe file to run (overwriting all WV rules). And checked boxes will mean allowing to run the unsafe file, but subordinated to WV category rules (firewall, hips etc).

Thank you once again.

EDIT:

3. Please maximize the rule edit window when you need a longer space for "Program path exclusions".

IMHO this is bad UI.
I understand that normal or maximized WV window will affect the visualization of excluded paths. No problem with that!
But at normal WV window, if user copies/pastes a long exclusion path, then the long path is not only hidden, but worse, is cut (automatically reedited) by WV (without user knowing that).
 
Last edited:
  • Like
Reactions: [correlate]

franz

Level 8
Verified
Well-known
May 29, 2021
389
Hi@Decopi,

Thanks for your feedback.
1. When adding a file (no matter it's safe or not) in the Exclusions of WVSX, it means all the behavior (including network connection) of the file is trusted by WVSX. "Exclusions" has more elevated permissions than personalized rules and "Rules" has more elevated permissions than the HIPS( it will block network connection when a program is suspicious) .
View attachment 264605
2. If you want to run an unsafe program, please try to disable the realtime protection of WVSX, but not add it in the Exclusions. But I feel curious that why you need to run an unsafe program? It was alerted as malicious by WVSX? Or you think it is a FP?
3. Please maximize the rule edit window when you need a longer space for "Program path exclusions".

Hope it helps.
 
  • Like
Reactions: [correlate]

franz

Level 8
Verified
Well-known
May 29, 2021
389
Hi,
It was not alerted as malicious by WVSX. Everything is working ok, but update with VPN is not. I have to turn off the VPN if I want to update. Just to make it clear, it is not the Windows update but the WVSX program update I am talking about.;)
 
Last edited:

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
With all due respect, this is not a solution, this is a bad workaround.
The "unsafe" category is determined by WV, not by the user. So, if WV determines that a file is "unsafe", and the user wants to run it, then there is no choice, the user is forced to create a WV exclusion. And if by chance the user has lots of "unsafe" files determined by WV, well, then in this case is ridiculous to disable the WV realtime protection, lowering security level for the whole device.
Your suggestion is a particular workaround, negatively affecting the general solution.
Normally, we do not recommend that users disable real-time protection to run a particular unsafe program. This recommendation is only for your specific needs. I thought that you might need to analyze the behavior of the unsafe programs. So I suggested you to disable real-time protection to run the programs and write rules to block network connection.
When WV determines that a file is unsafe, and average Joe needs this file running, the common (wrong) behavior is to allow this file to run. If this file is just a FP, no problem with network connections. But if WV is right, and the file indeed is unsafe, then blocking networking connection (rule) may reduce damage.
Another example is "advanced Joe" (user) dealing with FPs. I have at least 20 files that WV identified them as "unsafe" and I'm 99% sure they're FPs. So I allow them to run. But for many reasons, I want to block their network connections.
I think it's better to send the FPs to us for analysis first. Please send the files to virus@wisevector.com if it's OK for you.
IMHO this is bad UI.
UI will be optimized in the future. Thanks for your suggestion.
allowing WV firewall (rule) functions to work as a complement, never as a subordination of other WV functions.
Sorry, WVSX can't achieve this at present. We will discuss your suggestion.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
Hi,
It was not alerted as malicious by WVSX. Everything is working ok, but update with VPN is not. I have to turn off the VPN if I want to update. Just to make it clear, it is not the Windows update but the WVSX program update I am talking about.;)
With the VPN enabled, can you access to our official web: wisevector.com? And how about the ping result?
Can you please tell me what VPN you are using? Normally, turning on a VPN will not affect the online update of WVSX.
 
Last edited:

franz

Level 8
Verified
Well-known
May 29, 2021
389
Hi,
Please ping cloud1.wisevector.com or cloud2.wisevector.com to check the connection.
Can WVSX always update successfully when the VPN is disabled? Or if there is another AV installed, please check whether the update is blocked by it.
Could not ping any of the addresses with VPN enablet.
 
  • Like
Reactions: [correlate]

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,336
A strange thing I noticed on my brother's computer.

When Wisevector is activated, when I run a Speedtest, the connection is slowed down and divided by 2 (500Mbps)

Once Wisevector is closed, the connection becomes normal again (930Mbps)

I don't know if it's the web filtering or the firewall that filters quite violently, but it's not normal 🤔
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top