Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="WiseVector" data-source="post: 853190" data-attributes="member: 76851"><p>Hi [USER=82260]EndangeredPootis[/USER],</p><p></p><p>Thank you for giving us a chance to stop being lazy <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> Anyway we'd like to tell you more to make you or others have a better understanding of </p><p>WiseVector StopX.</p><p></p><p>The Real-Time protection include:</p><p></p><p>. Active processes scanning (Scan running processes)</p><p>. Process Execution Scanning (Scan application being executed)</p><p>. File Scanning (Scan files being created)</p><p></p><p>AI based Behavior Detection, The AI makes desicision based on multiple events, such as file metadata, API call, etc. Recently we realized the behavior name is not so user-friendly. Since many users don't understand why the program has been blocked, so we changed the behavior name to reflect the most important actor to let the Ai decide to block the program. For example, If there is a program make multiple API calls(CreateProcess->VirtualAlloc->WriteProcessMemory->CreateRemoteThread). Actually the most important API call is CreateRemoteThread. In this case the behavior will be named WIBD:Heur.Injector.XX. The XX usually are combination of numbers and letters which present the special API call graph. So we can understand what'the extract way the malware used to inject other process. The typical important actors are listed below,</p><p>.MBR Write</p><p>.Low-Level Disk Write</p><p>.Persistence</p><p>.Various registry events</p><p>.AppLocker Bypass</p><p>.Generic behavior (The detection name will be:"WIBD:HEUR.MalBehavior.XX")</p><p>.Suspicious file system events (Ransomware detection)</p><p>.Fileless malicious executions (Will be impoved in the next version)</p><p>.Process Manipulation (Will be impoved in the next version)</p><p>.Process Injection (Will be impoved in the next version)</p><p>.Credential stealing (Will be included in the next version)</p><p>.Memory events (Will be included in the next version)</p><p></p><p>We have a powerful unsupervised clustering algorithm running in the cloud. The purpose of the clustering operation is to put the similar programs into different subsets. So, the same subset of objects will have the similar the properties. For missed samples or false positives, The algorithm will extract unique signatures from the properties and then deliver it to the end users automatically. The whole process will only take seconds. </p><p>Samples do not belong any of the clusters will be analyzed manually. In this case it will take hours.</p></blockquote><p></p>
[QUOTE="WiseVector, post: 853190, member: 76851"] Hi [USER=82260]EndangeredPootis[/USER], Thank you for giving us a chance to stop being lazy :) Anyway we'd like to tell you more to make you or others have a better understanding of WiseVector StopX. The Real-Time protection include: . Active processes scanning (Scan running processes) . Process Execution Scanning (Scan application being executed) . File Scanning (Scan files being created) AI based Behavior Detection, The AI makes desicision based on multiple events, such as file metadata, API call, etc. Recently we realized the behavior name is not so user-friendly. Since many users don't understand why the program has been blocked, so we changed the behavior name to reflect the most important actor to let the Ai decide to block the program. For example, If there is a program make multiple API calls(CreateProcess->VirtualAlloc->WriteProcessMemory->CreateRemoteThread). Actually the most important API call is CreateRemoteThread. In this case the behavior will be named WIBD:Heur.Injector.XX. The XX usually are combination of numbers and letters which present the special API call graph. So we can understand what'the extract way the malware used to inject other process. The typical important actors are listed below, .MBR Write .Low-Level Disk Write .Persistence .Various registry events .AppLocker Bypass .Generic behavior (The detection name will be:"WIBD:HEUR.MalBehavior.XX") .Suspicious file system events (Ransomware detection) .Fileless malicious executions (Will be impoved in the next version) .Process Manipulation (Will be impoved in the next version) .Process Injection (Will be impoved in the next version) .Credential stealing (Will be included in the next version) .Memory events (Will be included in the next version) We have a powerful unsupervised clustering algorithm running in the cloud. The purpose of the clustering operation is to put the similar programs into different subsets. So, the same subset of objects will have the similar the properties. For missed samples or false positives, The algorithm will extract unique signatures from the properties and then deliver it to the end users automatically. The whole process will only take seconds. Samples do not belong any of the clusters will be analyzed manually. In this case it will take hours. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
