Wisevector StopX 3.03 V's 1000 .exe Samples

[ForgottenSeer 93786]

It is reasonably good for .exe, but not so much for .dll, scripts, .cpl, and most of the other malicious non-.exe file types.

There is a reason that Wisevector has been training its AI since 2017 slowly. The training process can take a very long time. My educated guess is that Wisevector might not be the organization's primary project; it probably has other higher priority projects that generate revenue or that they must due to meet the conditions of their venture captial\financial backing.

I disagree, I have tested Wisevector numerous times against not only executable files but also malicious scripts and its behavior blocker never let a single one trough, flagging them as WIBD:HEUR.MalPowershell or WIBD:HEUR.MalCmdline (apart from the vm-aware ones which just sit in memory doing nothing), and its clustering algorithms and streaming updates also catches all the DLL files I downloaded.

 

[Shadowra]

I disagree, I have tested Wisevector numerous times against not only executable files but also malicious scripts and its behavior blocker never let a single one trough, flagging them as WIBD:HEUR.MalPowershell or WIBD:HEUR.MalCmdline (apart from the vm-aware ones which just sit in memory doing nothing), and its clustering algorithms and streaming updates also catches all the DLL files I downloaded.

Totally agree
Even on Botnet or RAT injection attempts, Wisevector reacts quickly and stops the action...

 

[marcopaone]

It is reasonably good for .exe, but not so much for .dll, scripts, .cpl, and most of the other malicious non-.exe file types.

There is a reason that Wisevector has been training its AI since 2017 slowly. The training process can take a very long time. My educated guess is that Wisevector might not be the organization's primary project; it probably has other higher priority projects that generate revenue or that they must due to meet the conditions of their venture captial\financial backing.

Totally disagree. WiseVector is also very good against non .exe file types.

And I say it here. WiseVector is better than other "renowned" solutions.

 

[Shadowra]

A quick test on a VBS script that installs a Trojan in Powershell.
Blocked by Wisevector directly....

VT : VirusTotal

Spoiler: Wisevector Detection

Spoiler: Doc Office Macro detected

 

[harlan4096]

Probably is not well detecting scripts (and other types of malware different from exe) on demand, but on dynamic is very strong!

 

[Shadowra]

Probably is not well detecting scripts (and other types of malware different from exe) on demand, but on dynamic is very strong!

In scan on a Formbook in Excel attack

Spoiler: Scan

 

[cruelsister]

Probably is not well detecting scripts (and other types of malware different from exe) on demand, but on dynamic is very strong!

Actually quite acceptable for both. WV is quite good at Scriptors and diverse non-executable malware (scr, js, vbs, hta, etc) both in detecting on malware run as well as post boot cleanup for persistence although it will not pick up the autorun registry entries (Alas!) that would remain when WVSX is installed on a previously infected system.

If one absolutely needs something that could be tightened up, a newly modified GlassRAT comes to mind with that pesky dll dropped into Program Data (original GlassRAT detected fine).

 

[ForgottenSeer 94654]

Probably is not well detecting scripts (and other types of malware different from exe) on demand, but on dynamic is very strong!

After a lot of testing, Wisevctor did not do very well against malicious scripts or DLLs. It only did OK against exe. Blocking .scr, .vbs or .hta from downloading is hardly an achievement. These scripts can be programmed or tinkered to do a whole lot more that is not detected, and don't require them to download anything. Wisevector does mostly nothing.

 

[devjit2020]

After a lot of testing, Wisevctor did not do very well against malicious scripts or DLLs. It only did OK against exe. Blocking .scr, .vbs or .hta from downloading is hardly an achievement. These scripts can be programmed or tinkered to do a whole lot more that is not detected, and don't require them to download anything. Wisevector does mostly nothing.

Please show us the proofs of your testing with screenshots like the others. Words mean nothing of you can't back them up. Regards.

 

[ForgottenSeer 93786]

Okay, so I did a quick test against 5 Javascript, 5 Powershell, 5 DLL and 5 Visual Basic Script files, as most of these files werent zero day I decided to turn off its Real Time Protection, only letting the Behavior blocker do the work, it did decent, though as I werent seeing any new processes (apart from some weird internet explorer) in memory or high CPU usage from Windows Script Host, Command processor/host or Powershell, I assumed those that went trough were VM-aware, so I decided to turn on Real Time Protection which caught all files except for one DLL file and one non-functional Javscript file, aswell as the weird, seemingly legit internet explorer taking up all the CPU.

2022-04-09 21-22-31

MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.

www.mediafire.com

(Excuse the audio, forgot I had my microphone on)
(I know this is probably not the correct way to do tests, but as I do my tests just for fun I tend to not do it in a ordely fashion)

 

[cruelsister]

Just so I get this straight- We're supposed to actually test instead of just guessing? What a novel idea!

 

[miguelang611]

I can't ignore such people, I'm sorry. Everybody has the right to have his own opinion, but if he is not able to back up his claims, then he shouldn't keep insisting that his opinion is the one and only true one...

KnowBe4 test passes on those who are backed up by exes, but fails to detect it on those who aren't (talking about WiseVector)

However there is a second part, Kaspersky is the only AV which passes them all, followed by BitDefender which gets like 20/24 passes. Eset, Defender, etc etc all fully fail (except if you set up a blockade not based on detection but pure raw access block, like WD folder control).

-Just to clarify, I am talking about behavioural engines, bcs some identify the test tool via signatures and produce fake 0-day results, they fully kill the launcher-

I think I should upload some screenshots of these tests since I set up quite a few VMs for it hehe (next week fellas, I don't have that PC with me now)

See you!

PS: I don't know how really effective is KnowBe4 as a 0-day ransomware tester, but I have used it for the last 2 years every some time just to see if some AV improves -and no changes btw-

 

[Kongo]

KnowBe4 test passes on those who are backed up by exes, but fails to detect it on those who aren't (talking about WiseVector)

However there is a second part, Kaspersky is the only AV which passes them all, followed by BitDefender which gets like 20/24 passes. Eset, Defender, etc etc all fully fail (except if you set up a blockade not based on detection but pure raw access block, like WD folder control).

-Just to clarify, I am talking about behavioural engines, bcs some identify the test tool via signatures and produce fake 0-day results, they fully kill the launcher-

I think I should upload some screenshots of these tests since I set up quite a few VMs for it hehe (next week fellas, I don't have that PC with me now)

See you!

PS: I don't know how really effective is KnowBe4 as a 0-day ransomware tester, but I have used it for the last 2 years every some time just to see if some AV improves -and no changes btw-

Thanks for sharing your experiences. Why would you need a VM for the KnowBe4 Ransomware Simulator? You know that this is just a simulation and that it doesn't actually encrypt any files on your system.

 

[kC77]

if in any doubt, test yourself.

 

[miguelang611]

Thanks for sharing your experiences. Why would you need a VM for the KnowBe4 Ransomware Simulator? You know that this is just a simulation and that it doesn't actually encrypt any files on your system.

Of course I know! But installing 10 AVs on my system would result in a not really clean machine (in terms of leftovers, although I could restore a backup).

Also, it is easier to judge performance impact on an fresh VM because on my everyday Windows install there are updaters and others which can interfere more easily and give me "false" results (in terms of ram usage basically)

And finally, I can put them one against other in real time in a splitter window for example!

Overall, for me it is much more convenient to create a VM with a fresh Windows install and just clone it over and over and install each security suite over!

Cheers!

 

[ForgottenSeer 93786]

Nobody is trying to make you look like a liar.
There are test results out there that show Wisevector has problems, you just have to put in a little bit of effort and look.

Nobody is attacking you or anyone else. You have the right to believe what you want about whatever topic. Nobody here is trying to tell you nor anyone else that they are wrong. I could care less what you or anyone else here thinks or feels - especially at a place like this forum where non-professional personal reviews and testing are highly biased. This place is tribal and if anyone comes along and says something the hive-mind mob doesn't like, then the attacks start - just like you people have been doing here.

As I have stated, Wisevector is decent, but it still has problems with non-exe files. I don't care what results you got in your own testing. I don't need nor want "proof" of anything from you. What you or anyone else thinks about Wisevector means nothing to me. The mob view of Wisevector here does not alter the results and observations obtained during professional testing.

Throwing malware packs, obtaining some malicious scripts and modifying them and seeing what you can do, feeding a few phishing links to antivirus - this is trivial, basic testing. It is not even close to sufficient pentesting of a security software.

If you show your tests taking place and explain how they are different to these "trivial, basic tests" conducted by other users, then we can have an fair and square discussion, as right now we are just gaslightning on an subject that has already been proven multiplie times to not be true.

 

[Dolphiner]

It is reasonably good for .exe, but not so much for .dll, scripts, .cpl, and most of the other malicious non-.exe file types.

There is a reason that Wisevector has been training its AI since 2017 slowly. The training process can take a very long time. My educated guess is that Wisevector might not be the organization's primary project; it probably has other higher priority projects that generate revenue or that they must due to meet the conditions of their venture captial\financial backing.

In fact, most non-.exe malware can be detected by WiseVector's Memory Protection/Behaviour Detection. I think it's easy for you to verify it--just double-click them, and in most cases WV will flag malicious scripts as WIBD:HEUR.MalPowerShell/WIBD:HEUR.MalCmdLine, malicious .dll as MEMRAY:MalCode.

 

[ForgottenSeer 94654]

In fact, most non-.exe malware can be detected by WiseVector's Memory Protection/Behaviour Detection. I think it's easy for you to verify it--just double-click them, and in most cases WV will flag malicious scripts as WIBD:HEUR.MalPowerShell/WIBD:HEUR.MalCmdLine, malicious .dll as MEMRAY:MalCode.

It was easy for me to verify that Wisevector does not detect them. And I'm not sharing my findings with anyone here - people here all upset because their favorite security software turns out to not be so good. I submitted to Wisevector and gave them 90 days to fix. If they don't then I will dump the findings to the net. This is standard industry practice.

 

[Shadowra]

It was easy for me to verify that Wisevector does not detect them. And I'm not sharing my findings with anyone here - people here all upset because their favorite security software turns out to not be so good. I submitted to Wisevector and gave them 90 days to fix. If they don't then I will dump the findings to the net. This is standard industry practice.

A small question, because your comment interests me.

Was WV by default? In aggressive?
I think it can help @WiseVector to solve this problem

 

[L0ckJaw]

It was easy for me to verify that Wisevector does not detect them. And I'm not sharing my findings with anyone here - people here all upset because their favorite security software turns out to not be so good. I submitted to Wisevector and gave them 90 days to fix. If they don't then I will dump the findings to the net. This is standard industry practice.

Here he is again , bluffing and showing no evidence or whatsoever at all. Please kid , go back to school