WiseVector Personal Edition- darmowe AV na bazie AI
#21
(29.01.2019, 21:58)Sillo napisał(a):
(29.01.2019, 17:56)Sillo napisał(a): yyyy jakie różnice po między pro a free ?

Proste pytanie Tongue , w wersji free jest sam AV a w płatnej AV+FIREWALL+ możliwe inny komponent Grin

Ja chce sam owy komponent!

Jedyny na bazie AI do tej pory?
Odpowiedz
#22
Jest osobny wątek na MT odnośnie testów na wykrywanie "zero day" przez WV - póki co wychodzi bardzo obiecująco
https://malwaretips.com/threads/wisevect...ost-823363
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
Odpowiedz
#23
Cytat:WiseVector StopX 2.08 is released, please download via https://www.wisevector.com/WiseVector_StopX.exe
If you want to use 2.08 right now, please uninstall the old version first.
If you want to update online, please wait a couple of days.

Features of WiseVector 2.08:

1.Improved detection in UAC bypass attacks.
2.Behavior detection can now parse complex command lines written to the registry. Improved the ability to detect stealth malware.
3.Fixed a bug in process chain analysis. Improved the ability to remove malware leftover parts.
4.Improved Ransomware detection.
5.Improved defense against the AdWind family. In these days, we have tested hundreds of samples belong to Adwind family and the result is satisfied.(@harlan4096, highly appreciate your testing to help StopX to improve).
6.Redesigned quarantine, trust zone and log. Now they are clearer and easier to view.
7.Fixed other bugs.

Please don't hesitate to contact us when you have any question.

Best regards,
WiseVector
https://malwaretips.com/threads/wisevect...ost-823719
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
Odpowiedz
#24
Program wciąż się rozwija, w wewnętrznych testach MT ma bardzo dobre wyniki, a w ostatnich dniach wyszła wersja 2.5 z angielską lokalizacją

Cytat:Hi,
Yes, we have English version. Please download the new version 2.5 via https://www.wisevector.com/WiseVector_StopX_V25.exe
and it can update to 2.52 after installing.
We will post more detailed information about 2.5 here and if you have any other question please feel free to send email to us ([email protected])

Regards,
WiseVector
Są już zapowiedzi sporych zmian w kolejnej wersji 2.6


Cytat:Hi simmerskool,

Sorry currently we are developing WiseVector StopX V2.6. We will update 2.09 to 2.6 directly. V2.6 will bring significant new features and a lot of enhancements. So it will take a bit of time. We hope we can release 2.6 in this month.

https://malwaretips.com/threads/wisevect...65/page-39
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
Odpowiedz
#25
Program wciąż sie ładnie rozwija, choć brak u nas informacji na ten temat...zrobiłem sobie wczoraj kopie systemu i dlatego postanowiłem go na jakiś czas zainstalować. Lista zmian z ostatnich miesięcy poniżej.

Cytat:WiseVector StopX V2.65

June 7, 2020
1. Improved Memory protection to detect malware by abusing whitelist applications, such as Powershell, msbuild.exe, installutil.exe, regasm.exe, etc. It can effectively detect advanced threats based on tools such as PowerShell Empire, GreateSCT, nps_payload, ObfuscatedEmpire, unicorn, etc. Since it detects malicious payload in memory, it can effectively detect obfuscated malicious scripts.
2. Instruction Tracer improved. Recently, we have observed lots of RAT Trojans utilizing DLL hijacking to avoid detction by AV. These Trojans abuse whitelist APPs like Avast & ESET as well as APPs which are released by Samsung, TeamViewer, Citrix to perform DLL Side-Loading. We updated Instruction Tracer to make sure they can be detected without signature updates.
3. Upgraded detection engine to improve accuracy.
4. Fixed the problem that Behavior Detection may fail to quarantine malware.
5. Improved detection of malicious RTF documents.
6. Fixed an uninstallation problem in Windows XP.
7. Fixed other bugs.

WiseVector StopX V2.64
May 26, 2020
1. Fixed a file parsing error that may decrease the detection rate of static scan.
2. Fixed a specific file parsing error that may cause WiseVector StopX’s service exit when scanning.
3. Other bugs fixed.

WiseVector StopX V2.63
May 20, 2020
1. Fixed a problem parsing particular files that may decrease the detection rate.
2. Fixed a problem that the tray icon occasionally missing after Windows Explorer restarted.
3. Fixed the problem that the scanner might stuck on “preparation to scan”.
4. Improved memory protection to reduce resources usage.
5. Fixed some logical problems in the settings.

WiseVector StopX V2.62 Beta
May 12, 2020
1. Fixed the problem that may cause increased memory use under certain specific conditions.
2. Fixed the problem that after minimizing the window, it may not be restored from the taskbar.
3. Prevented flickering window once at startup.
4. Increase the detection rate of malware in Office format.
5. Fixed the problem that memory detection may cause a bit high CPU usage under certain specific conditions.
6. Fixed the problem of scanning a large number of malware that cannot be processed at once.
7. Some other adjustments on the UI.

WiseVector StopX V2.61 Beta
May 1, 2020
1. Fixed a GUI bug that some options at the bottom of the settings page cannot be changed(Thread Statics and the Proxy Server).
2. Fixed a problem that memory protection might conflict with some virtualization-based portable software. And some security software released by Humming Heads inc.
Since those software will inject hidden modules into system process, WiseVector StopX detected them as malware.
3. Other bugs fixed.

WiseVector StopX V2.60 Beta
April 30, 2020
1. Upgraded the AI engine to improve detection rate and reduce false positives. Users can adjust the protection level according to their needs. It should be noted that the protection level only affects static scanning and basic real-time monitoring, and does not affect behavior analysis and memory protection.
2. Added the instruction tracer module.This technique makes identifying the original source of the malicious behavior in applications. It can effectively detect hidden threats such as DLL Side-Loading, thread hijacking and so on. At the same time, it can also detect stealth attacks in post-injection phase.
3. Improved the detection of Info stealer malware. Info stealer malware is designed to harvest a variety of data (Browser Passwords, Cookies, FTP credentials, etc.,) on the computers. They usually minimize their behavior to decrease the chance of detection by AV. Most of them hide their presence on the system by using advanced malware stealth techniques such as injection, hollowing, etc.,
Based on their characteristics, we have added multiple models to memory protection and behavioral analysis to detect them.
4. Improved the memory protection. Besides the Info stealer detection module we mentioned above. We also added multiple RAT detection modules, which can detect RAT uses DLL hijacking to evade the behavior monitoring (Gh0st, Parallax, etc.,). At the same time, the conflicts between memory protection with other security software is resolved. and also reduces the CPU consumption.
5. Ransomware detection improved, we added several ransomware detection models which can terminate the behavior of ransomware at an earlier stage.
6. Privacy protection got improved which can protect users from webcam and microphone spying.
7. Improved MBR and partition table protection.
8. Fixed an issue that may cause BSOD under certain conditions.
9. The user can set whether to turn on a specific component of the basic real-time monitoring.
10. We optimized code to reduce CPU consumption and disk I/O. 2.6 is even lighter than the previous versions.
11. Other bugs fixed.

WiseVector StopX V2.50 Beta
January 17, 2020
1. Engine improved: We brought deep reinforcement learning to the training process. This method makes the classifier to be trained continuously on samples that are easy to misclassify to get better detection results. We also performed feature engineering again. After the above efforts, the accuracy of the engine has been improved.
2. We added a module to detect a class of banking Trojans. Such Trojans often use MSI installation packages to release DLL Side-Loading. The size of the DLLs is generally large, so AV based on Cloud usually cannot detect them, but our new module has a detection rate of more than 98% for such DLLs.
3. Faster scanning speed.
4. We used a graph-based algorithm internally to save the running logs of the program. In the new version we have optimized the algorithm to make the speed of the Behavior Detection several times faster in some specific cases, including the process launching multiple child processes, or the program itself is larger, etc. Users will experience a speed increase when compiling programs or editing files with some specific large software.
5. Added Memory Detection. It detects malware that uses the following technologies:
Reflective Dll Injection,
Process Hollowing,
Manually PE loading (Exe and Dll),
DotnetToJS, Sharpshooter, Net code in PowerShell.
Process Doppelgänging
Process Reimaging
Mimikatz
As well as remote threads in system processes.
Since many advanced attacks currently use the above method, it is foreseeable that our Memory Detection will greatly help users to keep from advanced threats.
6. Added protection against ransomware using RIPlace technology, while Document Protection also protects against ransomware using this technology.
7. The Behavior Detecion has been improved in multiple detection links, such as injecting other programs, stealing system credentials, loading hidden locations, using WMI, etc.
8. The Behavior Detection added a program protection feature to protect system programs that are easily used by some advanced attack technologies, for example, RegAsm.exe, msbuild.exe, rundll32.exe, powershell, etc.. Our Behavior Detection will protect the PowerShell process from being injected by other programs, and other programs cannot be injected into PowerShell.
9. Improved usability: The tray right-click menu is easier to use. Meanwhile, we have redesigned the main malware report name to make it more friendly to  users skilled in PC. They can learn the behavior of malicious programs from the main malware name.
10. Fixed Multiple bugs.
https://www.wisevector.com/en/en-history/

Program nieco się zmienił i oferuje więcej w oferowanych funkcjach i ustawieniach. To dobrze wróży Smile Wrzucę jakieś screeny niedługo, ale muszę się lepiej temu przyjrzeć i poukładać w głowie komentarz do nich.

---------------------
edit:
OK...program jest bardzo mało skomplikowany i prosty w obsłudze nawet dla nieobeznanego uzytkownika. Interfejs nie wymaga objaśnień, choć jest w angielskim (opcjonalnie do wyboru), a opcje to dwie zakładki
Basic (Podstawowe), gdzie znajdziemy już aktywne 4 opcje, a jedną z nich - ochronę w czasie rzeczywistym możemy dodatkowo ustawić dla 3 komponentów po kliknięciu na komendę "Set up"
   
Advanced (Zaawaansowane), w których znajdziemy kolejne mechanizmy ochronne, a niektóre z nich z mozliwością własnych modyfikacji.
   
Interesujące są wg mnie:
- ochrona anty-ransom, po włączeniu której program tworzy na każdym dostępnym dysku foldery tzw. "honeypoty" służące do zwabiania szkodnika
   
- ochrona dokumentów, gdzie do listy dopisujemy lokalizację swoich folderów z dokumentami/plikami...tu życie ułatwia funkcja automatycznego dodawania aplikacji zaufanych, które mają dostęp do chronionych folderów - po dodaniu folderu program bada pliki i autmatycznie dodaje aplikacje zaufane na bazie (jak sie domyślam) skojarzeń z rozszerzeniami (typami plików) ustawionymi w systemie np. *.docx - MS Word
   
- moduł "sledzenia instrukcji" czyli mechanizm pozwalający na sprawdzenie oryginalnego pochodzenia szkodliwego zachowania, co ma znaczenie w przypadku ataków ze wstrzykiwaniem kodu czy podszywania się pod inne aplikacje. Poniżej opis z listy zmian powyżej
Cytat:This technique makes identifying the original source of the malicious behavior in applications. It can effectively detect hidden threats such as DLL Side-Loading, thread hijacking and so on. At the same time, it can also detect stealth attacks in post-injection phase.
(...)
Recently, we have observed lots of RAT Trojans utilizing DLL hijacking to avoid detction by AV. These Trojans abuse whitelist APPs like Avast & ESET as well as APPs which are released by Samsung, TeamViewer, Citrix to perform DLL Side-Loading. We updated Instruction Tracer to make sure they can be detected without signature updates.

Mała uwaga odnośnie wykluczeń - są dwa sposoby, które jednak różnią się w skutkach, co wyjaśniło się dopiero niemal przed chwilą
- jeśli zrobimy wykluczenia w ustawieniach zaawansowanych, to pozycje na liście nie będą objęte analizą behawioralną i dotyczyć tylko będą plików EXE czyli procesów (tylko takie pliki da sie tu dodać)
- jeśli zrobimy to z ekranu głównego (polecenie na dole "Log/Exclusion/Quarantine") to możemy tam dodać dowolny plik lub folder, a pozycja na liście będzie wykluczona z detekcji behawioralnej i statycznej.
"Bezpieczeństwo jest podróżą, a nie celem samym w sobie - to nie jest problem, który można rozwiązać raz na zawsze"
"Zaufanie nie stanowi kontroli, a nadzieja nie jest strategią"
Odpowiedz




Użytkownicy przeglądający ten wątek: 1 gości