Powerful Techniques Create Excellent Performance
- More than 95% of ransomware cannot escape from our first layer of protection-Static Detection. Based on AI, WiseVector StopX can easily detect both known and unknown ransomware.
- Our Behavior Detection includes multiple ransomware detection modules that can terminate ransomware behavior instantly.
- When Deception-based Ransomware Detection is enabled, WiseVector StopX will create folders with irregular names in each disk and all these folders are ransomware traps.
- The Document Protection allows you to add files or folders which needs particular protection, after that only trusted programs can modify the files and folders being protected.
- Ransomware Rollback can backup files modified by suspicious programs in real time and revert changes caused by ransomware. Working alongside other ransomware detection features, it provides almost 100% protection against ransomware!
Stealer Malware Detection
- Info stealer malware is designed to harvest a variety of data (Browser Passwords, Cookies, FTP credentials, etc.,) on the computers. They usually minimize their behavior to decrease the chance of detection by AV. Most of them hide their presence on the system by using advanced malware stealth techniques such as injection, hollowing, etc. Based on their characteristics, we have added multiple modules to Memory Protection and Behavior Analysis to detect them.
- Malicious Behavior Detection is improved to protect users from webcam and microphone spying.
- By injecting malicious scripts, hackers can redirect users to the attacked website/server and steal their most sensitive data. Our Script Behavior Analysis is specilized to detect such behavior.
- Since detecting malicious payload in memory, it can effectively detect obfuscated malicious scripts.
- It detects advanced malware that uses the following techniques: Reflective DLL Injection，Process Hollowing，Manually PE loading(Exe and DLL)，DotnetToJS，Sharpshooter，Net code in PowerShell，Process Doppelgänging，Process Reimaging，Mimikatz as well as remote threads in system processes.
- It detects malware abusing whitelist APPs, such as Powershell, msbuild.exe, installutil.exe, regasm.exe, etc.
- It detects advanced threats based on tools such as PowerShell Empire, GreateSCT, nps_payload, ObfuscatedEmpire, unicorn, etc.
- It detects RAT Trojan abuses legitimate processes to hide their malicious implants, such as Gh0st, Meterpreter and CobaltStrike.
Unique Instruction Tracer
- This technique makes identifying the original source of the malicious behavior in applications. It can effectively detect hidden threats such as DLL Side-Loading, thread hijacking, etc. At the same time, it can also detect stealth attacks in post-injection phase.
- There are lots of RAT Trojan utilizing DLL hijacking to avoid detection by AV. These Trojans abuse whitelist APPs like Avast & ESET as well as APPs which are released by Samsung, TeamViewer, Citrix to perform DLL Side-Loading. Instruction Tracer is improved to ensure these Trojan can be detected without needing signature updates.
- According to the current trend of some APT attacks, it is improved to detect Trojan abusing DLL Side-Loading which manipulate the memory of whitelist program. It can effectively detect some advanced threats.