Let Time Witness Our Growth
WiseVector StopX V3.07
June 3, 2022
1. Detected malware by using malicious direct system calls to evade security product. For example, the Magniber ransomware executes direct system calls to inject shellcode into legit Windows processes to encrypt files. WiseVector StopX can stop this ransomware before encryption, it can also detect malware integrated with SysWhispers to bypass AV.
2. Improved behavior detection to detect recent attacks, CVE-2022-30190 for example.
3. Improved the detection of RAT trojans which use advanced techniques to evade deep memory inspection.
4. Fixed other bugs.
It can be installed by overwriting. Online update is not available now.
WiseVector StopX V3.06
April 13, 2022
1. Improved Shellcode detection. WiseVector StopX can monitor the Shellcode’s full life cycle. Malware writers often use well-known customized Shellcode (e.g. Meterpreter and CobaltStrike) to execute malicious instructions to avoid static detection. WiseVector StopX can detect this type of Shellcode nearly 100%, therefore it can stop malware at the early stage.
2. Improved ransomware detection. Added multiple modules to detect ransomware.
3. Improved Behaviour Detection to detect modern injection techniques.
4. Fixed other bugs.
It can be installed by overwriting. Online update is not available now.
WiseVector StopX V3.05
February 19, 2022
1. Added WMI firewall, which can prevent malware attacks (execution, persistence, exfiltration, etc.) by using WMI (Only supports Windows 8 and above) .
2. Improved self-protection against malicious programs that use various techniques to stop WiseVector StopX.
3. Improved the protection against data stealer trojans. Added multi-step behavior detection model to detect Discord Token stealer.
4. Detected malware which modify system VBR, disk partition tables.
5. Improved the protection of SAM database, which can prevent attacks such as adding a user to Windows or changing user passwords.
6. Detected malware which dump Windows passwords by installing Security Support Provider (SSP).
7. When HIPS prompts for driver loading, it will show the real program that loads the driver.
8. HIPS will prompt user if Chrome tries to load a suspicious extension.
9. Added multiple new events in HIPS rules.
10. Fixed other bugs.
WiseVector StopX V3.03
December 12, 2021
1. Fixed the issue that some Apps cannot start occasionally after installing WiseVector StopX.
2. Improved HIPS.
WiseVector StopX V3.02
December 9, 2021
1. Added the detection to block malware by sending SCSI IRP to disk driver to write MBR directly.
2. Enabled WiseVector StopX to auto-start in both Standard User Account and Administrator Account without task scheduler.
3. The main program window now shows the time of the last successful update.
4. Fixed a bug in MBR protection, which may cause the failure to stop malicious programs writing to MBR.
5. Fixed some bugs in the rule editor, including the digital signature restriction does not work properly and the rule name cannot be modified.
6. Fixed the Blue Screen that may occur occasionally when exiting WiseVector StopX.
7. Fixed the Blue Screen that may be caused by network protection.
8. Fixed the issue that the firewall may fail to block connections when Blocking All mode is on.
9. Fixed the issue of high CPU usage when using some file download managers.
WiseVector StopX V3.01 Beta
July 15, 2021
1. Fixed the issue that the program may crash under certain circumstances.
2. Fixed the issue that may cause computer freezes.
3. Fixed a bug in firewall driver that may cause BSOD.
4. Fixed the high CPU usage when the network traffic is high.
5. Fixed the problem that the software updates may fail under Windows XP system and also optimized resource usage in XP.
6. Optimized the firewall for maximum performance.
7. Now only prompt once for the same malicious DNS queries, to avoid too many popups.
8. Fixed other bugs.
WiseVector StopX V3.00 Beta
June 21, 2021
1. Added firewall, web protection, network intrusion detection.
2. Both HIPS and firewall support security level adjustment. Users can adjust the security level according to their needs.
3. Added support to write HIPS and firewall rules. Users can write rules according to their needs to get better protection.
4. Improved the process injection detection, added multiple multi-step models to detect malicious programs using advanced injection techniques.
5. Improved stealer malware detection, in addition to the already exists multi-step models, we added multiple single-step models based on artificial intelligence and reputation. When a program that is not trusted by the AI and trying to access the user’s sensitive data, such as username and password saved in the browser, cryptocurrency wallet data, etc. WiseVector StopX will prompt the user to allow or deny each operation detected. This is a good strategy against some stealer malware that utilized bat files, lnk files, Python scripts to harvest user’s data . Although the code of these malware is relatively simple, the attack is very tricky to detect by multi-step models.
6. Improved stability and reliability of behavior monitoring. For example, driver loading, Webcam access, scheduled task creation monitoring is more efficient and stable than before.
7. Fixed other bugs.
WiseVector StopX V2.73
January 30, 2021
1. Improved the compatibility with some other software.
2. Corrected a misspelled word.
3. Improved performance.
WiseVector StopX V2.72
January 13, 2021
1. Fixed a particular resource leak.
2. Fixed the issue that the behavior detection might fail to clean up malicious leftovers.
3. Speed up scanning on large files.
4. Improved the stability of ransomware rollback.
5. Improved performance.
WiseVector StopX V2.71 Beta
January 4, 2021
1. Fixed the issue that ransomware rollback may fail to rollback some encrypted files.
2. Redesigned the rollback window, now users can adjust the window size so that they can view the rollback items clearly.
3. Show cleanup progress when users are cleaning a large number of malware.
4. Fixed the issue that the file name may be garbled after restoring from quarantine.
5. Fixed the issue that WiseVector StopX may cause other programs to get stuck.
6. Registry monitoring is more powerful, which can detect more malicious programs that modify the registry.
7. Added backup of php, jsp, asp files for ransomware rollback.
8. Reduced the resource usage.
WiseVector StopX V2.70 Beta
December 23, 2020
1. Added lightweight rollback to roll back changes caused by some destructive malware, such as ransomware.
This feature has been designed to remain lightweight and users can hardly notice any performance degradation.
2. Redesigned the real-time file monitoring, it is more sensitive and faster than before.
3. Redesigned the Behavior Detection. Now the Behavior Detection can identify more unknown file infector viruses, being more capable of detecting advanced threats.
4. Improved Memory Protection to detect RAT trojan abuses legitimate processes to hide their malicious implants, such as Gh0st, Meterpreter and CobaltStrike.
5. Malware quarantine is now sorted by date. Quarantine reason is added.
6. The UI is not transparent now, so that the interface can be displayed more clearly. Added some new skins.
7. Improved the ability to delete malicious files being locked.
8. Now users can select whether or not to automatically download and install program updates.
WiseVector StopX V2.67
Septemper 2, 2020
1. Improved the Memory Protection to detect IcedID, Dridex and other banker trojan.
2. Solved the problem that WiseVector StopX might stuck when it is scanning the Office files with XLM macro.
3. Improved the stability of Memory Protection when a large number of processes being executed at a time.
4. Improved the stability of Document Protection.
5. Fixed other bugs.
WiseVector StopX V2.66
July 8, 2020
1. Added detection of malicious SLK files.
2. Improved the Instruction Tracer. According to the current trend of some APT attacks, we improved the detection of Trojan abusing DLL Side-Loading which manipulate the memory of whitelist program. It can effectively detect some advanced threats.
3. Improved self-protection.
4. Resolved the conflict between the Instruction Tracer and some APPs. The conflict may cause some APPs to be stucked.
5. Fixed the issue that the WiseVector.exe may crash in Win10 2004.
6. Improved the update procedure to make the update process more robust.
7. Fixed the issue that scheduled tasks may not be removed when uninstalling.
8. The uninstaller is now digitally signed.
WiseVector StopX V2.65
June 7, 2020
1. Improved Memory Protection to detect malware abusing whitelist applications, such as Powershell, msbuild.exe, installutil.exe, regasm.exe, etc. It can effectively detect advanced threats based on tools such as PowerShell Empire, GreateSCT, nps_payload, ObfuscatedEmpire, unicorn, etc. Since it detects malicious payload in memory, it can effectively detect obfuscated malicious scripts.
2. Instruction Tracer improved. Recently, we have observed lots of RAT Trojans utilizing DLL hijacking to avoid detection by AV. These Trojans abuse whitelist APPs like Avast & ESET as well as APPs which are released by Samsung, TeamViewer, Citrix to perform DLL Side-Loading. We updated Instruction Tracer to make sure they can be detected without needing signature updates.
3. Upgraded detection engine to improve accuracy.
4. Fixed the problem that Behavior Detection may fail to quarantine malware.
5. Improved detection of malicious RTF documents.
6. Fixed an uninstallation problem in Windows XP.
7. Fixed other bugs.
WiseVector StopX V2.64
May 26, 2020
1. Fixed a file parsing error that may decrease the detection rate of static scan.
2. Fixed a specific file parsing error that may cause WiseVector StopX’s service exit when scanning.
3. Fixed other bugs.
WiseVector StopX V2.63
May 20, 2020
1. Fixed the issue that parsing particular files may decrease the detection rate.
2. Fixed the issue that the tray icon occasionally missing after Windows Explorer restarted.
3. Fixed the issue that the scanner might stuck on “preparation to scan”.
4. Improved memory protection to reduce resources usage.
5. Fixed some logical issues in the settings.
WiseVector StopX V2.62 Beta
May 12, 2020
1. Fixed the issue that may cause increased memory use under certain specific conditions.
2. Fixed the issue that after minimizing the window, it may not be restored from the taskbar.
3. Prevented flickering window once at startup.
4. Increase the detection rate of malware in Office format.
5. Fixed the issue that memory detection may cause a bit high CPU usage under certain specific conditions.
6. Fixed the issue of scanning a large number of malware that cannot be processed at once.
7. Some other adjustments on the GUI.
WiseVector StopX V2.61 Beta
May 1, 2020
1. Fixed a GUI bug that some options at the bottom of the settings page cannot be changed(Thread Statics and the Proxy Server).
2. Fixed the issue that memory protection might conflict with some virtualization-based portable software and some security software released by Humming Heads inc. Since those software will inject hidden modules into system process, WiseVector StopX detected them as malware.
3. Fixed other bugs.
WiseVector StopX V2.60 Beta
April 30, 2020
1. Upgraded the AI engine to improve detection rate and reduce false positives. Users can adjust the protection level according to their needs. It should be noted that the protection level only affects static scanning and basic real-time monitoring, and does not affect behavior analysis and memory protection.
2. Added the instruction tracer module.This technique makes identifying the original source of the malicious behavior in applications. It can effectively detect hidden threats such as DLL Side-Loading, thread hijacking and so on. At the same time, it can also detect stealth attacks in post-injection phase.
3. Improved the detection of Info stealer malware. Info stealer malware is designed to harvest a variety of data (Browser Passwords, Cookies, FTP credentials, etc.,) on the computers. They usually minimize their behavior to decrease the chance of detection by AV. Most of them hide their presence on the system by using advanced malware stealth techniques such as injection, hollowing, etc.. Based on their characteristics, we have added multiple modules to memory protection and behavioral analysis to detect them.
4. Improved the memory protection. Besides the Info stealer detection module we mentioned above. We also added multiple RAT detection modules, which can detect RAT uses DLL hijacking to evade the behavior monitoring (Gh0st, Parallax, etc.,). At the same time, the conflicts between memory protection with other security software is resolved. and also reduces the CPU consumption.
5. Improved Ransomware detection. We added several ransomware detection modules which can terminate the behavior of ransomware at an earlier stage.
6. Privacy protection got improved which can protect users from webcam and microphone spying.
7. Improved MBR and partition table protection.
8. Fixed the issue that may cause BSOD under certain conditions.
9. The user can set whether to turn on a specific component of the basic real-time monitoring.
10. We optimized code to reduce CPU consumption and disk I/O. 2.6 is even lighter than the previous versions.
11. Fixed other bugs.
WiseVector StopX V2.50 Beta
January 17, 2020
1. Engine improved: We brought deep reinforcement learning to the training process. This method makes the classifier to be trained continuously on samples that are easy to misclassify to get better detection results. We also performed feature engineering again. After the above efforts, the accuracy of the engine has been improved.
2. We added a module to detect a class of banking Trojans. Such Trojans often use MSI installation packages to release DLL Side-Loading. The size of the DLLs is generally large, so AV based on Cloud usually cannot detect them, but our new module has a detection rate of more than 98% for such DLLs.
3. Faster scanning speed.
4. We used a graph-based algorithm internally to save the running logs of the program. In the new version we have optimized the algorithm to make the speed of the Behavior Detection several times faster in some specific cases, including the process launching multiple child processes, or the program itself is larger, etc. Users will experience a speed increase when compiling programs or editing files with some specific large software.
5. Added Memory Detection. It detects malware that uses the following technologies:
Reflective Dll Injection,
Manually PE loading (Exe and Dll),
DotnetToJS, Sharpshooter, Net code in PowerShell.
As well as remote threads in system processes.
Since many advanced attacks currently use the above method, it is foreseeable that our Memory Detection will greatly help users to keep from advanced threats.
6. Added protection against ransomware using RIPlace technique, while Document Protection also protects against ransomware using this technique.
7. The Behavior Detecion has been improved in multiple detection links, such as injecting other programs, stealing system credentials, loading hidden locations, using WMI, etc.
8. The Behavior Detection added a program protection feature to protect system programs that are easily used by some advanced attack techniques, for example, RegAsm.exe, msbuild.exe, rundll32.exe, powershell, etc.. Our Behavior Detection will protect the PowerShell process from being injected by other programs, and other programs cannot be injected into PowerShell.
9. Improved usability: The tray right-click menu is easier to use. Meanwhile, we have redesigned the main malware report name to make it more friendly to users skilled in PC. They can learn the behavior of malicious programs from the main malware name.
10. Fixed multiple bugs.
WiseVector StopX V2.09
July 17, 2019
1. Improved defense against Revenge Fileless Malware Family.
2. Resolved the Handle Leak in certain circumstances.
3. Resolved some false positives in behavior detection.
WiseVector StopX V2.08
July 17, 2019
1. Improved detection of UAC bypass attacks.
2. Behavior detection can now parse complex command lines written to the registry. Improved the ability to detect stealth malware.
3. Fixed a bug in process chain analysis. Improved the ability to remove malware leftover parts.
4. Improved Ransomware detection.
5. Improved defense against the AdWind family. In these days, we have tested hundreds of samples belong to Adwind family and the result is satisfied.
6. Redesigned quarantine, trust zone and log. Now they are clearer and easier to view.
7. Other bugs fixed.
WiseVector StopX V2.0
July 9, 2019
Many new feature added.
1. Advanced Protection which includes:
A. Behavior Detection based on AI
B. Scripts Behavior Analysis(Including fileless malware detection)
C. Zero_day Malware Detection
D. Important Applications Protection(eg: Office, Flash, PDF, Reader, IE)
E. Dll Hijack Detection
2. Ransomware Behavior Detection
3. Ransomware Trap
4. Documents Protection
5. Improved Self-protection.
6. Imrpoved Scanning speed.
7. Active memory scanning now added in Real-time Monitor.
WiseVector StopX V1.34
June 19, 2019
Fixed conflict with Uplay.
WiseVector StopX V1.33
March 16, 2019
1. Fixed the issue to scan Zip Bomb.
2. Fixed the issue with scanning the Office template format.
WiseVector StopX V1.32
January 23, 2019
1. Added the detection of Office documents in XML format.
2. Custom scan has the option to select hidden folders. Upload has the option to select hidden files.
3. Fix the issue that scan unicode file with abnormal name may be skipped.
WiseVector StopX V1.29
November 24, 2018
1. Fixed the loss of files on the trust list caused by force restart of the PC.
2. Fixed the issue that the tray icon could not be displayed when multiple explorer processes crashed at the same time.
3. Fixed other issues with stability.
WiseVector StopX V1.28
November 23, 2018
1. Fixed the issue that could cause the installation of some third-party software such as browser plug-ins to fail.
2. Fixed the issue with scanning malformed office documents would get stuck.
3. Improve the scanning speed of pdf files.
4. Improve the efficiency and speed of file monitoring.
WiseVector StopX V1.27
September 2, 2018
1. Fixed the issue that the icon may become transparent after starting the OS.
2. Fixed some interface loading issues.
3. Fixed other bugs.
WiseVector StopX V1.26
August 26, 2018
1. Trust list can add directories.
2. Fixed the issue that the trust list might be automatically cleaned up under specific conditions.
3. Fixed parsing of some special PE output tables.
4. Increased the scanning speed of certain files.
WiseVector StopX V1.25
August 4, 2018
1. Resolved the incompatibility between the Behavior Detection and some Powershells.
2. Fixed the issue that the settings could not be opened under certain circumstances.
3. Completed the logic of full scan.
4. Improved AI to learn Win32 / Nabucur virus.
5. Reduce the need to restart after online upgrades.
WiseVector StopX V1.24
July 30, 2018
1. Improves the stability of file monitoring.
2. Improve the scanning speed of OLE documents.
3. Prevented a warning that may appear when uploading files.
4. Prevented a possible stuck when installing APPs in XP.
5. Fixed several issues with parsing abnormal PEs.
WiseVector StopX V1.23
1. Fixed the issue with parsing VMP shells.
2. Fixed the issue with parsing super large files.
3. Fixed the issue that the icon did not show when Windows Explorer crashed.
WiseVector StopX V1.22
July 16, 2018
WiseVector StopX was compatible with high score screen.
WiseVector StopX V1.21
July 14, 2018
1. Fixed the PDF model.
2. Fixed an error in OLE document format recognition.
3. Corrected the analysis of NET Native program.
WiseVector StopX V1.20
July 12, 2018
1. Fixed the issue that WiseVector StopX did not start automatically after “Quick Start” was enabled in Win10.
2. FIxed the issue that after exiting, the Monitor may did not work when restarting WiseVector StopX.
3. WiseVector StopX was able to scan more file formats.
WiseVector StopX V1.10
July 5, 2018
1. Fixed a bug in streaming update.
2. Fixed a bug in VB program automatic feature code extraction.
3. Fixed the issue with 64-bit Dotnet program feature extraction.
4. Removed unmature supply chain attack detection.
WiseVector StopX V1.0
July 1, 2018
With the great efforts of all staff, WiseVector StopX V1.0 was finally released!