Yeah, it no longer contains Open Candy. The "virus" you marked up in the image are installer for EaseUS to download the complete package from the cloud. So it's a false detection by WiseVector StopX and it was removed. You can test again, and there should be no similar prompt or warning from StopX. Thanks.
You are talking about HIPS. I don't think I have the ability to write a script containing anything unusual.
I'm talking about whitelisting any user written script that executes powershell. In part that is how signature-less malware detection works.
Maybe you read the user guide for another product linked here? In layman's terms it explains how to use such programs.
WiseVector StopX component?
It's explains that if blocks something that you asked or intended to run, then allow it if you know it's safe or if you don't know then do further checks before allowing the file to run.
Otherwise, if something gets blocked out of the blue, then just ignore it and assume it was a malware or a virus. Or only allow and whitelist once you know that it's safe.
These types of programs are supposed to lock down your system and prevent all possible malware including unknown files, files that take advantage of unpatched vulnerabilites in system and zero day attacks and so on without relying on signatures.
I am thinking about the possibility of creating a rule that automatically excludes script files created by an administrator on Windows. Such files should not be counted as unknown files. Such a rule will obviate the following need:
By the way, if you have spare time, take a look at the "Reputation and Badges" thread.
More precisely, "yun" is the pinyin of the character "云", which means "cloud".
Yes I know what it is. So if security software alerts that a program connects to a server to download and install files then it is doing it's job. Most experienced users would set to "prompt for action" rather than auto quarantine/ delete. Anyway the whole point about HIPS is that it needs training on the user's system. So you would spend an hour or two launching any file, script, program that you can think of that might produce an alert and whitelist those. Then you will only encounter warnings when something new to your system attempts to launch. In the past I've used Comodo CIS with Firewall includes HIPS, Threatfire (now obsolete but included HIPS), VoodooShield Pro and probably a few others. They all need "training" but you should not just whitelist ecerything in %appdata% or system32 and so on because you are bothered by pop up warnings. Once you whitelist problem files (safe files on your system that produce a warning) then you won't be bothered by anything unless something new to your system wants to run.
Quote
