App Review Cylance Smart Antivirus 2018 Bypassed

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
E

Eddie Morra

erreale said:
I absolutely agree with you. The programs have been tested with the default settings and we know very well that with some changes the software greatly improve. But how many users use default settings? I think the majority.
Click to expand...
A majority of users will be downloading content which isn't brand new and has been seen before though. Home users are rarely targeted with brand new attacks... you'll have a few victims and then the attack/s will be too exposed to continue being effective against services from resourceful vendors (most of the time).

That being said, home users are not usually included in targeted attacks either. Such is almost always reserved for business customers, usually for the intention of credential theft/sensitive data ex-filtration as the main goal.

These "Proof-Of-Concept" videos are pretty much useless in the real-world because it does not represent a real-world scenario - we cannot even validate whether the "Proof-Of-Concept ransomware" is actually behaving like real ransomware in this specific test.
 
  • Like
Reactions: In2an3_PpG, bribon77, Der.Reisende and 6 others
A

artek

Level 5
Verified
May 23, 2014
236
There's a thread on wielders about these vids. I think CruelSister said it best:

"The malware payload ALWAYS has additional thingies coded in to it. Notice sometimes there is a forced reboot? Sometimes the cmd prompt does not work? But ALWAYS there is the Taskbar vanishing. As I was curious about the latter, I asked Ophelia (nasty cat!- especially when I run out of 10 year old Wisconsin cheddar). She informed me that the easiest way to make a video that would deceive the ignorant is to add a "taskkill /f /IM explorer.exe" command. This will kill the taskbar clock and allow the video author to do anything that they want and use as much time that would be needed to re-run the sample with the prime protection disabled. And God alone knows why on some videos the command prompt was called up and shown not to work. A simple taskkill /f /IM cmd.exe" would do this. Not exactly Rocket Surgery."

A single missed sample does not call into question the protection capabilities of an anti-malware program. The few of you suggesting that it does should know better. Your bias is showing.
 
Last edited:
  • Like
Reactions: simmerskool, bribon77, vtqhtr413 and 4 others
F

ForgottenSeer 72227

Very interesting test, but again as others have said Cylance Smart AV is a basic antivirus, so we should take it at face value. I don't have anything against Cylance, but I am not a huge fan of their marketing and tactics when it comes to announcing the fact they have developed the next best thing to slice bread. Personally I think this is where the majority of the animosity towards Cylance comes from, not that its a capable product, but people aren't huge fans of how they market/present themselves.


Eddie Morra said:
A majority of users will be downloading content which isn't brand new and has been seen before though. Home users are rarely targeted with brand new attacks... you'll have a few victims and then the attack/s will be too exposed to continue being effective against services from resourceful vendors (most of the time).

That being said, home users are not usually included in targeted attacks either. Such is almost always reserved for business customers, usually for the intention of credential theft/sensitive data ex-filtration as the main goal.
Click to expand...

This is a very good point!

I know we read about major breaches, very sophisticated malware/attacks, but when one takes the time to step back and look at the whole picture, these attacks always happen to businesses/governments, never home users. I'm not saying we should ignore them completely, but in reality the bad guys/gals aren't going to waste their time/resources on home users (when it comes to advanced attacks), they are going to save them to attack business/governments, as its more lucrative to do so.
 
Last edited by a moderator:
  • Like
Reactions: ChemicalB, vtqhtr413, Nightwalker and 2 others
F

ForgottenSeer 58943

Before the kiddies get all up and arms about this I should point out the video is pretty questionable, especially the forced reboot and screen blackout.

Nevertheless, we should probably discuss the fact that under normal operational use the average joe would likely never see this or even get a chance to execute it, and then ignore the UAC prompts on a strange unknown file. That's without even going into the fact that this random_youtube_millennial A) Had physical access to the machine. (anyone worth their salt knows, physical access means all bets are off and all security is invalidated) B) Likely coded some targeted modifications. C) Did suspect things in the video.

Don't get your panties all bunched up and bring a buddy along with Cylance.
 
  • Like
Reactions: simmerskool, oldschool, bribon77 and 2 others
D

Deleted member 178

ForgottenSeer 58943 said:
Nevertheless, we should probably discuss the fact that under normal operational use the average joe would likely never see this or even get a chance to execute it, and then ignore the UAC prompts on a strange unknown file.
Click to expand...

Average Joe would click on an attractive ad/social media link, get redirected to a malicious site, then be victim of a drive-by Download and other XSS attack, the file will be downloaded silently, and would auto-execute. Average Joe would click allow on UAC (if they didn't disabled it because it is "annoying"...).

So not so uncommon... And Cylance SA would still suck...

Average Joe is unaware and more readily to click anything just to get rid of the prompts...we are a niche, we don't represent Average Joe behaviors..
 
Last edited by a moderator:
  • Like
Reactions: bribon77 and harlan4096
erreale

erreale

Level 9
Thread author
Verified
Content Creator
Malware Hunter
Well-known
Oct 22, 2016
409
@Umbra & @ForgottenSeer 58943

I did not want to trigger a bickering war between those who are against and those who pro Cylance. In any case, the bypassed software is not just Cylance but many others (just look at the youtuber channel) and always that the bypass is true.
Here it is only to understand what technique has been used and how. We leave the factions out of this discussion.
 
  • Like
Reactions: oldschool, bribon77, upnorth and 1 other person
5

509322

Cylance.gif
 
  • Like
Reactions: In2an3_PpG, harlan4096, bribon77 and 2 others
A

artek

Level 5
Verified
May 23, 2014
236
Umbra said:
Average Joe would click on an attractive ad/social media link, get redirected to a malicious site, then be victim of a drive-by Download and other XSS attack, the file will be downloaded silently, and would auto-execute. Average Joe would click allow on UAC (if they didn't disabled it because it is "annoying"...).

So not so uncommon... And Cylance SA would still suck...

Average Joe is unaware and more readily to click anything just to get rid of the prompts...we are a niche, we don't represent Average Joe behaviors..
Click to expand...

Why is the file auto-executing?
 

Similar threads

Cleo
    • Like
    • Sad
    • Wow
Dropping Cylance Smart Antivirus from iOS and Android on March 1st.
Replies
4
Views
482
Other security for Windows, Mac, Linux
Cleo
Cleo
vtqhtr413
    • Applause
    • Like
    • +Reputation
Security News LockBit ransomware admin identified, sanctioned in US, UK, Australia
Replies
1
Views
880
Security News
Wrecker4923
Wrecker4923
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review ESET Smart Security Premium 2024
Replies
20
Views
2,304
Video Reviews - Security and Privacy
Shadowra
Shadowra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top