- Apr 13, 2013
- 3,224
- Content source
- https://www.youtube.com/watch?v=VTo_kBpvuPY
"Just when I thought I was out, they pull me back in..."
Michael Corleone
Michael Corleone
A Cylance Smart Antivirus Quickie
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Sep 3, 2017
- 825
Seems to be a Real 2 nd generation Av from Sky..:emoji_ok_hand:
- Mar 13, 2016
- 1,298
- Mar 17, 2016
- 464
@cruelsister
If Cylacne didn't block those worms, is it correct to assume a USB worm wouldn't even be blocked?!
If Cylacne didn't block those worms, is it correct to assume a USB worm wouldn't even be blocked?!
- Jan 29, 2017
- 1,201
- Apr 13, 2013
- 3,224
WS- (quotes do not seem to be working)- "Did you run those Cylance tests on a fully patched system?"
Yes- but as I know the malware intimately, none of the 3 use any Windows vulnerabilities to work. Actually in my malware Zoo I rate my Worms on a degree of difficulty (to detect)- from 1 to 5, 1 being the nastiest. The Worms I used were of the 3rd degree, not something even Ophelia would bother to code. The Zombie Bot also was not anything special.
Duotone- A USB Worm would slice through Cylance Smart AV like a Knife through soft butter. The reason I used Worms in this test is if you saw any of my 2nd opinion scanners vs Worms videos, a Home user that uses C Smart AV and does a scan with Malwarebytes or HMP may be infected and not know it. This is why comments like "I've been using this product all year and never had an infection" are depressing to me...
ps- Oh Yeah- the song was a cover by Tina Dico. Thought I needed something subversive for this one.
Yes- but as I know the malware intimately, none of the 3 use any Windows vulnerabilities to work. Actually in my malware Zoo I rate my Worms on a degree of difficulty (to detect)- from 1 to 5, 1 being the nastiest. The Worms I used were of the 3rd degree, not something even Ophelia would bother to code. The Zombie Bot also was not anything special.
Duotone- A USB Worm would slice through Cylance Smart AV like a Knife through soft butter. The reason I used Worms in this test is if you saw any of my 2nd opinion scanners vs Worms videos, a Home user that uses C Smart AV and does a scan with Malwarebytes or HMP may be infected and not know it. This is why comments like "I've been using this product all year and never had an infection" are depressing to me...
ps- Oh Yeah- the song was a cover by Tina Dico. Thought I needed something subversive for this one.
@cruelsister could you please elaborate why use .js worms knowing that is scans only PE's and not made connections to remote hosts or by wscript? Thanks.
- Apr 13, 2013
- 3,224
The worms I used were not JScript at all, and the Zombie Bot was an exe. In short, if you use C Smart AV Ophelia will own you.
About the script comments, I'd think that a review demonstrating the weaknesses of Cylance (non-PE's) is beneficial anyway, otherwise someone could end up sifting through many reviews without realizing those weaknesses (and may never realize until it is too late!). It's normally expected for an Anti-Virus product to be capable of scanning scripts and not just traditional PE's, even if most Anti-Virus products aren't "good" with it.
There is a lot of script-based malware out there... For the past few years in the analysis labs, I've seen a majority of the scripts I get handed to be acting as a down-loader for the main payload - you have to work fast sometimes before the C&C servers/downloads become inactive.
Cylance could always consider Antimalware Scan Interface (AMSI) on Windows for Windows 10 and above environments. It will provide some script scanning capabilities for them to integrate into their product. I recently had to make some adjustments to our implementation of it before the holidays. You can read more information about it here: Antimalware Scan Interface
I've seen Cylance perform quite well when it is used in combination with other products for a layered protection configuration. I've also seen it fail though - and I have seen other vendors fail a lot harder too. They have definitely been improving since they started up and I'm looking forward to the progress with it.
There is a lot of script-based malware out there... For the past few years in the analysis labs, I've seen a majority of the scripts I get handed to be acting as a down-loader for the main payload - you have to work fast sometimes before the C&C servers/downloads become inactive.
Cylance could always consider Antimalware Scan Interface (AMSI) on Windows for Windows 10 and above environments. It will provide some script scanning capabilities for them to integrate into their product. I recently had to make some adjustments to our implementation of it before the holidays. You can read more information about it here: Antimalware Scan Interface
I've seen Cylance perform quite well when it is used in combination with other products for a layered protection configuration. I've also seen it fail though - and I have seen other vendors fail a lot harder too. They have definitely been improving since they started up and I'm looking forward to the progress with it.
- May 9, 2015
- 630
And the Cylance hype bubble burst. This is why I said Cylance is just another Anti-Virus and one guy got triggered by it Thank you CS
Thank you CS
- Apr 13, 2013
- 3,224
Libera- A superb comment! I am gratified that you realize the threat posed by simple Scriptors. That has been my main theme for the past few years in the hope that Users would harass the 3rd party vendors enough that such protection was afforded. But apparently I have been nothing but a voice crying out in the Wilderness...
Also, as you state, AMSI is indeed powerful but not utilized to the extent that it should be.
Also, as you state, AMSI is indeed powerful but not utilized to the extent that it should be.
cruel, nice song again. Sounds like the same voice as the woman that sang X's and O's.
You should through a Windows 10 Enterprise VM on that machine. You can pick up the free limited time VM here.
Download a Windows 10 virtual machine - Windows app development
You should through a Windows 10 Enterprise VM on that machine. You can pick up the free limited time VM here.
Download a Windows 10 virtual machine - Windows app development
- Apr 16, 2017
- 2,613
did like the song, and video, and not my intent to depress you, and related cylanceProtect 99.99+% sure I'm not infected, but then I run cf@cs too :notworthy:
- Mar 13, 2016
- 1,298
- Apr 16, 2017
- 2,613
- May 29, 2018
- 2,728
3 threads, one locked, 20+ pages, half-dozen malware tests, one video... All that to demonstrate what some of us knew from the start: cylance's "very-much-averageness and overhype...And the Cylance hype bubble burst. This is why I said Cylance is just another Anti-Virus and one guy got triggered by it
Next-Gen remind me of those resurrected traditional martial arts, they are fancy, sweet choregraphic moves, attractive to beginners and make them feeling invincible but in the end, they get totally destroyed in a street fight...
To those misled souls that pay for it, i will say : refund time! Because with a bit of learning and some free tools, you will have better security.
Itwt
I've never had the honor of looking into Invincea X but it would definitely be an interesting spectate. Doesn't SOPHOS own it though? If I remember correctly, it's by the same company that Sandboxie was from, but then SOPHOS bought that company and starting implementing the technology into their own services whilst using their own resources to improve it.
If I am right, it should be worth noting that SOPHOS is a very valuable company, especially now. The Surfright acquisition did very well for them because of HitmanPro.Alert technology which extensively helped them with the creation of Intercept X.
Did you mean my post? I'm very sorry if you did, I wasn't trying to come off as a Cylance fan. I think they are mediocre, not any better than the other fish in the sea, but definitely not the worst.
I do not think the Smart Anti-Virus would be convenient for a novice because of its limitations (and they still need a lot more time to keep maturing and improving their data-sets) but it might be a good companion for an advanced user. For enterprise, I'd rather go elsewhere than use their enterprise version.
The Artificial Intelligence in Cylance is bound to be similar to that of what is implemented in other products by already well-known vendors. The truth is, most vendors have their own implementation of Machine Learning/Artificial Intelligence (you can slap on either names really) and most lean towards the cloud for it to lean off resource usage on the clients machine (e.g. Microsoft Azure, Amazon Web Services, etc.). The ML/Ai traditionally found in an Anti-Virus/Internet Security/Endpoint solution is going to evolve around training with a wide select of samples, causing the flagging of samples which are < or > alike the trained samples. Some forms of ML/Ai can be more complex though depending on the approach.
- Oct 4, 2017
- 20
I'd avoid Cylance just for its false positives. The sheer amount of things it flags as "Unsafe" is baffling. I would not consider this Next-Gen, I'd consider this insane. I tested out Cylance a few days ago and it quarantined A LOT of safe important signed files for programs I need. There's no excusing this.
Similar threads
