cruelsister

Level 37
Verified
Trusted
Content Creator
WS- (quotes do not seem to be working)- "Did you run those Cylance tests on a fully patched system?"

Yes- but as I know the malware intimately, none of the 3 use any Windows vulnerabilities to work. Actually in my malware Zoo I rate my Worms on a degree of difficulty (to detect)- from 1 to 5, 1 being the nastiest. The Worms I used were of the 3rd degree, not something even Ophelia would bother to code. The Zombie Bot also was not anything special.

Duotone- A USB Worm would slice through Cylance Smart AV like a Knife through soft butter. The reason I used Worms in this test is if you saw any of my 2nd opinion scanners vs Worms videos, a Home user that uses C Smart AV and does a scan with Malwarebytes or HMP may be infected and not know it. This is why comments like "I've been using this product all year and never had an infection" are depressing to me...

ps- Oh Yeah- the song was a cover by Tina Dico. Thought I needed something subversive for this one.
 
D

Deleted Member 3a5v73x

@cruelsister could you please elaborate why use .js worms knowing that is scans only PE's and not made connections to remote hosts or by wscript? Thanks.
Cylance Smart Antivirus only scans Portable Executable Files (PE), such as .exe, .dll etc.
Cylance Smart Antivirus does not do a traditional background threat detection, and will only scan active and opened files and processes. If a file on a secondary drive like an external hard drive is opened/copied/moved, this will trigger a process attached to the file at while point the Cylance Smart Antivirus Agent would scan it.
 
About the script comments, I'd think that a review demonstrating the weaknesses of Cylance (non-PE's) is beneficial anyway, otherwise someone could end up sifting through many reviews without realizing those weaknesses (and may never realize until it is too late!). It's normally expected for an Anti-Virus product to be capable of scanning scripts and not just traditional PE's, even if most Anti-Virus products aren't "good" with it.

There is a lot of script-based malware out there... For the past few years in the analysis labs, I've seen a majority of the scripts I get handed to be acting as a down-loader for the main payload - you have to work fast sometimes before the C&C servers/downloads become inactive.

Cylance could always consider Antimalware Scan Interface (AMSI) on Windows for Windows 10 and above environments. It will provide some script scanning capabilities for them to integrate into their product. I recently had to make some adjustments to our implementation of it before the holidays. You can read more information about it here: Antimalware Scan Interface

I've seen Cylance perform quite well when it is used in combination with other products for a layered protection configuration. I've also seen it fail though - and I have seen other vendors fail a lot harder too. They have definitely been improving since they started up and I'm looking forward to the progress with it.
 

cruelsister

Level 37
Verified
Trusted
Content Creator
Libera- A superb comment! I am gratified that you realize the threat posed by simple Scriptors. That has been my main theme for the past few years in the hope that Users would harass the 3rd party vendors enough that such protection was afforded. But apparently I have been nothing but a voice crying out in the Wilderness...

Also, as you state, AMSI is indeed powerful but not utilized to the extent that it should be.
 

simmerskool

Level 9
Verified
Malware Tester
WS- (quotes do not seem to be working)- "Did you run those Cylance tests on a fully patched system?"

Yes- but as I know the malware intimately, none of the 3 use any Windows vulnerabilities to work. Actually in my malware Zoo I rate my Worms on a degree of difficulty (to detect)- from 1 to 5, 1 being the nastiest. The Worms I used were of the 3rd degree, not something even Ophelia would bother to code. The Zombie Bot also was not anything special.

Duotone- A USB Worm would slice through Cylance Smart AV like a Knife through soft butter. The reason I used Worms in this test is if you saw any of my 2nd opinion scanners vs Worms videos, a Home user that uses C Smart AV and does a scan with Malwarebytes or HMP may be infected and not know it. This is why comments like "I've been using this product all year and never had an infection" are depressing to me...

ps- Oh Yeah- the song was a cover by Tina Dico. Thought I needed something subversive for this one.

did like the song, and video, and not my intent to depress you, and related cylanceProtect 99.99+% sure I'm not infected, but then I run cf@cs too :notworthy::)(y)
 
  • Like
Reactions: AtlBo and BryanB

Moonhorse

Level 29
Verified
Content Creator
''They hate you if you're clever and they despise a fool ''

I really like your choice of music, prefer this one from john lennon tho.

Thanks for video


ps. ''If you want to be a hero well just follow me ''

Will do
 
  • Like
Reactions: AtlBo
D

Deleted member 178

And the Cylance hype bubble burst. This is why I said Cylance is just another Anti-Virus and one guy got triggered by it :D Thank you CS (y)
3 threads, one locked, 20+ pages, half-dozen malware tests, one video... All that to demonstrate what some of us knew from the start: cylance's "very-much-averageness and overhype...
Next-Gen remind me of those resurrected traditional martial arts, they are fancy, sweet choregraphic moves, attractive to beginners and make them feeling invincible but in the end, they get totally destroyed in a street fight...
To those misled souls that pay for it, i will say : refund time! Because with a bit of learning and some free tools, you will have better security.

Itwt
 
I would love to see how the Invincea X compares to cylance. Seems like cylance does not train their model well at all. Thanks for the post sis!
I've never had the honor of looking into Invincea X but it would definitely be an interesting spectate. Doesn't SOPHOS own it though? If I remember correctly, it's by the same company that Sandboxie was from, but then SOPHOS bought that company and starting implementing the technology into their own services whilst using their own resources to improve it.

If I am right, it should be worth noting that SOPHOS is a very valuable company, especially now. The Surfright acquisition did very well for them because of HitmanPro.Alert technology which extensively helped them with the creation of Intercept X.

Cylance is just another Anti-Virus and one guy got triggered by it
Did you mean my post? I'm very sorry if you did, I wasn't trying to come off as a Cylance fan. I think they are mediocre, not any better than the other fish in the sea, but definitely not the worst.

I do not think the Smart Anti-Virus would be convenient for a novice because of its limitations (and they still need a lot more time to keep maturing and improving their data-sets) but it might be a good companion for an advanced user. For enterprise, I'd rather go elsewhere than use their enterprise version.

The Artificial Intelligence in Cylance is bound to be similar to that of what is implemented in other products by already well-known vendors. The truth is, most vendors have their own implementation of Machine Learning/Artificial Intelligence (you can slap on either names really) and most lean towards the cloud for it to lean off resource usage on the clients machine (e.g. Microsoft Azure, Amazon Web Services, etc.). The ML/Ai traditionally found in an Anti-Virus/Internet Security/Endpoint solution is going to evolve around training with a wide select of samples, causing the flagging of samples which are < or > alike the trained samples. Some forms of ML/Ai can be more complex though depending on the approach.
 

Inquisitive

Level 1
I'd avoid Cylance just for its false positives. The sheer amount of things it flags as "Unsafe" is baffling. I would not consider this Next-Gen, I'd consider this insane. I tested out Cylance a few days ago and it quarantined A LOT of safe important signed files for programs I need. There's no excusing this.
 
Top