ticklemefeet

Jan 31, 2018
1,300
3,258
Level 24
You must remember the new Cylance AV is in Beta if I remember. For example, Voodooshield uses AI plus looks for a valid sig and also runs the file by VirusTotal. The samples I looked at this morning would have been flagged by 27 AV's on VT and so VS would have blocked them even if they were FP's by 27 AV's. With the Cylance Protect portal, When I used CP, it allowed you to run the files by VT also but I don't think CP did that with it's scan on your computer. I have not noticed a section in Cylance AV portal where you can submit the files to VT.
 

ticklemefeet

Jan 31, 2018
1,300
3,258
Level 24
Invincea does the deep learning for intercept X. Was out at the beggining of this year. It would be nice to see a test of this. It's always under the radar and was excluded from nss test this year.

I see there is a trial but the page you sign up on is looking for a business e-mail addy. Plus after trying to sign up they require your location, phone number ect.
 

AtlBo

Dec 29, 2014
1,687
7,312
Level 27
Verified
Content Creator
I would love to see how the Invincea X compares to cylance. Seems like cylance does not train their model well at all. Thanks for the post sis!

You might find this video useful. Is Invincea the same as Sophos? In the video Sophos uses something called Intercept X. Otherwise the products compared are->Symantec, Sophos, ESET, McAfee, and Cylance. Care to note that some regard for the unlikelihood of this kind of attack getting a start is worth recognizing, as mentioned in some of the posts. However, I found it very interesting to see the comparisons in a "hands on" compromise attempt/attack.

Discuss - BSidesMCR 2018: Next Gen AV vs My Shitty Code by James Williams
 

Slyguy

Jan 27, 2017
3,328
14,273
Level 44
The continued evolution of security products is pointing toward AI/ML, that's inevitable. Anyone saying it isn't doesn't really understand the situation out there right now. The reason virtually every company is pushing in that direction isn't for marketing hype, it's because they know their programs can fall flat on their faces in outbreaks if they don't have something capable of spotting newer and/or more advanced attacks, earlier. Trend Micro barely markets their AI/ML, but it's a huge part of their flagship Worry Free line for businesses/corporations. The AI/ML systems have been fully rolled out over their entire product lines including the BEC and AI/ML for Trend HES (Hosted Email Security)

Cylance neglects some fairly big attack vectors, but at the same time those are some of the easiest vectors to cap off with adjunct products. Scripts are perhaps the easiest of them all to cap off and are really a non-issue (or should be) in any environment. (Good god, does ANY company not have GP's pushed out to block script executions in 2018?) I don't think anyone considers Cylance Smart Antivirus an All-In-One Anti-Malware product, do they? Especially after all of us have been saying all along it isn't. So the video really proved nothing other than to substantiate what we've generally all been saying.

I'd give out respects and kudos if someone would make a video after they put Cylance+OSA+Heimdal on a system they've used Syshardener on, then show me videos of non-specific coded/Non-TAO malware being executed, infecting the system and exfiltrating data. But Cylance 'alone' should prove not overly challenging to cherry picked samples without any further thought. (but most solutions wouldn't anyway)
 
D

Deleted member 178

@Slyguy the thing is if i need to add something to Cylance Smart AV to get a decent setup, why bother buy Cylance, i would just use the "something". So in your example, why bother buy CSAV, i would just use WD + OSA, it is fully free and will perform as good.
Cylance target the home user segment, so they must cover the basic attack vectors. And sadly it fails at it. In corporate environment, it would be no problem because ITs would add complementary tools (SRP, UTMs, etc...). Average home users won't.


Itwt
 

cruelsister

Apr 13, 2013
2,696
17,036
Level 37
Verified
Trusted
Content Creator
I'd give out respects and kudos if someone would make a video after they put Cylance+OSA+Heimdal on a system they've used Syshardener on, then show me videos of non-specific coded/Non-TAO malware being executed, infecting the system and exfiltrating data.

Even easier would be a CF alone video showing diverse malware blocked. Oh, wait, I think I've already done one or two...

And regarding Sophos- remember I posted a link to a legitimate application being packed by UPX the other day? This was to demonstrate the FP machine of Cylance. But see who else will arbitrarily mark this as malware?

Antivirus scan for f35843d8b34d5c3bbf96571a62291484edc18a2829234370f580c3ecbc33cb66 at 2018-08-20 00:13:24 UTC - VirusTotal

Reminds me of something from History: Caedite eos. Novit enim Dominus qui sunt eius.
 
Last edited:

Telos

Jan 29, 2017
999
3,522
Level 20
Verified
Content Creator
Even easier would be a CF alone video showing diverse malware blocked. Oh, wait, I think I've already done one or two...
But some would say that ComodoSister plays with a stacked deck when dealing baddies to CF... not I, but others :eek:... OTOH no one else has stepped forward to take down CF@CS ... O the paranoid life we lead...
 

Slyguy

Jan 27, 2017
3,328
14,273
Level 44
@Slyguy the thing is if i need to add something to Cylance Smart AV to get a decent setup, why bother buy Cylance, i would just use the "something". So in your example, why bother buy CSAV, i would just use WD + OSA, it is fully free and will perform as good.
Cylance target the home user segment, so they must cover the basic attack vectors. And sadly it fails at it. In corporate environment, it would be no problem because ITs would add complementary tools (SRP, UTMs, etc...). Average home users won't.


Itwt

WD is pretty much established as a system hog. I am always amazed at how fat and useless my systems feel after I do a fresh W10 restore. Once WD is disabled, they fly like the wind again. For that reason alone, I'd use Cylance over WD (with appropriately addressing vectors) Your other points are very valid though. Using Cylance alone would be a mistake and a home user would be misled by it - potentially - thinking they are fully protected when clearly, they wouldn't be with vanilla Cylance. Average home users would be far far better suited to 'anything' else. Even McAfee with the new engine introduced in May would provide better protection and cost almost nothing.
 

Slyguy

Jan 27, 2017
3,328
14,273
Level 44
Even easier would be a CF alone video showing diverse malware blocked. Oh, wait, I think I've already done one or two...

But some of us think CF is pretty much garbage and Comodo is just as guilty of this or that as Cylance. (in terms of their company policies, employees, cheesy fake av scare tactics, shady cert dealings, bloatware, etc) Also, since my connection is 1000Mbps, in random testing CF jumped packetloss up, added to pings and exhibited substantial speed degradation to the point I don't even think their FWD is capable of anything I would deem acceptable throughput. Don't even get me started on the LST benchmarks, it fails. Maybe I will make a video.
 
Last edited:

Raiden

May 7, 2018
864
6,928
Level 18
Verified
Content Creator
You are right WDis a resource hog, i still try to fond a free replacement, but honestly spend money on Cylance just for that is nonsense, at least if Cylance was very efficient... But no...

Itwt

I honestly wish that Microsoft would one day fix this issue, I'm fully confident they are aware of it, its been mentioned for so long that they can't possibly say they didn't know about it. It's one of the reasons that turn off a lot of people from using WD and I believe that if they fixed it a lot more people would use it IMO.
 

Moonhorse

May 29, 2018
1,839
8,671
Level 29
Verified
Content Creator
Why is everyone comparing cf ( firewall ) with cylance ( antivirus ) anyways

If its lighter than any else antivirus on market and can compete even , it would be beast agaisnt other competors, and cylance + cf would be as good as any other av + cf

You can look malware hub test avast as standlone usually infected, add sh and its protected
 
Last edited:

Moonhorse

May 29, 2018
1,839
8,671
Level 29
Verified
Content Creator
I think because CS made the video...


Both function differently, why not?!
Actually wrong thread , my bad

But cylance has it pros, is there any overpowered tweaks that would make it compete alot better than running default in default mode?

Avast is always tested as default, but hardened mode makes it more impressive
 

Libera Milanesi

Aug 19, 2018
52
166
Level 2
If its lighter than any else antivirus on market and can compete even , it would be beast agaisnt other competors, and cylance + cf would be as good as any other av + cf
Remember though, this is the Smart Anti-Virus we're discussing... which is extremely limited and misses a huge range of attack vectors. It's a simple Anti-Virus relying on ML/Ai models through data-set training, therefore it could be a nice companion alongside other software (or hardware appliances like UTM). I would personally use it as a companion if anything but at the end of the day it is down to you and your needs.

A lot of Cylance competitors (speaking generally here on the AV/IS market and not specifically about ML/Ai technology) have a lot more packed into their home market solutions for home customers. This ranges from Host Intrusion Prevention System (HIPS)/Behavior Blocker (BB) to WFP-based network filtering (network signatures and firewall) and all the way to emulation, safe browser, cloud reputation lookup, etc. Important things to note, as already noted on the forums, is the lack of support for scripts and WOW64 process scanning.

In short, there's usually more going on in the background with solutions from vendors like Trend-Micro, Norton, SOPHOS, Kaspersky, ESET, Qihoo and others. At-least when the protection components are all enabled and working on conjunction with each other to provide the home customer with a solid layered protection approach (e.g. signatures and heuristics for traffic filtering and file scanning, cloud file reputation lookup, behavioral layer for emulation/HIPS/BB, potentially a roll-back feature should the customer still get successfully hit with ransomware and not have a backup of their own, etc.).

If Cylance Smart Anti-Virus wasn't "lighter" than most other well-known and reputable products then I'd be quite worried. The enterprise version of Cylance is far better than the Smart Anti-Virus and covers the customer against a wider threat surface though, so it joins in the competition a bit more with that.