You must remember the new Cylance AV is in Beta if I remember. For example, Voodooshield uses AI plus looks for a valid sig and also runs the file by VirusTotal. The samples I looked at this morning would have been flagged by 27 AV's on VT and so VS would have blocked them even if they were FP's by 27 AV's. With the Cylance Protect portal, When I used CP, it allowed you to run the files by VT also but I don't think CP did that with it's scan on your computer. I have not noticed a section in Cylance AV portal where you can submit the files to VT.
A Cylance Smart Antivirus Quickie
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I see there is a trial but the page you sign up on is looking for a business e-mail addy. Plus after trying to sign up they require your location, phone number ect.
- Dec 29, 2014
- 1,716
You might find this video useful. Is Invincea the same as Sophos? In the video Sophos uses something called Intercept X. Otherwise the products compared are->Symantec, Sophos, ESET, McAfee, and Cylance. Care to note that some regard for the unlikelihood of this kind of attack getting a start is worth recognizing, as mentioned in some of the posts. However, I found it very interesting to see the comparisons in a "hands on" compromise attempt/attack.
Discuss - BSidesMCR 2018: Next Gen AV vs My Shitty Code by James Williams
At least we don't have to paytempmail works haha
The site won't let me enter my state. Every time I do it changes it to a zero and asks me to enter a state. I gave up
EDIT: I tried with IE and that worked. The site just doesn't like Edge I guess
Last edited by a moderator:
The continued evolution of security products is pointing toward AI/ML, that's inevitable. Anyone saying it isn't doesn't really understand the situation out there right now. The reason virtually every company is pushing in that direction isn't for marketing hype, it's because they know their programs can fall flat on their faces in outbreaks if they don't have something capable of spotting newer and/or more advanced attacks, earlier. Trend Micro barely markets their AI/ML, but it's a huge part of their flagship Worry Free line for businesses/corporations. The AI/ML systems have been fully rolled out over their entire product lines including the BEC and AI/ML for Trend HES (Hosted Email Security)
Cylance neglects some fairly big attack vectors, but at the same time those are some of the easiest vectors to cap off with adjunct products. Scripts are perhaps the easiest of them all to cap off and are really a non-issue (or should be) in any environment. (Good god, does ANY company not have GP's pushed out to block script executions in 2018?) I don't think anyone considers Cylance Smart Antivirus an All-In-One Anti-Malware product, do they? Especially after all of us have been saying all along it isn't. So the video really proved nothing other than to substantiate what we've generally all been saying.
I'd give out respects and kudos if someone would make a video after they put Cylance+OSA+Heimdal on a system they've used Syshardener on, then show me videos of non-specific coded/Non-TAO malware being executed, infecting the system and exfiltrating data. But Cylance 'alone' should prove not overly challenging to cherry picked samples without any further thought. (but most solutions wouldn't anyway)
Cylance neglects some fairly big attack vectors, but at the same time those are some of the easiest vectors to cap off with adjunct products. Scripts are perhaps the easiest of them all to cap off and are really a non-issue (or should be) in any environment. (Good god, does ANY company not have GP's pushed out to block script executions in 2018?) I don't think anyone considers Cylance Smart Antivirus an All-In-One Anti-Malware product, do they? Especially after all of us have been saying all along it isn't. So the video really proved nothing other than to substantiate what we've generally all been saying.
I'd give out respects and kudos if someone would make a video after they put Cylance+OSA+Heimdal on a system they've used Syshardener on, then show me videos of non-specific coded/Non-TAO malware being executed, infecting the system and exfiltrating data. But Cylance 'alone' should prove not overly challenging to cherry picked samples without any further thought. (but most solutions wouldn't anyway)
@ForgottenSeer 58943 the thing is if i need to add something to Cylance Smart AV to get a decent setup, why bother buy Cylance, i would just use the "something". So in your example, why bother buy CSAV, i would just use WD + OSA, it is fully free and will perform as good.
Cylance target the home user segment, so they must cover the basic attack vectors. And sadly it fails at it. In corporate environment, it would be no problem because ITs would add complementary tools (SRP, UTMs, etc...). Average home users won't.
Itwt
Cylance target the home user segment, so they must cover the basic attack vectors. And sadly it fails at it. In corporate environment, it would be no problem because ITs would add complementary tools (SRP, UTMs, etc...). Average home users won't.
Itwt
- Apr 13, 2013
- 3,224
Even easier would be a CF alone video showing diverse malware blocked. Oh, wait, I think I've already done one or two...
And regarding Sophos- remember I posted a link to a legitimate application being packed by UPX the other day? This was to demonstrate the FP machine of Cylance. But see who else will arbitrarily mark this as malware?
Antivirus scan for f35843d8b34d5c3bbf96571a62291484edc18a2829234370f580c3ecbc33cb66 at 2018-08-20 00:13:24 UTC - VirusTotal
Reminds me of something from History: Caedite eos. Novit enim Dominus qui sunt eius.
Last edited:
- Jan 29, 2017
- 1,201
But some would say that ComodoSister plays with a stacked deck when dealing baddies to CF... not I, but others
... OTOH no one else has stepped forward to take down CF@CS ... O the paranoid life we lead...WD is pretty much established as a system hog. I am always amazed at how fat and useless my systems feel after I do a fresh W10 restore. Once WD is disabled, they fly like the wind again. For that reason alone, I'd use Cylance over WD (with appropriately addressing vectors) Your other points are very valid though. Using Cylance alone would be a mistake and a home user would be misled by it - potentially - thinking they are fully protected when clearly, they wouldn't be with vanilla Cylance. Average home users would be far far better suited to 'anything' else. Even McAfee with the new engine introduced in May would provide better protection and cost almost nothing.
But some of us think CF is pretty much garbage and Comodo is just as guilty of this or that as Cylance. (in terms of their company policies, employees, cheesy fake av scare tactics, shady cert dealings, bloatware, etc) Also, since my connection is 1000Mbps, in random testing CF jumped packetloss up, added to pings and exhibited substantial speed degradation to the point I don't even think their FWD is capable of anything I would deem acceptable throughput. Don't even get me started on the LST benchmarks, it fails. Maybe I will make a video.
Last edited by a moderator:
@ForgottenSeer 58943 You are right, WD is a resource hog, i still try to find a free replacement, but honestly spending money on Cylance just for that is nonsense, at least if Cylance was very efficient... But no...
Itwt
Itwt
Last edited by a moderator:
I honestly wish that Microsoft would one day fix this issue, I'm fully confident they are aware of it, its been mentioned for so long that they can't possibly say they didn't know about it. It's one of the reasons that turn off a lot of people from using WD and I believe that if they fixed it a lot more people would use it IMO.
- Jun 12, 2014
- 314
- May 29, 2018
- 2,728
Why is everyone comparing cf ( firewall ) with cylance ( antivirus ) anyways
If its lighter than any else antivirus on market and can compete even , it would be beast agaisnt other competors, and cylance + cf would be as good as any other av + cf
You can look malware hub test avast as standlone usually infected, add sh and its protected
If its lighter than any else antivirus on market and can compete even , it would be beast agaisnt other competors, and cylance + cf would be as good as any other av + cf
You can look malware hub test avast as standlone usually infected, add sh and its protected
Last edited:
- Apr 28, 2017
- 326
- Mar 17, 2016
- 464
I think because CS made the video...
Both function differently, why not?!
- May 29, 2018
- 2,728
Actually wrong thread , my bad
But cylance has it pros, is there any overpowered tweaks that would make it compete alot better than running default in default mode?
Avast is always tested as default, but hardened mode makes it more impressive
Remember though, this is the Smart Anti-Virus we're discussing... which is extremely limited and misses a huge range of attack vectors. It's a simple Anti-Virus relying on ML/Ai models through data-set training, therefore it could be a nice companion alongside other software (or hardware appliances like UTM). I would personally use it as a companion if anything but at the end of the day it is down to you and your needs.
A lot of Cylance competitors (speaking generally here on the AV/IS market and not specifically about ML/Ai technology) have a lot more packed into their home market solutions for home customers. This ranges from Host Intrusion Prevention System (HIPS)/Behavior Blocker (BB) to WFP-based network filtering (network signatures and firewall) and all the way to emulation, safe browser, cloud reputation lookup, etc. Important things to note, as already noted on the forums, is the lack of support for scripts and WOW64 process scanning.
In short, there's usually more going on in the background with solutions from vendors like Trend-Micro, Norton, SOPHOS, Kaspersky, ESET, Qihoo and others. At-least when the protection components are all enabled and working on conjunction with each other to provide the home customer with a solid layered protection approach (e.g. signatures and heuristics for traffic filtering and file scanning, cloud file reputation lookup, behavioral layer for emulation/HIPS/BB, potentially a roll-back feature should the customer still get successfully hit with ransomware and not have a backup of their own, etc.).
If Cylance Smart Anti-Virus wasn't "lighter" than most other well-known and reputable products then I'd be quite worried. The enterprise version of Cylance is far better than the Smart Anti-Virus and covers the customer against a wider threat surface though, so it joins in the competition a bit more with that.
Similar threads
