App Review Crowdstrike Falcon Review | Tested vs Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Wraith

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
ForgottenSeer 58943 said:
Everyone knows about your longstanding vendetta against Dan. So let's get that out there for posterity so people know there is a history and we can move on to more important matters.

Get Cylance or Crowdstrike+VS (Always On, Aggressive) over to the malware hub in appropriately allocated VM's, throw everything at it, including non-traditional attacks and lets see the test results. I think it would be interesting.

Back on topic, I think CS is an interesting offering, but probably needs some ancillary assistance.
Click to expand...
Cylance + VS won't be much of a test since VS will block all the files from running. It's like testing an AV alongwith AppGuard. :geek: I think a more suitable test will be WD + Cylance to see what benefits these claimed "next-gen" AV's can offer compared to the traditional ones.
 
  • Like
  • +Reputation
Reactions: oldschool, Nightwalker, Divine_Barakah and 1 other person
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,100
ForgottenSeer 58943 said:
Get Cylance or Crowdstrike+VS (Always On, Aggressive) over to the malware hub in appropriately allocated VM's, throw everything at it, including non-traditional attacks and lets see the test results. I think it would be interesting.
Click to expand...

I've been wishing for just this for quite awhile now, but realize that Hub testers have their priorities. Maybe at some point this wish will be realized ... :whistle::whistle::whistle: (y)
 
  • Like
Reactions: harlan4096, roger_m, bribon77 and 5 others
Wraith

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
oldschool said:
I've been wishing for just this for quite awhile now, but realize that Hub testers have their priorities. Maybe at some point this wish will be realized ... :whistle::whistle::whistle: (y)
Click to expand...
Testing Cylance is okay but I'm not so sure about VS. by default VS will block all the samples from being executed since it allows only whitelisted items to be run from user space. It'll be like testing AppGuard that will block all non whitelisted items execution from user space and hence no malware can run. :geek:
 
  • Like
Reactions: harlan4096, upnorth, oldschool and 2 others
A

artek

Level 5
Verified
May 23, 2014
236
devjit2018 said:
Testing Cylance is okay but I'm not so sure about VS. by default VS will block all the samples from being executed since it allows only whitelisted items to be run from user space. It'll be like testing AppGuard that will block all non whitelisted items execution from user space and hence no malware can run. :geek:
Click to expand...

Which is the paradoxical thing to me about most hips programs being advocated for general use by consumers. Most of them are getting infected by files they're choosing to run. And when you're not a novice user you're not going to run those files anyway so what's the point?
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Venustus, upnorth and 1 other person
oldschool

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,100
devjit2018 said:
Testing Cylance is okay but I'm not so sure about VS. by default VS will block all the samples from being executed since it allows only whitelisted items to be run from user space. It'll be like testing AppGuard that will block all non whitelisted items execution from user space and hence no malware can run. :geek:
Click to expand...

Yes, but I'd add these two points: VS in Autopilot is the recommended mode for testing because it performs most like an AV. And we might recall that Hard_Configurator was tested by @askalan. I appreciated those even if they got a little boring. Where has he been anyway?
 
  • Like
Reactions: Gandalf_The_Grey, Venustus, harlan4096 and 1 other person
Wraith

Wraith

Level 13
Verified
Top Poster
Well-known
Aug 15, 2018
634
oldschool said:
Yes, but I'd add these two points: VS in Autopilot is the recommended mode for testing because it performs most like an AV. And we might recall that Hard_Configurator was tested by @askalan. I appreciated those even if they got a little boring. Where has he been anyway?
Click to expand...
Generally combos are not allowed to be tested in the hub(except SysHardener) since they skew the effectiveness of the suite/AV. In the next malware samples test, I'll make a ESET + VS test for you and PM you the screenshots. :emoji_beer: Sadly I don't have a Cylance license and so can't test it.
 
  • Like
Reactions: Gandalf_The_Grey, Venustus and harlan4096

Similar threads

NB InfoTech
    • Like
App Review Bitdefender vs Ransomware | Bitdefender Total Security Antivirus Review | 2023 [TESTED]
Replies
0
Views
552
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
NB InfoTech
    • Like
App Review Kaspersky Standard Antivirus Review | Kaspersky Standard Antivirus vs 100 + 10 Malware Sample | 2023
Replies
0
Views
804
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
upnorth
    • Like
    • +Reputation
    • Thanks
Security News New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
Replies
0
Views
1,067
Security News
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top