Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
CrowndStrike Falcon Endpoint Security
Message
<blockquote data-quote="ShenguiTurmi" data-source="post: 1031386" data-attributes="member: 99409"><p>Good test, but I want to make two points a bit clear.</p><p>The first is that there is no EDR. The authorization for testing in the video is the Falcon Pro I purchased, which only includes NGAV and threat intelligence information, as well as a limited number of sandboxes. A version fully equipped with EDR will cost more than twice the price of my version.</p><p>[ATTACH=full]273739[/ATTACH]</p><p>(Falcon Elite has not listed a price on its official website, but they previously quoted me 185 USD/device/year. Given that their average price has increased by 30%, I believe the current price is 200 USD or more)</p><p></p><p>Another point is that enhanced detection for JS and VBS does not seem to be turned on (I checked my default policy...), and only a small portion of enhanced detection for PS is turned on</p><p>They have relatively high hardware requirements for memory payload detection. The basic condition is that the CPU supports Intel TDT (skylake or newer architecture and not supported any AMD cpu), and the device needs to have a GPU they support. This may be why memory detection did not take effect in this test.</p><p>Of course, I don't recommend buying crowdstrike because due to the high price.</p><p></p><p>Also, I observed something interesting.</p><p>This one, which is probably relevant to almost all "Next-Gen Antivirus", is that they are not really 100% machine learning based. I've encountered some samples in the real world that initially bypassed almost machine learning (including crowdstrike sensor based ML) and only saw single digit detections in Virustotal. But after a while, maybe the next day, you can find crowdstrike detecting them as cloud based ML, and I find it hard to believe that they were trained overnight for that, I tend to think it is a kind of hash pulling and then marking them as ML detections (after all, cloud ML models are not sent down to the user locally), this phenomenon is more than crowdstrike has, but also many other NGAVs, such as cynet sone cyberason cylance paloalto.</p></blockquote><p></p>
[QUOTE="ShenguiTurmi, post: 1031386, member: 99409"] Good test, but I want to make two points a bit clear. The first is that there is no EDR. The authorization for testing in the video is the Falcon Pro I purchased, which only includes NGAV and threat intelligence information, as well as a limited number of sandboxes. A version fully equipped with EDR will cost more than twice the price of my version. [ATTACH type="full" alt="QQ截图20230320054402.png"]273739[/ATTACH] (Falcon Elite has not listed a price on its official website, but they previously quoted me 185 USD/device/year. Given that their average price has increased by 30%, I believe the current price is 200 USD or more) Another point is that enhanced detection for JS and VBS does not seem to be turned on (I checked my default policy...), and only a small portion of enhanced detection for PS is turned on They have relatively high hardware requirements for memory payload detection. The basic condition is that the CPU supports Intel TDT (skylake or newer architecture and not supported any AMD cpu), and the device needs to have a GPU they support. This may be why memory detection did not take effect in this test. Of course, I don't recommend buying crowdstrike because due to the high price. Also, I observed something interesting. This one, which is probably relevant to almost all "Next-Gen Antivirus", is that they are not really 100% machine learning based. I've encountered some samples in the real world that initially bypassed almost machine learning (including crowdstrike sensor based ML) and only saw single digit detections in Virustotal. But after a while, maybe the next day, you can find crowdstrike detecting them as cloud based ML, and I find it hard to believe that they were trained overnight for that, I tend to think it is a kind of hash pulling and then marking them as ML detections (after all, cloud ML models are not sent down to the user locally), this phenomenon is more than crowdstrike has, but also many other NGAVs, such as cynet sone cyberason cylance paloalto. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
