Cylance Articles & thoughts

[Burrito]

Just some general Cylance stuff for those who are not familiar --

Cylance Smart Antivirus Wants to Hand Malware Protection Over to AI | Digital Trends

Ditching signatures, Cylance Smart Antivirus is now available for consumers and it only offers AI protection. That machine learning algorithm though, is all you need, according to Cylance's senior VP, Christopher Bray. Can an AI really protect us from malware of today and tomorrow with no help...

www.digitaltrends.com

Silencing Malware with AI

Cylance's Stuart McClure is on a personal mission to change anti-malware protection. After more than two decades in the industry, he believes malware attacks today can be prevented not with signature and heuristic files but with first-generation AI-driven anti-malware products.

www.forbes.com

And for those who have not seen the test where Cylance was tested for 'predictive' capability, it's kind of interesting.

Our Reports - SE Labs

selabs.uk

Go here, and click on this---

=================

I know that both @ForgottenSeer 58943 and I hated Cylance when it first came out. Go back in MT and look at what Sly used to say about Cylance...

But we both became converts. It's so light it's literally unnoticeable. And for next-gen malware, it seems to be hard to beat.

All that stated, I see the current Cylance advantage in unknown / zero-day threats decreasing over time as Cylance grows.

As an aside, I've been playing with a CrowdStrike Falcon unmanaged client -- and I like a lot. I don't think it's as 'smart' as Cylance, but it covers more spectrum. Like Cylance, you will see CrowdStrike coming out with a consumer version.

Cylance used to be the company cherry-picking some of our top talent (I work for a very large entity). Now there is an up and coming company (a subsidiary of a huge company) in Maryland, USA that has the money to pay the top talent more than anybody.... and some of my former colleagues took the money and ran... and they are working on some sort of mysterious project... and I have a feeling that they will develop the 'next thing.'

 

[jrw666]

So is Cylance something you can install along side another AV, such as ESET, Emsisoft?

 

[Threadripper]

Seems interesting, but it's not much more than a companion AV (a very powerful companion, but still a companion) and I won't be purchasing it along with something else.

 

[Burrito]

So is Cylance something you can install along side another AV, such as ESET, Emsisoft?

Yep, and you should -- in my opinion.

I've run it with.... Norton, MBAM, CrowdStrike, McAfee, GDATA, Emsisoft, VooDoo.... with no issues. YMMV

I think @Nightwalker ran it with ESET, but I'm not sure.

On one laptop that I use for international travel, I experimentally put Norton, MBAM & Cylance with a bunch of extensions and a few other things on a laptop. It was an experiment that I thought would not work. I had a clean image ready to go. I ended up leaving it that way. It runs well.. strangely enough. Some countries are very skilled at wirelessly clandestinely getting into your laptop if you might be a person of interest.

Kaspersky is particularly finicky with other software. I'd advise backup prior to trying that.

 

[jrw666]

Thanks, I use Emsisoft and OSArmor so think I'll try adding it to my arsenal. Shame theres no free trial.

 

[Nightwalker]

Yep, and you should -- in my opinion.

I've run it with.... Norton, MBAM, CrowdStrike, McAfee, GDATA, Emsisoft, VooDoo.... with no issues. YMMV

I think @Nightwalker ran it with ESET, but I'm not sure.

On one laptop that I use for international travel, I experimentally put Norton, MBAM & Cylance with a bunch of extensions and a few other things on a laptop. It was an experiment that I thought would not work. I had a clean image ready to go. I ended up leaving it that way. It runs well.. strangely enough. Some countries are very skilled at wirelessly clandestinely getting into your laptop if you might be a person of interest.

Kaspersky is particularly finicky with other software. I'd advise backup prior to trying that.

You are right my friend; some time ago I ran ESET with Cylance and it worked perfectly, almost no system impact or conflict.

Kaspersky is a bit complicated, it is best to leave it alone, it doesnt like complementary security software.



Pair Cylance with Malwarebytes Browser extension, SysHardener tweaks and OSArmor protection to get a powerful and yet light setup; this is my favorite Cylance combo.

 

[Burrito]

Thanks, I use Emsisoft and OSArmor so think I'll try adding it to my arsenal. Shame theres no free trial.

I can give you 2 free months if you are interested.

Just PM me.

 

[ForgottenSeer 58943]

Some countries are very skilled at wirelessly clandestinely getting into your laptop if you might be a person of interest.

You should have seen in Sochi, the skill level at wirelessly interdicting a laptop (Win) was a sight to behold.

 

[Lightning_Brian]

@Nightwalker

I like your recommendation for Cylance paired up with the Malwarebytes Browser extension, SysHardener and OSArmor. Tweaking everything just right I can see how this could be a light yet very powerful setup. I'd probably even throw in VoodooShield in the mix to tighten things down a bit more, but that is a powerful setup.

ESET and Cylance does go together quite nice. I have even tried Cylance with Norton Premium a long time ago. May be nice to see how it works in its newer form now.

~Brian

 

[gery79]

Thanks, I use Emsisoft and OSArmor so think I'll try adding it to my arsenal. Shame theres no free trial.

you dont need it and will probably be overkill

 

[Antimalware18]

Is this something that can completely replace my current av solution? Like currently I'm using 360 TS and OSarmor
could I replace 360 with Cylance?

 

[Lightning_Brian]

@Antimalware18 I would not say that this is something that would completely replace any AV for an average user, but more so a complement a AV. However, it all depends on how careful you are and if you will be using other tools to lock your computer down with. If you are a careful user with experience I could see it replacing a AV. It is a fine line though..

Edit: Companies are starting to jump into using this solution for their endpoints.

~Brian

 

[oldschool]

@Antimalware18 I would not say that this is something that would completely replace any AV for an average user, but more so a complement a AV. However, it all depends on how careful you are and if you will be using other tools to lock your computer down with. If you are a careful user with experience I could see it replacing a AV. It is a fine line though..

~Brian

+ 1 on both points! Lightest, fastest I've ever used. It ought to be because it doesn't do anything! ( that is, no scanning! )

 

[DeepWeb]

No thanks. Every major AV has machine learning. It's about having a low FPs and giving me control on what to do. Plus it can't protect you from phishing. My biggest problem however is that there are free alternatives that are superior. So why pay for this?

 

[Burrito]

Is this something that can completely replace my current av solution? Like currently I'm using 360 TS and OSarmor
could I replace 360 with Cylance?

Yes. But.... I'd add other stuff to make sure all the holes are covered.

I'm not sure if it's changed, but Cylance at one time did not scan Doc and PDF files.

Windows Defender, MBAM Pro... or other AV, or with mitigations as @Nightwalker mentioned above.

Cylance and VooDoo with Syshardener would be super light and effective.

 

[Lightning_Brian]

+ 1 on both points! Lightest, fastest I've ever used. It ought to be because it doesn't do anything! ( that is, no scanning! )

@oldschool Thanks! I say the software has a lot going for it. I need to get my hands back on that product and see how it works with ESET and Norton or even Bitdefender!

I know I had to do a triple take when I heard BlackBerry purchased Cylance...

No thanks. Every major AV has machine learning. It's about having a low FPs and giving me control on what to do. Plus it can't protect you from phishing. My biggest problem however is that there are free alternatives that are superior. So why pay for this?

@DeepWeb You got a good point there... There are some free alternatives out there that may (or even does) out do Cylance in some aspects. However, again I'd have to get my hands back on the product to confirm. If things are still the same from the days I was trialing it out you'd be correct.

~Brian

 

[Deckard]

...I'm not sure if it's changed, but Cylance at one time did not scan Doc and PDF files. ...

Yes. On their website, faq section, they say:
"Cylance Smart Antivirus only scans Portable Executable Files (PE), such as .exe, .dll etc.
Cylance Smart Antivirus does not do a traditional background threat detection, and will only scan active and opened files and processes. If a file on a secondary drive like an external hard drive is opened/copied/moved, this will trigger a process attached to the file at while point the Cylance Smart Antivirus Agent would scan it.
"

 

[artek]

Is this something that can completely replace my current av solution? Like currently I'm using 360 TS and OSarmor
could I replace 360 with Cylance?

@Antimalware18 I would not say that this is something that would completely replace any AV for an average user, but more so a complement a AV. However, it all depends on how careful you are and if you will be using other tools to lock your computer down with. If you are a careful user with experience I could see it replacing a AV. It is a fine line though..

Edit: Companies are starting to jump into using this solution for their endpoints.

~Brian

I would pick one AV solution. The tests that I have seen put Cylance's detection rate close to or better than many major anti-virus vendors and I'm not convinced you're adding any protection benefit by layering av-scanning tech one on top of the other. For example, let's say Norton detects 98.5% of widely distributed malware and 360 TS detects 99%, is the added performance impact worth the minuscule boost in protection rate? The setup with Cylance and OSarmor should be just as effective as 360 TS +Cylance + OSarmor and will have a much lower performance impact.

 

[Moonhorse]

If the performance is their slogan, and the problem for someone that ends up paying for this antivirus, i would instead suggest to upgrade either your CPU or GPU with that 40€

One can even disable antivirus completely and still has better protection by tweaking either their antivirus or config

Pros of cylance for me is that their website is eye candy for sure

 

[artek]

Some quotes I cherry picked:
“It does not cover ALL types of malware and threats, and is much more prone to false positives,” Pedro Bustamante, the VP of Products & Research at Malwarebytes, told us. “[We] implement machine learning as one of the detection layers in its protection stack. It is not the main layer, but it is an important layer.”

And the verdict from the SElabs test:
"For this reason a version of CylancePROTECT from early 2015 was used against threats from 2016, 2017 and 2018."
"Generally speaking it was effective, without updates, against threats just over two years into the future."

I guess I might get a little vitriolic here but it's sort of twinged my lesser nature that a company that's gotten a 27% protection accuracy rating on the SE Labs endpoint test is going to start throwing out accusations that another company isn't going to cover ALL types of malware and threats. I guess if you have it listed as a feature somewhere in the settings that a product detects scripts, exploits, word documents, loaded pdf files, it doesn't actually matter that you demonstrate that your product can do so effectively. It just matters that it's there, listed somewhere in the feature set so that any tom, dick, and harry can go to your website and proclaim that you cover those areas better than another product. 27 percent is so abysmal that I'd be willing to bet money that you could pull someone at random off the street and have them get a higher score than the malwarebytes product, and I think they should be held up as the poster child for bloated and useless anti-malware features.

Sort of like how most of the Internet security products circa 2014 all had their own independent firewall modules before that single, and rather brutal AV-Comparatives expose on how dreadful the majority those firewall implementations were versus the windows firewall. Many of their products are now using addons to the windows firewall, but they're still happy to charge you those hefty internet security prices.

I guess my point is this: Just because a vendor is slathering and heaping features into an internet-security implementation, doesn't mean that it will protect you any better than a product that's not participating in the feature-set list wars.