Cylance Commissioned Test with AV-Test

What do you think of this test?


  • Total voters
    30
D

Deleted member 178

Thread author
Cylance commissioned AV-TEST to perform an advanced threat prevention test of enterprise endpoint protection software. In the test, CylancePROTECT® was pitted against five competing endpoint products from Kaspersky, McAfee, Sophos, Symantec and Trend Micro.

The primary goal of these tests was to show the detection and prevention capabilities of new and unknown malicious executables. The tests that AV-TEST conducted for this report represent a number of significant industry firsts: The first time that a 3rd party testing organization created their own malware in order to conduct testing

  • A third-party testing organization created their own malware in order to conduct testing
  • A testing organization developed new testing methods specifically designed to target next-generation vendors
Download the report to review the results of the four test cases.

Report Result Highlights:

  • “CylancePROTECT doesn't need regular signature updates nor does it require cloud queries to detect new files, even before execution. On the other hand, the other tested products depend on updated signature databases and cloud queries to provide additional levels of detection.”
  • “The tests have shown that CylancePROTECT is able to detect and prevent unknown attacks, while the other vendors have more problems with new attacks.”
  • “This is the first time we tested the marketing claims' of a next-gen vendor and results showed that the claims are indeed backed up by the technology.” Maik Morgenstern - CTO AV-Test
Want to learn more? Download the full report.

Please keep it mind it is a commissioned test (aka made in concert with Cylance).

There the Answered of the other vendors used for this test (which din't even know they were involved)

Vendors respond to Cylance's new testing methods with AV-TEST

Please note that Cylance is based on the "AI" technology.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Lol there are so many samples out there that bypass this solutions that it's pretty easy to get first on a paid test. Just keep testing malware until you find the correct malware they can't stop and you can. Then you call it a blind test and profit.
Maybe i am wrong and they legit are better. Only way to know is to try but they don't want me to do that for some reason. Wonder why...
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I don't think all AI based protection is BS, but I do think Cylance is the king
of BS, and is giving the honest companies like SparkCognition a bad name.
Many BS companies like Cylance have come and gone, and so too will Cylance
just give it time and they too will suffer the fate that companies like them deserve.
Note to readers: BS= Bull Sh!t ;)
Cool Share Umbra !
 
D

Deleted member 178

Thread author
I don't think Cylance will disappear soon unless a big company complete network is brought down by malwares. Cylance has now way too much money and seems to be liked (created?) by the CIA and corporations.
 

Wingman

Level 4
Verified
Well-known
Feb 6, 2017
154
I don't think Cylance will disappear soon unless a big company complete network is brought down by malwares. Cylance has now way too much money and seems to be liked (created?) by the CIA and corporations.

I haven't used it but until they change their EULA I do not think I will

  • By accepting this EULA you accept that, in order to function optimally, the Software downloaded under the terms of this EULA may, on occasion, employ certain tools or applications to transmit certain data, including but not limited to: systems files, dll files; binary files; and/or other executable code, including those which may from time to time be embedded in other file types, (hereinafter “Potentially Suspicious Files”) to secure servers maintained by Cylance for various purposes including to assist us in the provision services to you, in connection with support of Software that you have chosen to download, install or use on your Computer, or to facilitate analysis in order to identify malicious code, malware or other intrusive artifacts (hereinafter “Potentially Malicious Code”) which exist on, or are being introduced to your computer. Potentially Suspicious Files are files for which an existing file signature is not available, or where a signature indicates Potentially Malicious Code. Such information is essential and allows us to improve our Software and provide threat detection services. There is no opt-out available for this information collection. If you do not agree to the collection of the collection of this data you must immediately cease downloading or using the Software and remove it from your computer.
  • By accepting this EULA you accept that, the Software may transmit Potentially Suspicious Files to Cylance and you have explicitly consented thereto when you install the software; if you do not agree to the transmission of Potentially Suspicious Files to Cylance, you must immediately opt out by ceasing any download, installation or use of the software and remove the software from your Computer. You may experience performance loss when such Potentially Suspicious Files are transmitted to Cylance.
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
According to Skipper, testing in a default state will see most of the features in CylancePROTECT turned off.

AV-C tests EVERYTHING with default settings when it involves consumer products, because that's what majority of users use on their systems. For enterprise products, companies can specify prefered settings, because it's assumed admins know what they are doing and can tweak settings beyond what it comes with out of the box and are also tested in such way (which is then stated in the document)

As for AV-C using pirated software, I call that a load of manure. They are reputable institution, they just wouldn't do that. Considering it's a heavily cloud based product, I think they bought the product under unrelated name (so Cylance doesn't know AV-C bought that particular endpoint license) to avoid cheating. I know there was cheating involved in the past by certain vendors through online resources like cloud so such countermeasures by AV-C wouldn't really surprise me...

EDIT:
Also the "Ai" buzzword is such BS. Everyone throwing around this nonsense even though we all well know it's no "Ai". Having a predictor/classifier doesn't make it an "Ai".
 
Last edited:

Wingman

Level 4
Verified
Well-known
Feb 6, 2017
154
But that is google. Who the ##### knows Cylance except weird people like us in forums.

language!!!!!! (just kidding :p)

It's not about the product, it's about the marketing model used. The target group is not consumers which is why there is no consumer version available (you can get it via reseller etc but you can't just buy it from their website). They rely on WOM communication :)
 
Last edited:
W

Wave

Thread author
Sorry but CylancePROTECT is biggest pile of bullshit I've ever laid my eyes on... Unless they use real virtualization technology (like Kaspersky and Comodo do for isolation), then bypassing the product so it isn't even aware of your API calls would be a walk in the park.

The entire "Ai" keyword related to their product is a bunch of bollocks as well, there is so much more to Artificial Intelligence which we haven't even successfully developed yet - I guarantee that they just log the API calls and then work with some sort of scoring system to flag the Portable Executable, or they have a dozen preset rules to flag the executable after a bunch of predefined API calls are made... It's all about monitoring the API calls to monitor the program's behavior; filtering will allow you to know which: registry keys the program is accessing, creating, modifying and removing; files the program is accessing, creating, modifying and removing; processes the program is trying to open a handle to, terminating/suspending, injecting into, etc... List can go on.

Unless they use the hyper-visor for real virtualization techniques, simply working with Assembly to perform direct system calls will bypass their entire API monitoring system. Therefore, hopefully they actually use real virtualization techniques.

That being said, if you can get your hands on the product and are determined enough, just reverse engineer as many components as you can - it might take some time depending on the scenario, however reverse engineering properly with sophisticated software like IDA Pro with debugging will go a long way to reveal critical details of the internals to the product... Once you've gained enough, you can bypass it even easier.

The problem is that it is not easy to get your hands on CylancePROTECT unless you have spare money to spend, and I certainly don't and I can't get it because they ignore my support requests/BugCrowd requests, so I can't do any investigation at all related to custom malware development and testing.

Kaspersky and Comodo use the hyper-visor and they cannot detect all malware, and Emsisoft has an amazing BB which logs API calls to detect behavior and they cannot detect everything either... Nothing is invincible. Sure, CylancePROTECT might be able to protect against all the malware currently in the wild which is made quickly by inexperienced developers who are probably copy-pasting code, but let someone who has been studying Windows Internals and malware development since Windows 2000/XP have a go (you know, the really advanced people on the SysInternals Technet forum who are more than capable of even developing their own Operating System which has x64 support and graphical controls LOL) and you'll watch the entire product fall to it's knees.

ALSO, in the case of a browser exploit where remote code execution is performed by the browser process itself (e.g. which would be trusted) to execute malicious shell-code on the system, what will CylancePROTECT do? Nothing probably.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top