- Oct 22, 2016
- 409
- Content source
- https://www.youtube.com/watch?v=ZTnySH_58jw
The developer has executed his kyrox ransomware against many security programs. Now he tried against Cylance.
Cylance Smart Antivirus 2018 Bypassed
- Thread starter erreale
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
The developer has executed his kyrox ransomware against many security programs. Now he tried against Cylance.
Completely normal outcome. Recently, also #PyLocky (Comodo signed) got through CSAV. https://www.hybrid-analysis.com/sam...3acf97b52e496265efba5f94dd9?environmentId=100
Cylance is just a basic and light antivirus, nothing else, If you think integrated AI/ML (mathematical algorithm and file classification) is silver bullet, you need to catch a bullet too, I'm sorry.
Cylance is just a basic and light antivirus, nothing else, If you think integrated AI/ML (mathematical algorithm and file classification) is silver bullet, you need to catch a bullet too, I'm sorry.
Last edited by a moderator:
So much for Next-Gen AI\ML:
But hey... at least it doesn't hog your system resources.
But hey... at least it doesn't hog your system resources.
Last edited by a moderator:
- Jul 27, 2015
- 5,459
I need a drink after seen this video. Thanks for the share.
- Oct 22, 2016
- 409
You're right, but it seems that the developer of kyrox ransomware has bypassed several other antivirus.
It's good, because people will maybe start to reconsider their security, that AV's aren't enough and discover Anti-exe/Sanbox/SRP. For changes to take place and people mindset about online security, global digital catastrophy needs happen, and it will, it's just a matter of time.
Last edited by a moderator:
- May 16, 2018
- 1,363
Laughing.... this is good. And this is what products deserve when they promise too much.
Cylance says they are two years ahead of the adversary.
I guess kyrox ransomware is 2.1 years ahead of Cylance.
I (surprisingly) now like Cylance. I think they do have a more effective algorithm for certain classes of malware.
But it should just be a module in a more comprehensive product --- I think.
Cylance says they are two years ahead of the adversary.
I guess kyrox ransomware is 2.1 years ahead of Cylance.
I (surprisingly) now like Cylance. I think they do have a more effective algorithm for certain classes of malware.
But it should just be a module in a more comprehensive product --- I think.
It can be next Ai/ML from another planet and it will still inevitably eventually fail if it is default-allow.
- May 26, 2014
- 1,339
Cylance is a good product, it is very light and unobtrusive with a nice detection rate; the problem is that AI/ML has many limitations and the lack of frequent "training" updates makes it a big problem.
I like the product, but I hate the marketing of Cylance, if Ai/ML was the silver bullet, the end game of malware protection, vendors like Kaspersky/ESET/Norton would love to roll with it alone and discard the old and somewhat expensive signature protection model (human analysts x servers to deliver updates x testing beds).
AI/ML needs constant retraining and updates to stay effective and ahead of the curve, it isnt very different from "traditional" antivirus engines (they are hybrid nowdays anyway) ...
I like the product, but I hate the marketing of Cylance, if Ai/ML was the silver bullet, the end game of malware protection, vendors like Kaspersky/ESET/Norton would love to roll with it alone and discard the old and somewhat expensive signature protection model (human analysts x servers to deliver updates x testing beds).
AI/ML needs constant retraining and updates to stay effective and ahead of the curve, it isnt very different from "traditional" antivirus engines (they are hybrid nowdays anyway) ...
It goes without saying that many other vendors have "Ai/ML" model implementations and have done for several years - some vendors offer their technology to other companies through a licensed SDK as well (Bitdefender and Avira do this).
Cylance would become more known and would make more buck if they followed the SDK route because I am sure they would be able to find companies who would want to adopt their technology alongside their own (be it for non-commercial or commercial reasons).
Cylance would become more known and would make more buck if they followed the SDK route because I am sure they would be able to find companies who would want to adopt their technology alongside their own (be it for non-commercial or commercial reasons).
And I like other security programs that have things get past it the developers at Cylance will hopefully use this example to make their product better.
- Oct 22, 2016
- 409
The problem is that against kyrox ransomware have also failed: Malwarebytes, SecureAPlus, Eset, Avast, Kaspersky..e others. There are many who have to make their products better.
- May 16, 2018
- 1,363
I did a quick Google search and didn't see the answer.... do we know what products were successful in blocking Kyrox?
- Aug 3, 2017
- 58
I wonder what technique this malware uses that no antivirus BB can block it.
- Aug 21, 2013
- 83
All we actually see is the system rebooting and a .NET application (guessing) being automatically ran (preferably via the HKLM/HKCU AutoRun key) which happens to list a bunch of files which may or may not actually exist. Even if the file enumeration is real, that does not mean the files are actually being modified.
I'm not saying that Cylance hasn't been "bypassed" by the author of this video, but I am neither agreeing that it has been - no one has shared concrete evidence to validate that Cylance has been "bypassed" in this video.
There's no point caring about the results of something when there is insufficient evidence to validate whether the source and test conclusion/s are credible or not.
I'm not saying that Cylance hasn't been "bypassed" by the author of this video, but I am neither agreeing that it has been - no one has shared concrete evidence to validate that Cylance has been "bypassed" in this video.
There's no point caring about the results of something when there is insufficient evidence to validate whether the source and test conclusion/s are credible or not.
- Oct 22, 2016
- 409
It certainly does not bypass Comodo sandbox (there is a video showing kyros started in sandbox) and I do not even think of the Srp programs.
- Apr 28, 2015
- 8,655
Probably this is true with default settings, but tweaking properly some of those products...
- Oct 22, 2016
- 409
I absolutely agree with you. The programs have been tested with the default settings and we know very well that with some changes the software greatly improve. But how many users use default settings? I think the majority.
Similar threads
