App Review Cylance Smart Antivirus 2018 Bypassed

Deleted member 178 · Nov 3, 2018

artek said:
My mistake. I always thought they seperated the two as drive-by-download/drive-by-install.

Drive-by Download is the general term used, like virus.

erreale · Nov 3, 2018

ticklemefeet said:
Are you saying a program like Appguard would be bypassed?

I meant that sandbox and SRP programs are safe. This ransomware (provided that the video is true) is not able to bypass these protections.

artek · Nov 4, 2018

erreale said:
I meant that sandbox and SRP programs are safe. This ransomware (provided that the video is true) is not able to bypass these protections.

It probably won't be safe once that system clock disappears and the tester disables key protection fetures.

Thirio · Nov 4, 2018

Speaking of Cylance A.I.. I noticed the author of this video is the developer of XyWall AntiMalware which claims to have A.I heuristics and uses VirusTotal. Anyone ever use this program before? I tried it out in a VM for only a couple minutes, it has a high detection (and false positive rate). WD detected it as a trojan right away so I ditched it shortly after.

Back to the topic, it seems only CIS was able to prevent this ransomware in the author's test series. The title of the video says bypass but the file was run outside containment on the second try. The takeaway from this video is that some malware won't reveal their true intentions in a sandbox and can surprise the user if they run the file with unlimited access.

ChemicalB · Nov 4, 2018

Not sure if it is the same sample but here the analysis of Kyrox.

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'd3cb8a23a8250177c67a54e02ac33e5bd1c6d3a551c2bc39c660f3f62b7c9a5f.exe'

Nestor · Nov 4, 2018

Thirio said:
Speaking of Cylance A.I.. I noticed the author of this video is the developer of XyWall AntiMalware which claims to have A.I heuristics and uses VirusTotal. Anyone ever use this program before? I tried it out in a VM for only a couple minutes, it has a high detection (and false positive rate). WD detected it as a trojan right away so I ditched it shortly after.

Back to the topic, it seems only CIS was able to prevent this ransomware in the author's test series. The title of the video says bypass but the file was run outside containment on the second try. The takeaway from this video is that some malware won't reveal their true intentions in a sandbox and can surprise the user if they run the file with unlimited access.

CIS and probably Spyshelter will be able to prevent it.

SHvFl · Nov 4, 2018

Thirio said:
Speaking of Cylance A.I.. I noticed the author of this video is the developer of XyWall AntiMalware which claims to have A.I heuristics and uses VirusTotal. Anyone ever use this program before? I tried it out in a VM for only a couple minutes, it has a high detection (and false positive rate). WD detected it as a trojan right away so I ditched it shortly after.

Back to the topic, it seems only CIS was able to prevent this ransomware in the author's test series. The title of the video says bypass but the file was run outside containment on the second try. The takeaway from this video is that some malware won't reveal their true intentions in a sandbox and can surprise the user if they run the file with unlimited access.

Or he fakes results if he is calling pressing run unlimited as bypass. lol

Thirio · Nov 4, 2018

SHvFl said:
Or he fakes results if he is calling pressing run unlimited as bypass. lol

That or he could be clickbaiting for views.

SHvFl · Nov 4, 2018

Thirio said:
That or he could be clickbaiting for views.

Still unethical enough that I personally wouldn't believe anything he posts. Not saying that the products he tested can't be bypassed, i am just saying i wouldn't trust a video he makes showing a bypass.

509322 · Nov 4, 2018

artek said:
It probably won't be safe once that system clock disappears and the tester disables key protection fetures.

If the KyRox sample can run on the real system, then of course it isn't safe.

Properly configured and used SRP will just block the execution of KyRox unless the tester overtly allows it to run.

Deleted member 178 · Nov 4, 2018

If i find a bypass, i wont post it on YouTube, I will make the vendor pay lot of cash. If he refuses or I don't like him, I will expose it on the darknet. LOOOL

DeepWeb · Dec 4, 2018

I think Cylance with AppCheck and a strong Group Policy config would be a great signature free combination that can do most of the job. If I ever get tired of Kaspersky, I might switch to that or maybe set up someone else's computer with that combo.

Search

Search

App Review Cylance Smart Antivirus 2018 Bypassed

Deleted member 178

erreale

Level 9

artek

Level 5

Thirio

Level 3

ChemicalB

Level 8

Nestor

Level 9

SHvFl

Level 35

Thirio

Level 3

SHvFl

Level 35

509322

Deleted member 178

DeepWeb

Level 25

You may also like...