Cylance Smart Antivirus 2018 Bypassed
- Thread starter erreale
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Oct 22, 2016
- 409
I meant that sandbox and SRP programs are safe. This ransomware (provided that the video is true) is not able to bypass these protections.
It probably won't be safe once that system clock disappears and the tester disables key protection fetures.
- Mar 3, 2017
- 126
Speaking of Cylance A.I.. I noticed the author of this video is the developer of XyWall AntiMalware which claims to have A.I heuristics and uses VirusTotal. Anyone ever use this program before? I tried it out in a VM for only a couple minutes, it has a high detection (and false positive rate). WD detected it as a trojan right away so I ditched it shortly after.
Back to the topic, it seems only CIS was able to prevent this ransomware in the author's test series. The title of the video says bypass but the file was run outside containment on the second try. The takeaway from this video is that some malware won't reveal their true intentions in a sandbox and can surprise the user if they run the file with unlimited access.
Back to the topic, it seems only CIS was able to prevent this ransomware in the author's test series. The title of the video says bypass but the file was run outside containment on the second try. The takeaway from this video is that some malware won't reveal their true intentions in a sandbox and can surprise the user if they run the file with unlimited access.
Not sure if it is the same sample but here the analysis of Kyrox.
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'd3cb8a23a8250177c67a54e02ac33e5bd1c6d3a551c2bc39c660f3f62b7c9a5f.exe'
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'd3cb8a23a8250177c67a54e02ac33e5bd1c6d3a551c2bc39c660f3f62b7c9a5f.exe'
- Apr 21, 2018
- 397
CIS and probably Spyshelter will be able to prevent it.
- Nov 19, 2014
- 2,350
Or he fakes results if he is calling pressing run unlimited as bypass. lol
- Mar 3, 2017
- 126
- Nov 19, 2014
- 2,350
Still unethical enough that I personally wouldn't believe anything he posts. Not saying that the products he tested can't be bypassed, i am just saying i wouldn't trust a video he makes showing a bypass.
If the KyRox sample can run on the real system, then of course it isn't safe.
Properly configured and used SRP will just block the execution of KyRox unless the tester overtly allows it to run.
If i find a bypass, i wont post it on YouTube, I will make the vendor pay lot of cash. If he refuses or I don't like him, I will expose it on the darknet. LOOOL
- Jul 1, 2017
- 1,396
I think Cylance with AppCheck and a strong Group Policy config would be a great signature free combination that can do most of the job. If I ever get tired of Kaspersky, I might switch to that or maybe set up someone else's computer with that combo.
Similar threads
