Sidebar

Update Cylance Smart Antivirus PC MAG Review

Status
Not open for further replies.
RoboMan

RoboMan

Level 25
Content Creator
Verified
  • CONS
    Not included in regular independent lab tests.
LMAO yup, that's PC-MAG right there

Heuristic detection, behavioral analysis, sandboxing, and many other advanced features go into most modern antivirus programs. And Cylance Smart Antivirus uses none of those familiar techniques
Click to expand...
Why on earth would Cylance need behavioural analysis and sandboxing if it relies on AI? Does this guy get paid for writing this?
 
Last edited:
Reactions: Eggnog, frogboy, upnorth and 6 others
K

Kubla

Level 6
As noted, Cylance doesn't attempt to identify malware-hosting websites, instead relying on its AI to identify and block the actual malware, no matter where it came from. That makes sense. But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.
Click to expand...
This is true, but you can run apps like Heimdal and Hitman Pro Alert along with Cylance to fill that void which is what I did.

In the tests I ran from wicar for example, Cylance alone stopped one, with Heimdal Pro and Hitman Pro alert running, Heimdal stopped most of it what it didn't Hitman did before it ever got to Cylance needing to stop it.
 
Slyguy

Slyguy

Level 40
We're testing Cylance (consumer edition) in the lab.

It's actually really slick. Fast installer. Looks great. Exceedingly lightweight. We're not finding *ANY* telemetry coming off this thing, which is surprising but the SIEM is still pointed at it for more examination. It examines every file activity on your system, even Windows system processes in some cases.

I actually like the fact it doesn't have 'extra' garbage.. I don't want URL scanners, phishing protection, password managers, system cleanup tools or any of that rubbish. Cylance paired with Heimdal should be really good as Heimdal would pick up the slack of Cylance not utilizing HTTP/HTTPS scanning technology. Since Heimdal is better than most AV HTTP/s scanners, it's a better choice IMO.

For some people, for example those with ASUS Trend AiProtection routers, Gryphon Secure Router (ESET/Zvelo), Cujo, Dojo, Norton Sphere, F-Secured Safe Router, Bit Defender box, they certainly would be totally fine running only Cylance on their Windows boxes because the URL scanning heavy lifting is on the router/UTM. Cylance might be a perfect solution for those under those conditions. It might even be enough using Chrome and Google's own site protection, along with just a malware blocking DNS.

Overall - I'm impressed with it. I was super-skeptical at first, largely because of the initial CIA seed money. However the CIA seed money amounts to peanuts now compared to the 500million+ valuation of Cylance, as evidenced by their 800 employees and giant new office. I'm emboldened by the fact you can turn off ALL file submission without risking security, and that they have seemingly decided to forego telemetry gathering and intrusive logging.

cylance1.png


I think their newer competitor is Crowdstrike which has released their Falcon Artificially intelligent endpoint protection. However Crowdstrike, while very advanced, does not sell to consumers.
 

Attachments

Reactions: motox781, conceptualclarity, tonibalas and 10 others
RoboMan

RoboMan

Level 25
Content Creator
Verified
I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:
  • Yes, there is a possibility to whitelist. From the web panel.
  • Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
  • No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
  • About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
  • False positives: last version reported 0,0001884% of FP
  • Max. 3% CPU, average 1% CPU, 90MB RAM
  • Totally independant, does not rely or work for any other antivirus or security firm
  • Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
  • Also protects MAC and Linux
  • Inclused Application Control, option to block every installer run after the product has been installed and configured
I share some pictures I took from the panel :)
 

Attachments

Reactions: Der.Reisende, motox781, stefanos and 10 others
Slyguy

Slyguy

Level 40
In2an3_PpG said:
I'm contemplating purchasing a consumer subscription. Interested to find out how it performs.
Click to expand...
Exceptionally well IMO. I have a 30 day trial consumer edition going through it's paces on testing machines and I am consistently impressed.

CPU use on the consumer version has been tracking at 0.12% over a 24 hour period, which is probably less than anything else on most systems. Total ram use is about 120Mb with all modules included. Total storage space consumed on drive is around 255Mb.
 
Reactions: Der.Reisende, upnorth, conceptualclarity and 6 others
E

Eggnog

Level 1
This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.
 
Reactions: Der.Reisende
Slyguy

Slyguy

Level 40
Eggnog said:
This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.
Click to expand...
No bloat. Also, it uses entirely encrypted communication. We've not seen any telemetry going out from it. When the '
Automatically contribute file samples to the Cylance Cloud to perform
deep analysis of the file.' is unchecked, no files are sent at all, even on detection.

I spent about 2 hours trying to infect an isolated test box the other night and failed. But realize that I use existing (and very new) threats, and do not modify them for testing to attempt to bypass security products (that activity can have severe legal consequences).

Cylance could be very disruptive to the home AV market if they keep it up. :unsure: Especially considered how utterly 'crap' most AV's are anymore.
 
Reactions: Der.Reisende, upnorth, harlan4096 and 3 others
K

Kubla

Level 6
RoboMan said:
I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:
  • Yes, there is a possibility to whitelist. From the web panel.
  • Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
  • No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
  • About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
  • False positives: last version reported 0,0001884% of FP
  • Max. 3% CPU, average 1% CPU, 90MB RAM
  • Totally independant, does not rely or work for any other antivirus or security firm
  • Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
  • Also protects MAC and Linux
  • Inclused Application Control, option to block every installer run after the product has been installed and configured
I share some pictures I took from the panel :)
Click to expand...
I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:
 

Attachments

Reactions: Der.Reisende, RoboMan and harlan4096
Lockdown

Lockdown

Level 54
Verified
Kubla said:
I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:
Click to expand...
The version you have - probably purchased via Malware Managed or some other 3rd-party Cylance Partner Manager - is not the same as the one that they sell directly to enterprises\corporations. The one you have - which is single-seat subscription-based - is only provided extremely limited access to the web console.

If you want the Big Daddy that gives you full access to all the features, then pay-up... thousands of dollars.
 
Reactions: Der.Reisende, upnorth, RoboMan and 1 other person
Status
Not open for further replies.

Similar Threads

Similar Threads

New Posts Log In

Latest Posts

Latest Threads