Cylance Smart Antivirus PC MAG Review

Status
Not open for further replies.

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
  • CONS
    Not included in regular independent lab tests.

LMAO yup, that's PC-MAG right there

Heuristic detection, behavioral analysis, sandboxing, and many other advanced features go into most modern antivirus programs. And Cylance Smart Antivirus uses none of those familiar techniques
Why on earth would Cylance need behavioural analysis and sandboxing if it relies on AI? Does this guy get paid for writing this?
 
Last edited:

Kubla

Level 8
Verified
Jan 22, 2017
355
As noted, Cylance doesn't attempt to identify malware-hosting websites, instead relying on its AI to identify and block the actual malware, no matter where it came from. That makes sense. But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.

This is true, but you can run apps like Heimdal and Hitman Pro Alert along with Cylance to fill that void which is what I did.

In the tests I ran from wicar for example, Cylance alone stopped one, with Heimdal Pro and Hitman Pro alert running, Heimdal stopped most of it what it didn't Hitman did before it ever got to Cylance needing to stop it.
 
F

ForgottenSeer 58943

We're testing Cylance (consumer edition) in the lab.

It's actually really slick. Fast installer. Looks great. Exceedingly lightweight. We're not finding *ANY* telemetry coming off this thing, which is surprising but the SIEM is still pointed at it for more examination. It examines every file activity on your system, even Windows system processes in some cases.

I actually like the fact it doesn't have 'extra' garbage.. I don't want URL scanners, phishing protection, password managers, system cleanup tools or any of that rubbish. Cylance paired with Heimdal should be really good as Heimdal would pick up the slack of Cylance not utilizing HTTP/HTTPS scanning technology. Since Heimdal is better than most AV HTTP/s scanners, it's a better choice IMO.

For some people, for example those with ASUS Trend AiProtection routers, Gryphon Secure Router (ESET/Zvelo), Cujo, Dojo, Norton Sphere, F-Secured Safe Router, Bit Defender box, they certainly would be totally fine running only Cylance on their Windows boxes because the URL scanning heavy lifting is on the router/UTM. Cylance might be a perfect solution for those under those conditions. It might even be enough using Chrome and Google's own site protection, along with just a malware blocking DNS.

Overall - I'm impressed with it. I was super-skeptical at first, largely because of the initial CIA seed money. However the CIA seed money amounts to peanuts now compared to the 500million+ valuation of Cylance, as evidenced by their 800 employees and giant new office. I'm emboldened by the fact you can turn off ALL file submission without risking security, and that they have seemingly decided to forego telemetry gathering and intrusive logging.

cylance1.png


I think their newer competitor is Crowdstrike which has released their Falcon Artificially intelligent endpoint protection. However Crowdstrike, while very advanced, does not sell to consumers.
 

Attachments

  • cylance-headquarters-in-irvine-ca.jpg
    cylance-headquarters-in-irvine-ca.jpg
    132.8 KB · Views: 693

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:
  • Yes, there is a possibility to whitelist. From the web panel.
  • Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
  • No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
  • About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
  • False positives: last version reported 0,0001884% of FP
  • Max. 3% CPU, average 1% CPU, 90MB RAM
  • Totally independant, does not rely or work for any other antivirus or security firm
  • Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
  • Also protects MAC and Linux
  • Inclused Application Control, option to block every installer run after the product has been installed and configured

I share some pictures I took from the panel :)
 

Attachments

  • 2018-07-24 13_11_40-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_11_40-ID de reunión de Zoom_ 848-214-117.png
    275.8 KB · Views: 665
  • 2018-07-24 13_12_24-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_12_24-ID de reunión de Zoom_ 848-214-117.png
    395.5 KB · Views: 631
  • 2018-07-24 13_12_36-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_12_36-ID de reunión de Zoom_ 848-214-117.png
    293.2 KB · Views: 699
  • 2018-07-24 13_12_57-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_12_57-ID de reunión de Zoom_ 848-214-117.png
    265.7 KB · Views: 547
  • 2018-07-24 13_13_20-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_13_20-ID de reunión de Zoom_ 848-214-117.png
    379 KB · Views: 581
  • 2018-07-24 13_15_26-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_15_26-ID de reunión de Zoom_ 848-214-117.png
    289.8 KB · Views: 537
  • 2018-07-24 13_15_56-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_15_56-ID de reunión de Zoom_ 848-214-117.png
    222.9 KB · Views: 538
  • 2018-07-24 13_16_39-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_16_39-ID de reunión de Zoom_ 848-214-117.png
    204.7 KB · Views: 565
  • 2018-07-24 13_17_23-ID de reunión de Zoom_ 848-214-117.png
    2018-07-24 13_17_23-ID de reunión de Zoom_ 848-214-117.png
    362.1 KB · Views: 604
F

ForgottenSeer 58943

I'm contemplating purchasing a consumer subscription. Interested to find out how it performs.

Exceptionally well IMO. I have a 30 day trial consumer edition going through it's paces on testing machines and I am consistently impressed.

CPU use on the consumer version has been tracking at 0.12% over a 24 hour period, which is probably less than anything else on most systems. Total ram use is about 120Mb with all modules included. Total storage space consumed on drive is around 255Mb.
 

Eggnog

Level 3
Verified
Well-known
Mar 21, 2018
108
This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.
 
  • Like
Reactions: Der.Reisende
F

ForgottenSeer 58943

This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.

No bloat. Also, it uses entirely encrypted communication. We've not seen any telemetry going out from it. When the '
Automatically contribute file samples to the Cylance Cloud to perform
deep analysis of the file.' is unchecked, no files are sent at all, even on detection.

I spent about 2 hours trying to infect an isolated test box the other night and failed. But realize that I use existing (and very new) threats, and do not modify them for testing to attempt to bypass security products (that activity can have severe legal consequences).

Cylance could be very disruptive to the home AV market if they keep it up. :unsure: Especially considered how utterly 'crap' most AV's are anymore.
 

Kubla

Level 8
Verified
Jan 22, 2017
355
I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:
  • Yes, there is a possibility to whitelist. From the web panel.
  • Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
  • No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
  • About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
  • False positives: last version reported 0,0001884% of FP
  • Max. 3% CPU, average 1% CPU, 90MB RAM
  • Totally independant, does not rely or work for any other antivirus or security firm
  • Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
  • Also protects MAC and Linux
  • Inclused Application Control, option to block every installer run after the product has been installed and configured

I share some pictures I took from the panel :)

I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:
 

Attachments

  • Cylance1.jpg
    Cylance1.jpg
    93.9 KB · Views: 589
  • Cylance2.jpg
    Cylance2.jpg
    85.9 KB · Views: 518
  • Cylance4.jpg
    Cylance4.jpg
    72.2 KB · Views: 531
  • Cylance3.jpg
    Cylance3.jpg
    64.9 KB · Views: 502
5

509322

I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:

The version you have - probably purchased via Malware Managed or some other 3rd-party Cylance Partner Manager - is not the same as the one that they sell directly to enterprises\corporations. The one you have - which is single-seat subscription-based - is only provided extremely limited access to the web console.

If you want the Big Daddy that gives you full access to all the features, then pay-up... thousands of dollars.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top