Updates Cylance Smart Antivirus PC MAG Review

[Hawaii007]

FYI
Cylance Smart Antivirus

 

[Deleted member 178]

Another BS review by rubbenking marketing more the vendors he get cash from than talking about the reviewed product...

 

[HarborFront]

Quote from the link

But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.

Hmmmmmm...............

 

[RoboMan]

• CONS
  Not included in regular independent lab tests.

LMAO yup, that's PC-MAG right there

Heuristic detection, behavioral analysis, sandboxing, and many other advanced features go into most modern antivirus programs. And Cylance Smart Antivirus uses none of those familiar techniques

Why on earth would Cylance need behavioural analysis and sandboxing if it relies on AI? Does this guy get paid for writing this?

 

[ESecurity]

Too bad you don't have a free version.

 

[Kubla]

As noted, Cylance doesn't attempt to identify malware-hosting websites, instead relying on its AI to identify and block the actual malware, no matter where it came from. That makes sense. But the absence of URL-monitoring means that Cylance also doesn't offer any protection against phishing sites, those fraudulent websites that trick users into giving away security credentials.

This is true, but you can run apps like Heimdal and Hitman Pro Alert along with Cylance to fill that void which is what I did.

In the tests I ran from wicar for example, Cylance alone stopped one, with Heimdal Pro and Hitman Pro alert running, Heimdal stopped most of it what it didn't Hitman did before it ever got to Cylance needing to stop it.

 

[Slyguy]

We're testing Cylance (consumer edition) in the lab.

It's actually really slick. Fast installer. Looks great. Exceedingly lightweight. We're not finding *ANY* telemetry coming off this thing, which is surprising but the SIEM is still pointed at it for more examination. It examines every file activity on your system, even Windows system processes in some cases.

I actually like the fact it doesn't have 'extra' garbage.. I don't want URL scanners, phishing protection, password managers, system cleanup tools or any of that rubbish. Cylance paired with Heimdal should be really good as Heimdal would pick up the slack of Cylance not utilizing HTTP/HTTPS scanning technology. Since Heimdal is better than most AV HTTP/s scanners, it's a better choice IMO.

For some people, for example those with ASUS Trend AiProtection routers, Gryphon Secure Router (ESET/Zvelo), Cujo, Dojo, Norton Sphere, F-Secured Safe Router, Bit Defender box, they certainly would be totally fine running only Cylance on their Windows boxes because the URL scanning heavy lifting is on the router/UTM. Cylance might be a perfect solution for those under those conditions. It might even be enough using Chrome and Google's own site protection, along with just a malware blocking DNS.

Overall - I'm impressed with it. I was super-skeptical at first, largely because of the initial CIA seed money. However the CIA seed money amounts to peanuts now compared to the 500million+ valuation of Cylance, as evidenced by their 800 employees and giant new office. I'm emboldened by the fact you can turn off ALL file submission without risking security, and that they have seemingly decided to forego telemetry gathering and intrusive logging.

I think their newer competitor is Crowdstrike which has released their Falcon Artificially intelligent endpoint protection. However Crowdstrike, while very advanced, does not sell to consumers.

 

[RoboMan]

I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:

• Yes, there is a possibility to whitelist. From the web panel.
• Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
• No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
• About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
• False positives: last version reported 0,0001884% of FP
• Max. 3% CPU, average 1% CPU, 90MB RAM
• Totally independant, does not rely or work for any other antivirus or security firm
• Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
• Also protects MAC and Linux
• Inclused Application Control, option to block every installer run after the product has been installed and configured

I share some pictures I took from the panel

 

[Deleted member 178]

Corporate versions are always lighter, i would be more interested by the details of the consumer edition, nobody here will be able to acquire the corporate edition.

 

[RoboMan]

Corporate versions are always lighter, i would be more interested by the details of the consumer edition, nobody here will be able to acquire the corporate edition.

I will, that's why I had a conference

 

[Deleted member 178]

I will, that's why I had a conference

Don't forget to mention the country blockade, it is a no go for me. i'm in Asia and so i won't be able to purchase it...

 

[Deleted Member 3a5v73x]

Don't forget to mention the country blockade, it is a no go for me. i'm in Asia and so i won't be able to purchase it...

@RoboMan Is there a problem buying consumer version through VPN? It isn't going to install/function properly unless you are from UK/US?

 

[HarborFront]

I believe it doesn't have HTTPS scanning as well

 

[RoboMan]

@RoboMan Is there a problem buying consumer version through VPN? It isn't going to install/function properly unless you are from UK/US?

I'm not from any of those. I'm from South America, and they said it's not a problem, we're gonna buy through a distributer in Chile.

 

[In2an3_PpG]

I'm contemplating purchasing a consumer subscription. Interested to find out how it performs.

 

[Slyguy]

I'm contemplating purchasing a consumer subscription. Interested to find out how it performs.

Exceptionally well IMO. I have a 30 day trial consumer edition going through it's paces on testing machines and I am consistently impressed.

CPU use on the consumer version has been tracking at 0.12% over a 24 hour period, which is probably less than anything else on most systems. Total ram use is about 120Mb with all modules included. Total storage space consumed on drive is around 255Mb.

 

[Eggnog]

This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.

 

[Slyguy]

This looks really interesting. I've got some subscriptions on a few PCs/laptops coming up for renewal. I'm really interested to see what people think of this on a consumer level. Prices seem pretty competitive. They don't bundle bloat. Very interesting.

No bloat. Also, it uses entirely encrypted communication. We've not seen any telemetry going out from it. When the '
Automatically contribute file samples to the Cylance Cloud to perform
deep analysis of the file.' is unchecked, no files are sent at all, even on detection.

I spent about 2 hours trying to infect an isolated test box the other night and failed. But realize that I use existing (and very new) threats, and do not modify them for testing to attempt to bypass security products (that activity can have severe legal consequences).

Cylance could be very disruptive to the home AV market if they keep it up. Especially considered how utterly 'crap' most AV's are anymore.

 

[Kubla]

I had a conference yesterday with a Cylance's engineer, and we discussed about the corporate edition. Interesting mentioned facts to point out:

• Yes, there is a possibility to whitelist. From the web panel.
• Cylance is fully compatible with others antivirus, though another antivirus is not needed. Also compatible with complements (anti-exe, OSArmor, though not needed?)
• No, it's not CIA funding, or funded by any government, according to them. They do offer service to many federal/national agencies, but they got their fundings to start from private investors/organizations.
• About telemetry: only share suspicious samples if you allow the option, and some minimum data if you allow it. Else it won't share practically anything. "Practically", something must be shared.
• False positives: last version reported 0,0001884% of FP
• Max. 3% CPU, average 1% CPU, 90MB RAM
• Totally independant, does not rely or work for any other antivirus or security firm
• Delay to open executables: 50ms per 75K (weird numbers but that's what they said)
• Also protects MAC and Linux
• Inclused Application Control, option to block every installer run after the product has been installed and configured

I share some pictures I took from the panel

I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:

 

[509322]

I have a corporate version of Cylance not the home version but my dashboard does not have half of what you are showing and mine is basically read only:

The version you have - probably purchased via Malware Managed or some other 3rd-party Cylance Partner Manager - is not the same as the one that they sell directly to enterprises\corporations. The one you have - which is single-seat subscription-based - is only provided extremely limited access to the web console.

If you want the Big Daddy that gives you full access to all the features, then pay-up... thousands of dollars.