************** Exception Text **************
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.pipe://127.0.0.1/Cylance/Cylance.Host.CCUI.Interfaces.GuiClients.IRemoteServices that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint 'net.pipe://127.0.0.1/Cylance/Cylance.Host.CCUI.Interfaces.GuiClients.IRemoteServices' could not be found on your local machine.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings)
at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)
Will be interested to hear your thoughts after they have had some time with those logs...Our testing was ended today, it's been a full week, and several machines had issues (pointed out above). It will be retested in the next wave of vetting to see how much it's improved.
I have a lot of hope they'll iron it all out. I have sent them crash logs and diags. Good product though, very slick!
Cylance is nothing more than a stand-alone, bare-bones antivirus. The slickest thing they have pulled-off is their promotion of it. Well, actually, they get away with it to a large extent because people don't bother to research and read. So people make it very easy for Cylance.
Agreed. The cool colors, special words, and secret sauce marketing are doing wonders for them.
I'd put SEPC up against Cylance any day of the week in a real world, high risk situation. Cylance wouldn't stand a chance. But that's my opinion, only 7 days of testing, but the guys broke the hell out of it. I'd say more but I really can't (and it's not my job to, and I am not legally authorized to do so). So I will leave it at that and let people discover magical things themselves. Maybe CS will take up the torch soon and provide fun details.
Also just because some IT companies try to dupe their customers with marketing and double talk doesn't mean they all do. Just because math and machine learning aren't the normal doesn't mean it isn't effective. Reach out to Kathryn or Edward at Cylance for a live demo and do some POC testing of your own. I'd be very afraid if I were any of the big guys..Cylance is changing the game and they aren't even in the same arena.
I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering. I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections. If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does) without burying into every facet of my system then why would I use a bloated jack-of-all-trades security-software.
How ESET was doing web filtering:
Don't use ESET SSL protocol filtering
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. "
How popular internet-security and home-user third party software firewalls failed basic inbound tests: https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_fw_201403_en.pdf
"This test indicates that half of the security vendors are actually charging more money for a product that may provide significantly less security in some situations, and that users would do better to buy the simple antivirus program and rely on Windows Firewall to prevent unauthorized intrusion. "
It might be time to stop using antivirus
"Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS."
"A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser."
I don't want any of the featurecreep security theater crapware most AVs include. I don't want web filtering. I don't want a crappy firewall. I have a lot of trouble believing an anti-exploit will protect you at all. Just give me something that detects malware, does a good enough job, and doesn't ruin the security of my system.
I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering.
I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections.
If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does)
I don't want web filtering. I don't want a crappy firewall. .
Over on Spiceworks Cylance gets some interesting threads from marketing shills, like this:
So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.
Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
A lot of modern attacks utilize firewall deficiencies to accomplish their ingress/egress. It's pretty serious these days with the side channel attacks, lateral network attacks and so forth. WF isn't going to stop any of it so it might be wise to have a decent firewall on your endpoints. Also, assuming people have a Fortinet, Sophos XG, Untangle or whatever on their gateway to prevent attacks might be reckless because they could just as well have a Linksys simple NAT.
But if you have any experience in the SMB/Corporate environment you know how dangerous phishing is these days.
I'm not advocating bloat. SMB/Corporate solutions rarely have any bloat. But granted, the consumer AV market is crap right now and heavily bloated. To which I agree. Nobody is slighting Cylance for being basic, I like that part of it. But I am citing the fact that it's basically just a signature based AV with some anomaly detection and won't cover some of the most important attack vectors.
The contention is, it actually doesn't. I do not believe Cylance would offer a similar level of protection as for example Emsisoft Anti-Malware, or Malwarebytes.
We all hate feature creep and crappy firewalls. But honestly, there are plenty of really good firewalls out there. Gdata, Kaspersky, Symantec, Panda, K7, Bullguard, all have good, protective firewalls. Let's assume you remove firewalls and SSL interception from the equation, Cylance is probably still likely to offer more holes than some basic AV products without all of the things you hate.
I'm concerned some might be misled into thinking Cylance offers some mystical protection from everything. When in reality, it's probably not much more of an advancement over a traditional on-execution AV product. There could be a serious false sense of security that arrives with it. I could be wrong, but it just doesn't seem to offer protection from more than file execution threats.
I seem to remeber CylanceProtect offering exploit protection. But what you're doing, it's a little like complaining that a fish can't fly. You're mishmashing features from enterprise level firewalls, AVs, and running a consumer av under that lens.
What are you basing your contention that Cylance performs worse than Malwarebytes or Emsisoft?
Phishing isn't the AVs problem. It's the users problem. 2fa, education, and maybe think about sacking repeat offenders.