Status
Not open for further replies.

Slyguy

Level 42
Verified
I'm sort of finding some issues with Cylance (consumer).

It actually slightly corrupted windows functionality on one test machine to the point we just reset it. Things like File Explorer became unstable, directories disappeared. This system wasn't exposed to malware, it was just testing functionality over a period of time.

Another couple of machines Cylance presented a caution symbol and lost connection to the server on new execution of files and only a reboot corrected it.

On another couple of machines .net errors knocked Cylance right out. These were fresh machines, literally reset days before and Cylance installed.

************** Exception Text **************
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at net.pipe://127.0.0.1/Cylance/Cylance.Host.CCUI.Interfaces.GuiClients.IRemoteServices that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.IO.PipeException: The pipe endpoint 'net.pipe://127.0.0.1/Cylance/Cylance.Host.CCUI.Interfaces.GuiClients.IRemoteServices' could not be found on your local machine.
--- End of inner exception stack trace ---

Server stack trace:
at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri, IPipeTransportFactorySettings transportFactorySettings)
at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)
I'd say it's possibly not ready for prime time.
 

Hawaii007

Level 2
I am running Cylance Home smart antivirus with Comodo Fire Wall 10 w CS settings and Heimdal Pro .
No problems on both my PC's. Very light and clean.
 
  • Like
Reactions: BryanB

Slyguy

Level 42
Verified
Our testing was ended today, it's been a full week, and several machines had issues (pointed out above). It will be retested in the next wave of vetting to see how much it's improved.

I have a lot of hope they'll iron it all out. I have sent them crash logs and diags. Good product though, very slick!
 
I

illumination

Our testing was ended today, it's been a full week, and several machines had issues (pointed out above). It will be retested in the next wave of vetting to see how much it's improved.

I have a lot of hope they'll iron it all out. I have sent them crash logs and diags. Good product though, very slick!
Will be interested to hear your thoughts after they have had some time with those logs...
 

Slyguy

Level 42
Verified
Cylance is decent. But keep in mind it's not going to offer any web protection, exploit protection and firewall/intrusion protection at all. It's really just a file protection system. So unless you have a third party software firewall you won't have any control or eyes on what is going on and will be entirely reliant on your hardware firewall (router) and what little that provides in some cases. Also, without web filtration it's almost suicide using Cylance without something like Heimdal as Cylance will offer zero protection in the area of cross scripting and other web served threats.

You can quite easily test this yourself by installing Cylance and doing penetration testing on a machine. Then install SEPC and re-create the same penetrations. SEPC's aggressive firewall and extensive IPS signatures will pose a serious problem. Cylance will pose almost no barrier whatsoever. Personally, I think Cylance MUST be paired with at least a firewall and some sort of web filtration or you are going to be in a world of hurt at some point down the road.

Cylance seems to almost be entirely focused on file execution protection and nothing else. From what I saw it's great at what it is focused on, but is anemic for all other attack vectors so I think it would be best to use it in a layered system. Also it's going to provide no protection against one of the biggest threats facing many people - phishing. Those PDF documents with links in them aren't even going to be noticed by Cylance
but something like SEPC or SHP will likely protect you.

So given that, I think Cylance is useful, but only if part of a comprehensive security plan. It's no silver bullet IMO.
 
Last edited:
5

509322

Cylance is nothing more than a stand-alone, bare-bones antivirus. The slickest thing they have pulled-off is their promotion of it. Well, actually, they get away with it to a large extent because people don't bother to research and read. So people (I'm talking about home users) make it very easy for Cylance. It fits that irrational, uninformed set-and-forget need that home users have.
 
5

509322

Agreed. The cool colors, special words, and secret sauce marketing are doing wonders for them.

I'd put SEPC up against Cylance any day of the week in a real world, high risk situation. Cylance wouldn't stand a chance. But that's my opinion, only 7 days of testing, but the guys broke the hell out of it. I'd say more but I really can't (and it's not my job to, and I am not legally authorized to do so). So I will leave it at that and let people discover magical things themselves. Maybe CS will take up the torch soon and provide fun details.
Cylance is setting everything up for the IPO pump-and-dump. Anyone who knows how the game is played has seen them doing it for the past few years. Mark my words.

As far as the quality, or superiority I should say, of Cylance antivirus itself, it is a security soft just like any other. No more, no less. It is not a magic bullet. There is no such thing.
 

Slyguy

Level 42
Verified
Over on Spiceworks Cylance gets some interesting threads from marketing shills, like this:

Also just because some IT companies try to dupe their customers with marketing and double talk doesn't mean they all do. Just because math and machine learning aren't the normal doesn't mean it isn't effective. Reach out to Kathryn or Edward at Cylance for a live demo and do some POC testing of your own. I'd be very afraid if I were any of the big guys..Cylance is changing the game and they aren't even in the same arena.
So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.

Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
 

artek

Level 4
I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering. I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections. If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does) without burying into every facet of my system then why would I use a bloated jack-of-all-trades security-software.

How ESET was doing web filtering:
Don't use ESET SSL protocol filtering
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. "

How popular internet-security and home-user third party software firewalls failed basic inbound tests: https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_fw_201403_en.pdf

"This test indicates that half of the security vendors are actually charging more money for a product that may provide significantly less security in some situations, and that users would do better to buy the simple antivirus program and rely on Windows Firewall to prevent unauthorized intrusion. "

It might be time to stop using antivirus

"Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS."

"A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser."

I don't want any of the featurecreep security theater crapware most AVs include. I don't want web filtering. I don't want a crappy firewall. I have a lot of trouble believing an anti-exploit will protect you any better than keeping everything up-to-date. Just give me something that detects malware, does a good enough job, and doesn't ruin the security of my system.
 
Last edited:
5

509322

I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering. I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections. If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does) without burying into every facet of my system then why would I use a bloated jack-of-all-trades security-software.

How ESET was doing web filtering:
Don't use ESET SSL protocol filtering
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. "

How popular internet-security and home-user third party software firewalls failed basic inbound tests: https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_fw_201403_en.pdf

"This test indicates that half of the security vendors are actually charging more money for a product that may provide significantly less security in some situations, and that users would do better to buy the simple antivirus program and rely on Windows Firewall to prevent unauthorized intrusion. "

It might be time to stop using antivirus

"Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS."

"A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser."

I don't want any of the featurecreep security theater crapware most AVs include. I don't want web filtering. I don't want a crappy firewall. I have a lot of trouble believing an anti-exploit will protect you at all. Just give me something that detects malware, does a good enough job, and doesn't ruin the security of my system.
There are options to opt-out of the SSL monitoring as well as solutions that don't do it at all.

Feature-creep is a part of the security soft landscape. Publishers think and feel that they must continuously offer new features and gizmos to increase sales. And worst of all, consumers stupidly expect and demand more features instead of using only what is needed and reliable. It is consumers that drive the feature-creep, and not the publishers.

If all you want is a dedicated full-time AV, then there is Windows Defender and Ikarus. Windows Defender on Windows 10 with fully tweaked other protections offers better protection than Cylance any day.
 
  • Like
Reactions: BryanB

Slyguy

Level 42
Verified
I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering.
A lot of modern attacks utilize firewall deficiencies to accomplish their ingress/egress. It's pretty serious these days with the side channel attacks, lateral network attacks and so forth. WF isn't going to stop any of it so it might be wise to have a decent firewall on your endpoints. Also, assuming people have a Fortinet, Sophos XG, Untangle or whatever on their gateway to prevent attacks might be reckless because they could just as well have a Linksys simple NAT.

But if you have any experience in the SMB/Corporate environment you know how dangerous phishing is these days.

I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections.
I'm not advocating bloat. SMB/Corporate solutions rarely have any bloat. But granted, the consumer AV market is crap right now and heavily bloated. To which I agree. Nobody is slighting Cylance for being basic, I like that part of it. But I am citing the fact that it's basically just a signature based AV with some anomaly detection and won't cover some of the most important attack vectors.

If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does)
The contention is, it actually doesn't. I do not believe Cylance would offer a similar level of protection as for example Emsisoft Anti-Malware, or Malwarebytes.

I don't want web filtering. I don't want a crappy firewall. .
We all hate feature creep and crappy firewalls. But honestly, there are plenty of really good firewalls out there. Gdata, Kaspersky, Symantec, Panda, K7, Bullguard, all have good, protective firewalls. Let's assume you remove firewalls and SSL interception from the equation, Cylance is probably still likely to offer more holes than some basic AV products without all of the things you hate.

I'm concerned some might be misled into thinking Cylance offers some mystical protection from everything. There could be a serious false sense of security that arrives with it. I could be wrong, but it just doesn't seem to offer protection from more than file execution threats.
 
Last edited:
5

509322

Over on Spiceworks Cylance gets some interesting threads from marketing shills, like this:



So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.

Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
Shills and promoters are just what they are. Pieces of crap. One only needs to go to Reddit and visit just about any crypto subreddit to see the worst online behaviors. And the worst part of it is that many do it without any compensation for their shill efforts.

Relatively, very few people know threat vectors well enough to promote others' best IT security interests. You of all people should know that IT admins with years and years of experience don't know what they're doing security-wise. Or if they do know, they aren't doing it for a bewildering range of reasons - from simple laziness to management won't let them do it to no money.

There's a lot of negatives associated with Cylance. I think their magic tour has done damage that will persist for years. If, and by the time things change, the original stakeholders will probably be long gone - or at least most of them. Because by that time they will have made themselves uber rich. Exit left...
 

artek

Level 4
A lot of modern attacks utilize firewall deficiencies to accomplish their ingress/egress. It's pretty serious these days with the side channel attacks, lateral network attacks and so forth. WF isn't going to stop any of it so it might be wise to have a decent firewall on your endpoints. Also, assuming people have a Fortinet, Sophos XG, Untangle or whatever on their gateway to prevent attacks might be reckless because they could just as well have a Linksys simple NAT.

But if you have any experience in the SMB/Corporate environment you know how dangerous phishing is these days.



I'm not advocating bloat. SMB/Corporate solutions rarely have any bloat. But granted, the consumer AV market is crap right now and heavily bloated. To which I agree. Nobody is slighting Cylance for being basic, I like that part of it. But I am citing the fact that it's basically just a signature based AV with some anomaly detection and won't cover some of the most important attack vectors.



The contention is, it actually doesn't. I do not believe Cylance would offer a similar level of protection as for example Emsisoft Anti-Malware, or Malwarebytes.



We all hate feature creep and crappy firewalls. But honestly, there are plenty of really good firewalls out there. Gdata, Kaspersky, Symantec, Panda, K7, Bullguard, all have good, protective firewalls. Let's assume you remove firewalls and SSL interception from the equation, Cylance is probably still likely to offer more holes than some basic AV products without all of the things you hate.

I'm concerned some might be misled into thinking Cylance offers some mystical protection from everything. When in reality, it's probably not much more of an advancement over a traditional on-execution AV product. There could be a serious false sense of security that arrives with it. I could be wrong, but it just doesn't seem to offer protection from more than file execution threats.
I seem to remeber CylanceProtect offering exploit protection. But what you're doing, it's a little like complaining that a fish can't fly. You're mishmashing features from enterprise level firewalls, AVs, and running a consumer av under that lens.

What are you basing your contention that Cylance performs worse than Malwarebytes or Emsisoft?

Phishing isn't the AVs problem. It's the users problem. 2fa, education, and maybe think about sacking repeat offenders.
 
  • Like
Reactions: BryanB
5

509322

I seem to remeber CylanceProtect offering exploit protection. But what you're doing, it's a little like complaining that a fish can't fly. You're mishmashing features from enterprise level firewalls, AVs, and running a consumer av under that lens.

What are you basing your contention that Cylance performs worse than Malwarebytes or Emsisoft?

Phishing isn't the AVs problem. It's the users problem. 2fa, education, and maybe think about sacking repeat offenders.
Until IT security education is made a top priority that is put into action, nothing will change. In fact, the risks to typical people grows every single when they venture into the digital world wholly unprepared. And that risk is accelerating.

A security soft is not a substitute for knowledge and experience.

The current situation is a pathetic state of affairs.
 
Last edited by a moderator:
Status
Not open for further replies.