Cylance Smart Antivirus PC MAG Review
- Thread starter Hawaii007
- Start date
- Status
- Aug 17, 2017
- 1,609
I'm sort of finding some issues with Cylance (consumer).
It actually slightly corrupted windows functionality on one test machine to the point we just reset it. Things like File Explorer became unstable, directories disappeared. This system wasn't exposed to malware, it was just testing functionality over a period of time.
Another couple of machines Cylance presented a caution symbol and lost connection to the server on new execution of files and only a reboot corrected it.
On another couple of machines .net errors knocked Cylance right out. These were fresh machines, literally reset days before and Cylance installed.
I'd say it's possibly not ready for prime time.
It actually slightly corrupted windows functionality on one test machine to the point we just reset it. Things like File Explorer became unstable, directories disappeared. This system wasn't exposed to malware, it was just testing functionality over a period of time.
Another couple of machines Cylance presented a caution symbol and lost connection to the server on new execution of files and only a reboot corrected it.
On another couple of machines .net errors knocked Cylance right out. These were fresh machines, literally reset days before and Cylance installed.
I'd say it's possibly not ready for prime time.
Our testing was ended today, it's been a full week, and several machines had issues (pointed out above). It will be retested in the next wave of vetting to see how much it's improved.
I have a lot of hope they'll iron it all out. I have sent them crash logs and diags. Good product though, very slick!
I have a lot of hope they'll iron it all out. I have sent them crash logs and diags. Good product though, very slick!
Will be interested to hear your thoughts after they have had some time with those logs...
- Mar 21, 2018
- 108
Sounds like I'll renew my current subscriptions and keep an eye on Cylance in the future.
Cylance is decent. But keep in mind it's not going to offer any web protection, exploit protection and firewall/intrusion protection at all. It's really just a file protection system. So unless you have a third party software firewall you won't have any control or eyes on what is going on and will be entirely reliant on your hardware firewall (router) and what little that provides in some cases. Also, without web filtration it's almost suicide using Cylance without something like Heimdal as Cylance will offer zero protection in the area of cross scripting and other web served threats.
You can quite easily test this yourself by installing Cylance and doing penetration testing on a machine. Then install SEPC and re-create the same penetrations. SEPC's aggressive firewall and extensive IPS signatures will pose a serious problem. Cylance will pose almost no barrier whatsoever. Personally, I think Cylance MUST be paired with at least a firewall and some sort of web filtration or you are going to be in a world of hurt at some point down the road.
Cylance seems to almost be entirely focused on file execution protection and nothing else. From what I saw it's great at what it is focused on, but is anemic for all other attack vectors so I think it would be best to use it in a layered system. Also it's going to provide no protection against one of the biggest threats facing many people - phishing. Those PDF documents with links in them aren't even going to be noticed by Cylance
but something like SEPC or SHP will likely protect you.
So given that, I think Cylance is useful, but only if part of a comprehensive security plan. It's no silver bullet IMO.
You can quite easily test this yourself by installing Cylance and doing penetration testing on a machine. Then install SEPC and re-create the same penetrations. SEPC's aggressive firewall and extensive IPS signatures will pose a serious problem. Cylance will pose almost no barrier whatsoever. Personally, I think Cylance MUST be paired with at least a firewall and some sort of web filtration or you are going to be in a world of hurt at some point down the road.
Cylance seems to almost be entirely focused on file execution protection and nothing else. From what I saw it's great at what it is focused on, but is anemic for all other attack vectors so I think it would be best to use it in a layered system. Also it's going to provide no protection against one of the biggest threats facing many people - phishing. Those PDF documents with links in them aren't even going to be noticed by Cylance
but something like SEPC or SHP will likely protect you.
So given that, I think Cylance is useful, but only if part of a comprehensive security plan. It's no silver bullet IMO.
Last edited by a moderator:
Cylance is nothing more than a stand-alone, bare-bones antivirus. The slickest thing they have pulled-off is their promotion of it. Well, actually, they get away with it to a large extent because people don't bother to research and read. So people (I'm talking about home users) make it very easy for Cylance. It fits that irrational, uninformed set-and-forget need that home users have.
Cylance is setting everything up for the IPO pump-and-dump. Anyone who knows how the game is played has seen them doing it for the past few years. Mark my words.
As far as the quality, or superiority I should say, of Cylance antivirus itself, it is a security soft just like any other. No more, no less. It is not a magic bullet. There is no such thing.
Over on Spiceworks Cylance gets some interesting threads from marketing shills, like this:
So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.
Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
So my question is - all of these shills and IT guys promoting Cylance - do they not understand the threat vectors of their customers? How are they planning to protect their customers from Phishing or Web Exploits? How about rogue browser extensions? DNS attacks? The list goes on and on, and the more I read the more I feel bad about Cylance.
Tell me I am wrong Lockdown, tell me Cylance is magical unicorn technology. Please. I want to believe.
I don't know what you guys do on the internet that you need a software firewall/IDS/web-filtering. I'm actually glad we have another AV system that isn't putting toolbars into my browser and downgrading my SSL connections. If Cylance smart antivirus can provide a similar level of protection from malware to another anti-malware system (which it does) without burying into every facet of my system then why would I use a bloated jack-of-all-trades security-software.
How ESET was doing web filtering:
Don't use ESET SSL protocol filtering
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. "
How popular internet-security and home-user third party software firewalls failed basic inbound tests: https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_fw_201403_en.pdf
"This test indicates that half of the security vendors are actually charging more money for a product that may provide significantly less security in some situations, and that users would do better to buy the simple antivirus program and rely on Windows Firewall to prevent unauthorized intrusion. "
It might be time to stop using antivirus
"Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS."
"A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser."
I don't want any of the featurecreep security theater crapware most AVs include. I don't want web filtering. I don't want a crappy firewall. I have a lot of trouble believing an anti-exploit will protect you any better than keeping everything up-to-date. Just give me something that detects malware, does a good enough job, and doesn't ruin the security of my system.
How ESET was doing web filtering:
Don't use ESET SSL protocol filtering
"Not only that, inspecting SSL negotiation with Wireshark shows the ESET application actually downgrades your SSL connection to TLSv1.0 even if your browser and the site you are visiting would normally use the much stronger TLSv1.1 or TLSv1.2. "
How popular internet-security and home-user third party software firewalls failed basic inbound tests: https://www.av-comparatives.org/wp-content/uploads/2017/03/avc_fw_201403_en.pdf
"This test indicates that half of the security vendors are actually charging more money for a product that may provide significantly less security in some situations, and that users would do better to buy the simple antivirus program and rely on Windows Firewall to prevent unauthorized intrusion. "
It might be time to stop using antivirus
"Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV. The man-in-the-middle nature of antivirus also causes a stream of TLS (transport layer security) errors, says Schuh, which in turn breaks some elements of HTTPS/HSTS."
"A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser."
I don't want any of the featurecreep security theater crapware most AVs include. I don't want web filtering. I don't want a crappy firewall. I have a lot of trouble believing an anti-exploit will protect you any better than keeping everything up-to-date. Just give me something that detects malware, does a good enough job, and doesn't ruin the security of my system.
Last edited:
There are options to opt-out of the SSL monitoring as well as solutions that don't do it at all.
Feature-creep is a part of the security soft landscape. Publishers think and feel that they must continuously offer new features and gizmos to increase sales. And worst of all, consumers stupidly expect and demand more features instead of using only what is needed and reliable. It is consumers that drive the feature-creep, and not the publishers.
If all you want is a dedicated full-time AV, then there is Windows Defender and Ikarus. Windows Defender on Windows 10 with fully tweaked other protections offers better protection than Cylance any day.
A lot of modern attacks utilize firewall deficiencies to accomplish their ingress/egress. It's pretty serious these days with the side channel attacks, lateral network attacks and so forth. WF isn't going to stop any of it so it might be wise to have a decent firewall on your endpoints. Also, assuming people have a Fortinet, Sophos XG, Untangle or whatever on their gateway to prevent attacks might be reckless because they could just as well have a Linksys simple NAT.
But if you have any experience in the SMB/Corporate environment you know how dangerous phishing is these days.
I'm not advocating bloat. SMB/Corporate solutions rarely have any bloat. But granted, the consumer AV market is crap right now and heavily bloated. To which I agree. Nobody is slighting Cylance for being basic, I like that part of it. But I am citing the fact that it's basically just a signature based AV with some anomaly detection and won't cover some of the most important attack vectors.
The contention is, it actually doesn't. I do not believe Cylance would offer a similar level of protection as for example Emsisoft Anti-Malware, or Malwarebytes.
We all hate feature creep and crappy firewalls. But honestly, there are plenty of really good firewalls out there. Gdata, Kaspersky, Symantec, Panda, K7, Bullguard, all have good, protective firewalls. Let's assume you remove firewalls and SSL interception from the equation, Cylance is probably still likely to offer more holes than some basic AV products without all of the things you hate.
I'm concerned some might be misled into thinking Cylance offers some mystical protection from everything. There could be a serious false sense of security that arrives with it. I could be wrong, but it just doesn't seem to offer protection from more than file execution threats.
Last edited by a moderator:
Shills and promoters are just what they are. Pieces of crap. One only needs to go to Reddit and visit just about any crypto subreddit to see the worst online behaviors. And the worst part of it is that many do it without any compensation for their shill efforts.
Relatively, very few people know threat vectors well enough to promote others' best IT security interests. You of all people should know that IT admins with years and years of experience don't know what they're doing security-wise. Or if they do know, they aren't doing it for a bewildering range of reasons - from simple laziness to management won't let them do it to no money.
There's a lot of negatives associated with Cylance. I think their magic tour has done damage that will persist for years. If, and by the time things change, the original stakeholders will probably be long gone - or at least most of them. Because by that time they will have made themselves uber rich. Exit left...
I seem to remeber CylanceProtect offering exploit protection. But what you're doing, it's a little like complaining that a fish can't fly. You're mishmashing features from enterprise level firewalls, AVs, and running a consumer av under that lens.
What are you basing your contention that Cylance performs worse than Malwarebytes or Emsisoft?
Phishing isn't the AVs problem. It's the users problem. 2fa, education, and maybe think about sacking repeat offenders.
Until IT security education is made a top priority that is put into action, nothing will change. In fact, the risks to typical people grows every single when they venture into the digital world wholly unprepared. And that risk is accelerating.
A security soft is not a substitute for knowledge and experience.
The current situation is a pathetic state of affairs.
Last edited by a moderator:
- Status
Similar threads
