Cylance Smart Antivirus PC MAG Review

Status
Not open for further replies.

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,225
Everybody will eventually be breached, Google, Amazon, your bank , everyone. The only thing the common guy has going for us is that if they breach someone with 100 million users the chances of us being affected is very low. So my mantra is, dont worry be happy, they may have our info but chances are will never be used against us.
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 58943

They couldn't make a proper software firewall back in 2014 and you trust them to make secure router firmware?

What the hell are you talking about? Please re-read what I said and apply comprehension to it. I wasn't talking about Cylance having a firewall.
 

artek

Level 5
Verified
May 23, 2014
236
What the hell are you talking about? Please re-read what I said and apply comprehension to it. I wasn't talking about Cylance having a firewall.

I didn't think you were. What I was saying, and lets just pick one of those vendors you listed at random, say Norton Sphere. Back in 2014 their firewall was failing to prevent remote desktop connections and file sharing connections. Do you really trust them to design and secure a router?
 
F

ForgottenSeer 58943

I didn't think you were. What I was saying, and lets just pick one of those vendors you listed at random, say Norton Sphere. Back in 2014 their firewall was failing to prevent remote desktop connections and file sharing connections. Do you really trust them to design and secure a router?

Norton has a well regarded firewall among software firewalls. However I was simply listing a few random UTM type appliances without regard to individual merits. (or lack of) The fact is, Norton Sphere functions like a UTM and has web filtration. That was the point being made. Cylance has some pretty big limitations for handling anything other than file execution malware.

But paired with a UTM, it's probably quite nice as Umbra points out - in corporate environments it's probably great behind some nice gateway gear, tools, and a locked down AD environment with directory security managed properly.
 

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
As someone who has evaluated the corporate version of Cylance in my organisation I can tell you the only impressive thing i found was the agent's small footprint and low resource usage.

One of the test PC's during the POC (proof of concept) actually became infected with malware and Cylance was totally oblivious to its existence. It was only the user reporting odd behaviour of their PC that alerted us to their being something wrong. A scan with an on demand scanner confirmed a known trojan was persistent and active in memory.

Then their was the cost. At the time we were using Panda on all of our endpoints as it was 50% cheaper than Sophos (our previous solution). Cylance however worked out to be twice as expensive as Sophos!

Needless to say we went with Sophos as it proved more effective, due to its multilayer protection and also better value at half the cost of Cylance.

I so very nearly fell for all the flash marketing BS. If I had I don't think I'd still be in a job.
 
F

ForgottenSeer 58943

As someone who has evaluated the corporate version of Cylance in my organisation I can tell you the only impressive thing i found was the agent's small footprint and low resource usage.

One of the test PC's during the POC (proof of concept) actually became infected with malware and Cylance was totally oblivious to its existence. It was only the user reporting odd behaviour of their PC that alerted us to their being something wrong. A scan with an on demand scanner confirmed a known trojan was persistent and active in memory.

Then their was the cost. At the time we were using Panda on all of our endpoints as it was 50% cheaper than Sophos (our previous solution). Cylance however worked out to be twice as expensive as Sophos!

Needless to say we went with Sophos as it proved more effective, due to its multilayer protection and also better value at half the cost of Cylance.

I so very nearly fell for all the flash marketing BS. If I had I don't think I'd still be in a job.

Very interesting. Thank you for sharing your experiences.
 
Last edited by a moderator:
  • Like
Reactions: askmark
5

509322

Cylance is big on the bitching and moaning that it isn't getting any fairness within the industry. That it has been wrongly characterized and insidiously persecuted. And it accuses others of non-existent wrong-doing - making it up as they go along. Threatens law suits and then balks when confronted with legal action.

Sound familiar ?
 
5

509322

"In an industry dominated by companies making empty promises using broken, outdated technology, It’s good to be different."

Shots fired!

It's the same marketing mantra used by everyone. The problem is that some are much, much more sensitive to it than others. They cannot help themselves.

No security software can function as a replacement for knowledge and experience.

Actually security softs create more questions for users than they ever answer.
 
F

ForgottenSeer 58943

It's been 3 days since I opened a ticket and provided logs. Not even a 'Great, we got your ticket and will get back to you' response..
 
Last edited by a moderator:
  • Like
Reactions: Der.Reisende
F

ForgottenSeer 58943

Bugs/anomalies noted so far with Cylance.

1) .net crash errors on some clients. (logs provided to Cylance, but it's a rare event)
2) No notification of threats. Similar to what Neil experienced.
3) Possible corruption of core windows DLL on one machine. (logs submitted but could be something other than Cylance)

4) Sometimes it actually does scan files that aren't executed contrary to their operational statements and stated lack of interest in stagnant files doing nothing.. We've noticed that contrary to what they claim, it does scan non-executed files. Our logging clearly shows this activity. We we seeded 5 pieces of malware on a drive to see if it is scanning anytime other than execution. It does, these 5 threats were buried on a drive where there was no execution of any program. So it does scan folders under some conditions.

cylance1.png


5) Aggressive quarantine of newer non-malware files as malware is fairly routine. Also, they seem to examine hashes of known files and any variance of the hash from known file triggers it. Without regard to the actual malware validity at the time.

6) Aggressive quarantine of OLDER files without respect to their validity. For example I was able to go way back to a sample of a legitimate program, but dated, Cylance immediately quarantined and removed it because it simply wasn't in their database yet. Without any respect to it's threat validity.

7) Support may lack. I haven't gotten a response in 3 days. <sniff>

More soon.
 
Last edited by a moderator:
  • Like
Reactions: askmark and Azure
5

509322

For an AV that prides itself on "pretty", that screen is pretty basic; looks the same as the dry enterprise screen on the endpoints.

I'm commenting on that because that's all I'm qualified for.

Yeah, well... you'd be surprised how many people use a security soft because the graphics are the most important thing to them. That's as about as idiotic as it gets.
 

artek

Level 5
Verified
May 23, 2014
236
Bugs/anomalies noted so far with Cylance.

1) .net crash errors on some clients. (logs provided to Cylance)
2) No notification of threats. Similar to what Neil experienced.
3) Possible corruption of core windows DLL on one machine. (logs submitted)

4) Sometimes it actually does scan files that aren't executed contrary to their operational statements and stated lack of interest in stagnant files doing nothing.. We've noticed that contrary to what they claim, it does scan non-executed files. Our logging clearly shows this activity, in fact in one logging session it scanned every single file in an encrypted directory that we 'staged' to test this. We we seeded 5 pieces of malware on the encrypted drive to see if it is looking for encrypted files and snooping around around. Well, those encrypted directories and malware were NEVER executed but the threats were found. That seems to be the opposite of their claims, why was it scanning an encrypted folder on a data drive without user activity? Here's a screen grab of the 5 hidden malware samples I put in the encrypted directory before installation of Cylance.

View attachment 193898

5) Aggressive quarantine of newer non-malware files as malware is fairly routine. Also, they seem to examine hashes of known files and any variance of the hash from known file triggers it. Without regard to the actual malware validity at the time.

6) Aggressive quarantine of OLDER files without respect to their validity. For example I was able to go way back to a sample of a legitimate program, but dated, Cylance immediately quarantined and removed it because it simply wasn't in their database yet. Without any respect to it's threat validity.

7) Support blows. You'll be ignored. If you want a refund, you might be waiting 30 days to get the 30 day refund honored. :unsure:

That's all I have for today. It's a decent basic antivirus IMO. Nothing more. I don't see any magical unicorn activity in it, but that's just me. Sure it's tiny, and doesn't use much CPU. But why do I care about that? I have 16 cores sitting here idle most of the time. I'd put OSArmor/VS and Heimdal next to it or I wouldn't run it. OSArmor/VS is going to give you exploit protection and alternative vector protection. Heimdal will protect your DNS and give you robust URL filtering. This combo 'should' be incredibly lightweight and highly effective. Or put Cylance behind a UTM-Like router along with OSArmor/VS and call it a day. You won't get infected.


I had the problem with notifications too, and I just noticed this today. Not sure if you had that ticked, but it's off by default.

Show Notifications

I've seen it scan folders too, but I'm not sure exactly what triggers it, because I've also pointed explorer to other folders, and it doesn't scan them at all. I think it might be some other process touching the files which triggers a Cylance scan, but don't quote me on that.
 
Last edited:

artek

Level 5
Verified
May 23, 2014
236
That's all I have for today. It's a decent basic antivirus IMO. Nothing more. I don't see any magical unicorn activity in it, but that's just me. Sure it's tiny, and doesn't use much CPU. But why do I care about that? I have 16 cores sitting here idle most of the time. I'd put OSArmor/VS and Heimdal next to it or I wouldn't run it.

That's the unicorn. Look at this test: Advanced Endpoint Protection Test | AV-Comparatives It's providing the same, and in some cases better, protection than more bloated alternatives. Bitdefender, Kasperksy, Sophos, my system was crawling. You're telling me with this tiny, nimble, next-gen product I can get a similar level of protection without my system slowing down? Where do I sign up?

Real-world protection test, no url filtering, other products have URL filtering, what kind of detection rate advantage do they have versus Cylance? Bitdefender had a 100 percent detection rate, the next top products, including Cylance, all had 99.7. You mean I can get a comparable detection rate absent net slowdowns? Absent a security suite hooking into my browser and downgrading my SSL/TLS connections?
 
Last edited:
F

ForgottenSeer 58943

That's the unicorn. Look at this test: Advanced Endpoint Protection Test | AV-Comparatives It's providing the same, and in some cases better, protection than more bloated alternatives. Bitdefender, Kasperksy, Sophos, my system was crawling. You're telling me with this tiny, nimble, next-gen product I can get a similar level of protection without my system slowing down? Where do I sign up?

Don't get me wrong, I love how lightweight it is. More specifically, how it 'feels' on your system, it really does feel like there isn't any AV running at all which is exceedingly nice. I'm pretty much recommending Cylance to people with caveats.

I believe Cylance should be more than enough (with the caveats below noted) to provide a near zero weight/impact and solid protection. Barring a UTM/NGFW on the gateway, I would pair up Cylance with OSArmor and Heimdal. That's just my opinion, I probably wouldn't run Cylance vanilla with nothing else and would choose one or the other.

With all of the negatives and/or questions, I will post what I like (love?) about Cylance;

1) Administration Panel - I like web panels for my security. Force of habit from the corporate world. While short on settings, Cylance has a speedy, attractive panel where you can quickly get a sight on your devices and see what is going on, and whitelist/etc. Very nice.
2) Weight and Speed - systems feel FAST with Cylance on them. No mistaking that! Impressively light..
3) Strong Awareness of application integrity and anomalies. I'm picky, I want to know if any application, module or update diverges from the norm. Cylance provides that awareness by alerting to anomalies. I have confidence if anything gets hijacked, altered/tampered, or something with an application update channel gets replaced with a subverted module Cylance WILL find it and alert.,
4) Spartan interface - love it! I'm tired of bloat, like you. Give me the data I need and stop giving me flashy whistles and lights.
5) Enthusiasm - let's face it, there is a lot of enthusiasm around Cylance. It's contagious. You know the people there probably love the product and it shows. Nobody gets excited (or cares) about Avast anymore. Cylance is doing cool things and has an edgy feel to it. ;-)

So would I recommend Cylance? After 2 weeks of toying with it, I am shifting it to my recommendation category with caveats*

1) You probably need a router/firewall with some UTM features w/Cylance. (pick a brand)
and/or
2) You probably should pair it up with Heimdal and/or OSArmor.

Cylance+Gryphon is so good, I think it's my recommended combo for anyone looking to get a couple different artificially intelligent technologies working on their network and systems that totally compliment each other. Since both of them use ML/AI, and both would totally compliment each other, it's like the perfect combo IMO. Gryphon is going to seal right up any potential areas Cylance might falter.

Here's my 15 second marketing graphic for this combo;

hype.png
 
Last edited by a moderator:

rsonic

Level 2
Verified
Jul 25, 2018
74
Here's my 15 second marketing graphic for this combo;

View attachment 193905

Oh God, they should hire you to design their material.

I'm looking for a solution that I can put on friends' and relatives' machines and manage through a web interface if they aren't blocking their updates and letting the malware run amok; perhaps Cylance isn't what I need, then.
 
Last edited:
5

509322

You're telling me with this tiny, nimble, next-gen product I can get a similar level of protection without my system slowing down? Where do I sign up?

You can get an almost identical detection rate, but at the same time a whole lot less protection against the stuff that isn't detected.

LOL...

And unless you are using obsolete\insufficient hardware and\or Windows or have your system loaded down with softs and a taxing configuration, then there shouldn't be system slowdowns.
 
  • Like
Reactions: Nightwalker

artek

Level 5
Verified
May 23, 2014
236
You can get an almost identical detection rate, but at the same time a whole lot less protection against the stuff that isn't detected.

LOL...

And unless you are using obsolete\insufficient hardware and\or Windows or have your system loaded down with softs and a taxing configuration, then there shouldn't be system slowdowns.

Test Bitdefender Internet Security 22.0 for Windows 10 (181491)

On a high-end system, like you said, 23% slower launching of popular webpages by bitdefender. A significant slowdown if I don't say so myself.

Norton slows down the browsing of web-pages on a high end PC by 14%
Test Norton Norton Security 22.12 for Windows 10 (181416)

Avira seems fairly fast here with only 6% slower launching of popular webpages: Test Avira Antivirus Pro 15.0 for Windows 10 (181480)
However Av-Comparatives indicates that Avira has a significant performance impact when downloading files: Performance Test April 2018 | AV-Comparatives
Which is odd, because AV-Test shows that Avira is relatively quick at this, and probably indicative that the performance impact differs from system to system. But this begs the question. If Cylance can match and beat the detection rate of these products without this kind of negative performance impact why use this type of protection at all.

People with high-end PCs, particularly in the enthusiast markets are paying several hundreds of dollars for 10%+ performance. How do you think they feel about losing 14% of that to their anti-malware?

Protecting against undetected malware sounds like the webroot approach. It's not without merit, but I'd much prefer something with a high initial detection rate because I feel like remiditation is a fools game at best. I would much rather be notified post-infection and start over fresh.
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top