Console results are 10/14 before system dropped. Looks like Askalan updated the results to reflect this.
- Status
Console results are 10/14 before system dropped. Looks like Askalan updated the results to reflect this.
if you consider everything is downloaded to the computer and SHP can block them
there is a free alternative = windows smartscreen, which works almost the same as SHP's download reputation checker
https://malwaretips.com/threads/13-08-2018-19.85938/#post-756929
I think you forgot smartscreen. Many people have this tool enabled by default in windows 8 and 10
Cylance support are now aware of it and Threat Guidance team is analysing why it wasn't detected.
- Aug 17, 2014
- 10,176
I'm glad some people here like the samples from today 
The tests are done yet, should be comparable to each other, all tests later always gets better results as @ForgottenSeer 58943 already said.
The tests are done yet, should be comparable to each other, all tests later always gets better results as @ForgottenSeer 58943 already said.
I'm glad some people here like the samples from today
The tests are done yet, should be comparable to each other, all tests later always gets better results as @ForgottenSeer 58943 already said.
That was a heck of a pack for sure!
This missed .exe is also interesting. I wonder what's going on with Cylance.
I might be wrong but Most AV's don't detect malware in archives. A Jar file is just a Java archive. Can an archive if even a Java one cause an infection? I remember Kevin from Bo-Clean says it would not do anything until the archive was unpacked. But like I said, I could be wrong about Java archives.
This missed .exe is also interesting. I wonder what's going on with Cylance.
Based on the VT, Cylance already detects that. So why is it being missed with the Home version!?!?
You tell me.
Reported that one as well and waiting for a more in-depth answer from Cylance.You tell me.
Maybe open a ticket with them. Did they 'reduce' the effectiveness of the home version to reduce the amount of FP's and Tickets they'd generate or is something wrong with it?
I seriously think to open a PayPal account so people will donate for my wisdom LOLI think you should pay Umbra or give the money to some charity.
- Jul 1, 2017
- 1,396
Maybe we can finally stop pretending that enterprise security solutions are superior to home solutions. Home AVs are superior because they have to designed for a far more diverse environments than just a boring office space. Lesson as usual: Stick to AV vendors with a high reputation.
Enterprises solutions ar better not because they detect more but because they usually have more granularity and give more control over the system to lock it.
Enterprise solutions are built more "robust" (more features) and configurable because the risks and threats are much greater than in a home-use environment. The corporate space is anything but boring. They tend to be the most dynamic. If anything would be on the boring side, almost static, it would be a home environment.
Protection and reputation are not linear. Although there is a weak correlation. Product type is a much stronger determinant of protection than reputation.
Last edited by a moderator:
Enterprise solutions are most assuredly better than consumer offerings. Worry Free Advanced is VASTLY superior to Trend Micro Maximum Security in a huge number of ways. Not to mention WFA has a granular firewall control system and IPS, along with much deeper threat detection module configurations.
A few reasons why enterprise solutions are superior;
1) Granularity. Configuration is usually very deep. This configuration allows much higher levels of security in many cases. Home versions are usually 'default', which is the weakest configuration of the enterprise offerings. -Umbra points this out and it's important.
2) Control. Enterprise solutions generally have more control over endpoints. The ability to lock down specific, higher risk aspects isn't unusual in the enterprise offerings but almost always absent from the consumer ones.
3) Threat Detection. As Lockdown notes, the enterprise environment has a much higher threat surface than consumers. You have WAN facing servers, on-prem exchange, SAS/SAN devices, IP Phones (Shortel, Digium, etc). As Lockdown says, the enterprise market is dynamic and intense, while the home market is largely stagnant.
4) Single Pane of Glass management. 'Awareness' of what is transpiring is important. Enterprise offerings usually have a lot of ways to get notifications of problems out to the right people. You'll know instantly when an installed AV quits working or an infection is present in the enterprise realms. Consumer stuff is often operating blind and default.
5) Consumer offerings are almost always the easiest to hijack and most exploits are designed to bypass them. Enterprise grade offerings generally are more hardened, use encrypted communications and update channels and higher grade self protection than consumer junk.
6) Privacy. Generally speaking, privacy is much higher with enterprise stuff. Some of that stuff is designed to be used in facilities where privacy is crucial. As such, logging is almost always off or restricted unless a support enables debugging. Telemetry is bare minimum, and also over encrypted channels.
Absolutely. Reputation and Brand doesn't mean as much as the product TYPE. For example Norton itself is pretty bad IMO. But their SEP offerings when properly configured are quite robust. That SEP firewall alone can be tweaked to block virtually every threat imaginable, even to the point of only allowing through actual ports your businesses need. Trend WF Advanced can be tweaked to high heaven and includes vastly more robust anti-ransomware and machine learning. Not to mention additional protections for deeper business environments.
As a general rule, it's safe to assume any enterprise offering is going to vastly outstrip any consumer offering.
Last edited by a moderator:
I logged into one of my Trend Micro Worry Free Advanced portals. Let's take a look at the BB section alone. Then please, tell me Trend Micro for consumers is going to offer even a fragment of the protection this offers.
- Apr 16, 2017
- 2,094
So I have counted like 4-5 regular users of Cylance commenting, anyone else? Maybe someone out of 800+ MT guests? Don't be shy and chime in, share your experience with Cylance or if you use Cylance Smart Antivirus. All feedback is appreciated, either good or bad.
Well I've been using CylanceProtect via cyberforce for 8+ months, and very light and no issues. I had used CylanceProtect for a few months via malwaremanged on an older pc, and that was not a good fit. I just put Cylance Smart on another pc but it is mostly used by my wife in another location. At first glance after that install did not notice many or any differences between Protect and Smart, but then I've hardly played with Smart. CylanceProtect on my primary box is also behind a pretty secure cisco router with advanced threat protection and voodooshield (home office). It's probably not as light as ForgottenSeer 58943's referenced light combo above, but I do not see any slowdowns. CylanceProtect caught a trojan the other day! must have come in via vpn?? First detection in 8+ months. I have not found a reason (yet) to switch. Prior was using KIS 2017, liked that too, but liking Cylance more, but that's me. I tried DeepArmor and very slow but that was several months ago, not sure what they're doing...
EDIT fwiw appguard is running too. they seem to play well together little or no noticeable slowdown
Last edited:
Tossing Cylance behind an ASA is pretty much what I was saying. I have a few combos of Cylance I really like ranging from lightest and least protective to light and maximum protective.
Config 1 - Cylance+Windows Defender Browser Extension+Syshardener
Config 2 - Cylance+OSArmor+Syshardener+Windows Defender Browser Extension
Config 3 - Cylance+Heimdal+OSArmor+Syshardener+Windows Defender Browser Extension
My personal favorite;
Config 4 - Gryphon UTM+Heimdal+OSArmor+Syshardener+Quad9 DNS on Router (layer after mighty layer)
But I know Cylance is designed to be behind a UTM/NGFW and with other protects in place with DNS, GP's, etc. So I wouldn't even consider running Cylance naked as I have stated because I do not believe it's designed to run naked. But Cylance has proved to be quite protective in enterprise settings from what I have seen, but that's partly attributed to the adjunct technologies in place. (I know I am repeating myself)
For example not a single thing in that last pack would make it through most enterprise setups. The likely attack vector would be email, and a qualified, properly configured antispam/email solution would nail them at the outset. (Trend HES comes to mind) Hence, Cylance is sufficiently good for what it deals with in enterprise. Consumers rarely have outlook installed locally and pinned to an opened up exchange server, so you know, that vector doesn't even exist with Web Mail services who already have robust scanning. Consumers, if they use outlook, have IMAP to their Gmail or something, and already have robust email protection in most cases.
So we need to be aware of vectors, and in most cases for consumers, vectors that don't even - and will never exist.
Last edited by a moderator:
While they are still analysing it, added Heimdal RC to Cylance, and Heimdal nicely intercepts connections to those domains
37.1.218.68:80 (smart.cloudnetwork.kz) POST /t
195.22.26.248:80 (static.apiinformationsec.com) POST /t
212.227.20.93:80 (mel.cloudcontentsmak.com) POST /t
195.22.26.248:80 (nicru.supermicrotransapi.ru) POST /t
Last edited by a moderator:
- Status
Similar threads
