From the terms, that seems to be a good promo for those that like testing software and providing feedback.
Also, it appears this "free version" would be essentially a beta, am I wrong?
- Status
Also, it appears this "free version" would be essentially a beta, am I wrong?
I setup a couple malware testing stations in my home lab this evening (after replacing my crap Intel Puma7 Chipset Cable modem for a Broadcom Chipset DOCSIS3.1 and upgrading my connection to 1000/1000Mbps) then logged into my corporate Hybrid Analysis account and grabbed 17 of the latest and greatest samples for Cylance to munch on. Just a quicky little test to satiate my curiosity.
Pre-execution Cylance snagged 15 out of the 17, the other 3 were nailed on execution. Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.
Pre-execution Cylance snagged 15 out of the 17, the other 3 were nailed on execution. Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.
@ForgottenSeer 58943 no offense, but the test you did is meaningless for us, why? no mention or hash of the samples, no task manager screenshots; basically you showed nothing.
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.
You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.
You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...
Source?
People that are used to the MT Malware Hub and value proper methodology.
@davisd
i dont know what is your problem with what i say, do you have access to the malware Hub? if yes you would understand what i am talking about.
Malware Hub testers take time and effort to make their test clear and transparent. It is what i meant by "proper" methodology.
i dont know what is your problem with what i say, do you have access to the malware Hub? if yes you would understand what i am talking about.
Malware Hub testers take time and effort to make their test clear and transparent. It is what i meant by "proper" methodology.
Me have access to Google Translate only. Hard to having a time understand, nevermind, appreciate learning things new every days here.
Last edited by a moderator:
I logged everything and have plenty of screenshots. (and allocated enough VM resources, hehe) PM me if you want them, including the hashes, task manager, secondary scans, and SIEM logs. It wasn't an 'official' test, just a quick and dirty one with the latest samples on a fast lab box I setup this evening. When I have more time, I'll post some detailed demonstrations.
Hybrid Analysis themselves? Login to your corporate account there and check the last 17 samples and see the detection rate.
Last edited by a moderator:
Well, you could be a bit more clever about gaming the test beyond a photoshop. Like limiting the performance of the VM to fudge the detection results.
@ForgottenSeer 58943 no need PM me, next time you do a test, just put all the useful infos.
- Jul 1, 2017
- 1,396
Wants to protect everyone under the sun, makes AV only available to US residents...
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
or cherry pick the right samples to fit the "wanted" result. oops i disclosed Test labs secrets
Wants to protect everyone under the sun, makes AV only available to US residents...
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.
Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions.
It sure smells like something a junior marketing intern would cook up more than anything.
- Jul 1, 2017
- 1,396
I think logging user/computer activity without detection is the ONE thing the CIA is great at so that point is moot. The other point that they should be spying on those countries is also moot. They already are. They are probably running the entire internet infrastructure of those regions in exchange for full surveillance and nobody even realizes it.Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.
Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions.
But running such a marketing campaign when they are aware of their reputation and the rumors surrounding the company could have been the brainchild of an intern who thinks it might be best to double down on it.
I think opposite, why risk with the billion dollar company status for a small campaign gain in home user product segment, if someone for real finds out they are violating their own privacy policy and collecting other citizens data and sharing it across the globe in exchange for more sensitive info, or to later use it against US citizens. To me it just proves they have nothing to hide and they are confident about it. I think this is nice 3-month freeway to get some percentage of trust level back in Cylance company itself for US people.
Last edited by a moderator:
I have just finished some tests of cylance smartAV as I just grabbed a free license with the last 2 packs
in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares
I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password
About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it
a hit-and-miss product
in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares
I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password
About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it
a hit-and-miss product
Last edited:
10/19. It detected 10/19. So you're saying that in the intervening days not only was there zero improvement, but the detection rate actually got worse? I'm not really sure how you make a mistake like that unless you never really tested it and you're just rubber stamping his results with a quick glance at the static scan and forgetting the dynamic results.
Last edited:
no I mean the missed samples were still not detected and the system was still infected. It didn't get worse. More importantly, the tested machine was no longer usable as it was locked with a password => the worst thing you can ask for, no difference from being infected by ransomwares
I just tested it 2 minutes ago, still 7/19, not 10. Just static detections, I didn't execute the samples because the result should be exactly the same as before. Cylance did block something after execution but it missed some and the system was dead
- Status
Similar threads
