Update Cylance Smart Antivirus

Status
Not open for further replies.
Homepage
https://www.cylance.com
Bundled with PUP
None

askalan

Level 12
AV-Tester
Verified
Joined
Jul 27, 2017
Messages
579
OS
Arch Linux
Antivirus
Isolation
I wrote a subjective post out of anger, for which I apologize. At the first test in the HUB the system was locked by password by a sample and at the second test I didn't record the results correctly, so I didn't publish them. But the system was almost clean (except for remains).

I will learn from the mistakes, so I promise you better testing. Good night to all who go to bed in a few minutes.
 
Last edited:

Azure Phoenix

Level 22
Verified
Joined
Oct 23, 2014
Messages
1,133
Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.
From the terms, that seems to be a good promo for those that like testing software and providing feedback.

Also, it appears this "free version" would be essentially a beta, am I wrong?
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,650
OS
Other OS
I setup a couple malware testing stations in my home lab this evening (after replacing my crap Intel Puma7 Chipset Cable modem for a Broadcom Chipset DOCSIS3.1 and upgrading my connection to 1000/1000Mbps) then logged into my corporate Hybrid Analysis account and grabbed 17 of the latest and greatest samples for Cylance to munch on. Just a quicky little test to satiate my curiosity.

Pre-execution Cylance snagged 15 out of the 17, the other 3 were nailed on execution. Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.

Cylance.png
 

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,270
OS
Windows 10
Antivirus
Default-Deny
@Slyguy no offense, but the test you did is meaningless for us, why? no mention or hash of the samples, no task manager screenshots; basically you showed nothing.
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.

You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...

Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.
Source?
 

davisd

Level 18
Verified
Joined
Feb 2, 2016
Messages
888
OS
Windows 10
Antivirus
Cylance
True indeed, I never knew I could learn my cat how to fly if he isn't supposed to by nature, just take him and throw out the window, will report back if he managed to survive.
 
Likes: AtlBo

Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
18,270
OS
Windows 10
Antivirus
Default-Deny
@davisd
i dont know what is your problem with what i say, do you have access to the malware Hub? if yes you would understand what i am talking about.
Malware Hub testers take time and effort to make their test clear and transparent. It is what i meant by "proper" methodology.
 

davisd

Level 18
Verified
Joined
Feb 2, 2016
Messages
888
OS
Windows 10
Antivirus
Cylance
do you have access to the malware Hub? if yes you would understand what i am talking about.
Me have access to Google Translate only. Hard to having a time understand, nevermind, appreciate learning things new every days here.
 
Last edited:

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,650
OS
Other OS
@Slyguy Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.
I logged everything and have plenty of screenshots. (and allocated enough VM resources, hehe) PM me if you want them, including the hashes, task manager, secondary scans, and SIEM logs. It wasn't an 'official' test, just a quick and dirty one with the latest samples on a fast lab box I setup this evening. When I have more time, I'll post some detailed demonstrations.

Hybrid Analysis themselves? Login to your corporate account there and check the last 17 samples and see the detection rate.
 
Last edited:
Joined
May 23, 2014
Messages
94
@Slyguy no offense, but the test you did is meaningless for us, why? no mention or hash of the samples, no task manager screenshots; basically you showed nothing.
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.

You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...

Source?
Well, you could be a bit more clever about gaming the test beyond a photoshop. Like limiting the performance of the VM to fudge the detection results.
 

DeepWeb

Level 15
Verified
Joined
Jul 1, 2017
Messages
710
OS
Windows 10
Antivirus
Emsisoft
I just came across an article this afternoon that Cylance is offering a free trial of Cylance Smart Antivirus during the 2018 American election season. Not sure if anyone posted this or not but below is words from their website post.

"As part of Cylance’s mission to protect everyone under the sun, we are making our award-winning artificial intelligence based Cylance Smart Antivirus available at no cost to all campaigns, candidates, staff and volunteers, as well as the American public this election season. Includes a three device free license that expires on November 30, 2018. Available to all residents of the United States and its territories. No credit card required to redeem offer. Valid email address required. " Election 2018
Wants to protect everyone under the sun, makes AV only available to US residents... :ROFLMAO:
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,650
OS
Other OS
Wants to protect everyone under the sun, makes AV only available to US residents... :ROFLMAO:
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.

Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions. :unsure: It sure smells like something a junior marketing intern would cook up more than anything.
 

DeepWeb

Level 15
Verified
Joined
Jul 1, 2017
Messages
710
OS
Windows 10
Antivirus
Emsisoft
Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.

Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions. :unsure: It sure smells like something a junior marketing intern would cook up more than anything.
I think logging user/computer activity without detection is the ONE thing the CIA is great at so that point is moot. The other point that they should be spying on those countries is also moot. They already are. They are probably running the entire internet infrastructure of those regions in exchange for full surveillance and nobody even realizes it.
But running such a marketing campaign when they are aware of their reputation and the rumors surrounding the company could have been the brainchild of an intern who thinks it might be best to double down on it.
 
Likes: AtlBo

davisd

Level 18
Verified
Joined
Feb 2, 2016
Messages
888
OS
Windows 10
Antivirus
Cylance
But running such a marketing campaign
I think opposite, why risk with the billion dollar company status for a small campaign gain in home user product segment, if someone for real finds out they are violating their own privacy policy and collecting other citizens data and sharing it across the globe in exchange for more sensitive info, or to later use it against US citizens. To me it just proves they have nothing to hide and they are confident about it. I think this is nice 3-month freeway to get some percentage of trust level back in Cylance company itself for US people.
 
Last edited:

Evjl's Rain

Level 38
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,715
OS
Windows 8.1
Antivirus
Avast
I have just finished some tests of cylance smartAV as I just grabbed a free license with the last 2 packs

in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares

I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password

About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it

a hit-and-miss product
 
Last edited:
Joined
May 23, 2014
Messages
94
I have just finished some tests of cylance smartAV as I just grabbed a free license with the last 2 packs

in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares

I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password

About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it

a hit-and-miss product
10/19. It detected 10/19. So you're saying that in the intervening days not only was there zero improvement, but the detection rate actually got worse? I'm not really sure how you make a mistake like that unless you never really tested it and you're just rubber stamping his results with a quick glance at the static scan and forgetting the dynamic results.
 
Last edited:
Likes: oldschool
Status
Not open for further replies.

Similar Threads

Similar Threads