Cylance Smart Antivirus

  • Thread starter Deleted Member 3a5v73x
  • Start date
Status
Not open for further replies.

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.
From the terms, that seems to be a good promo for those that like testing software and providing feedback.

Also, it appears this "free version" would be essentially a beta, am I wrong?
 
F

ForgottenSeer 58943

Thread author
I setup a couple malware testing stations in my home lab this evening (after replacing my crap Intel Puma7 Chipset Cable modem for a Broadcom Chipset DOCSIS3.1 and upgrading my connection to 1000/1000Mbps) then logged into my corporate Hybrid Analysis account and grabbed 17 of the latest and greatest samples for Cylance to munch on. Just a quicky little test to satiate my curiosity.

Pre-execution Cylance snagged 15 out of the 17, the other 3 were nailed on execution. Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.

Cylance.png
 
D

Deleted member 178

Thread author
@ForgottenSeer 58943 no offense, but the test you did is meaningless for us, why? no mention or hash of the samples, no task manager screenshots; basically you showed nothing.
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.

You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...

Considering some of these have a current 1-5% detection rate from existing antivirus products, that's not bad.
Source?
 
D

Deleted Member 3a5v73x

Thread author
True indeed, I never knew I could learn my cat how to fly if he isn't supposed to by nature, just take him and throw out the window, will report back if he managed to survive.
 
  • Like
Reactions: AtlBo
D

Deleted member 178

Thread author
@davisd
i dont know what is your problem with what i say, do you have access to the malware Hub? if yes you would understand what i am talking about.
Malware Hub testers take time and effort to make their test clear and transparent. It is what i meant by "proper" methodology.
 
D

Deleted Member 3a5v73x

Thread author
do you have access to the malware Hub? if yes you would understand what i am talking about.
Me have access to Google Translate only. Hard to having a time understand, nevermind, appreciate learning things new every days here.
 
Last edited by a moderator:
  • Like
Reactions: vtqhtr413 and AtlBo
F

ForgottenSeer 58943

Thread author
@ForgottenSeer 58943 Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.

I logged everything and have plenty of screenshots. (and allocated enough VM resources, hehe) PM me if you want them, including the hashes, task manager, secondary scans, and SIEM logs. It wasn't an 'official' test, just a quick and dirty one with the latest samples on a fast lab box I setup this evening. When I have more time, I'll post some detailed demonstrations.


Hybrid Analysis themselves? Login to your corporate account there and check the last 17 samples and see the detection rate.
 
Last edited by a moderator:

artek

Level 5
Verified
May 23, 2014
236
@ForgottenSeer 58943 no offense, but the test you did is meaningless for us, why? no mention or hash of the samples, no task manager screenshots; basically you showed nothing.
Next time, please use the methodology and template demonstrated by the Malware Hub guys, at least they give some references.

You know, i also did a test against 25 samples, Cylance fail against everything !!! OMG !!! want a screenshot of Cylance quarantine? gimme 5mn , need to use photoshop... so you see, without references, we can say whatever we want...

Source?

Well, you could be a bit more clever about gaming the test beyond a photoshop. Like limiting the performance of the VM to fudge the detection results.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I just came across an article this afternoon that Cylance is offering a free trial of Cylance Smart Antivirus during the 2018 American election season. Not sure if anyone posted this or not but below is words from their website post.

"As part of Cylance’s mission to protect everyone under the sun, we are making our award-winning artificial intelligence based Cylance Smart Antivirus available at no cost to all campaigns, candidates, staff and volunteers, as well as the American public this election season. Includes a three device free license that expires on November 30, 2018. Available to all residents of the United States and its territories. No credit card required to redeem offer. Valid email address required. " Election 2018
Wants to protect everyone under the sun, makes AV only available to US residents... :ROFLMAO:
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
 
  • Like
Reactions: AtlBo and oldschool
F

ForgottenSeer 58943

Thread author
Wants to protect everyone under the sun, makes AV only available to US residents... :ROFLMAO:
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.

Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.

Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions. :unsure: It sure smells like something a junior marketing intern would cook up more than anything.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Cylance is a pretty quiet little guy and is void of almost any logging to be a secret sauce spy tool that itself would be a pretty gross violation of their own privacy policy and the US Constitution. If the CIA wanted it out there, they'd make darn sure to get it out there in countries where they want it, Baltic States, Asia, Middle East, etc.

Honestly, I think it's a bit more of a mundane explanation.. Since the home edition launched literally a few weeks ago, this is a good promo for it to get a lot of people to see and feel it, then when it expires, to offer a big discount on continued subscriptions. :unsure: It sure smells like something a junior marketing intern would cook up more than anything.
I think logging user/computer activity without detection is the ONE thing the CIA is great at so that point is moot. The other point that they should be spying on those countries is also moot. They already are. They are probably running the entire internet infrastructure of those regions in exchange for full surveillance and nobody even realizes it.
But running such a marketing campaign when they are aware of their reputation and the rumors surrounding the company could have been the brainchild of an intern who thinks it might be best to double down on it.
 
  • Like
Reactions: AtlBo
D

Deleted Member 3a5v73x

Thread author
But running such a marketing campaign
I think opposite, why risk with the billion dollar company status for a small campaign gain in home user product segment, if someone for real finds out they are violating their own privacy policy and collecting other citizens data and sharing it across the globe in exchange for more sensitive info, or to later use it against US citizens. To me it just proves they have nothing to hide and they are confident about it. I think this is nice 3-month freeway to get some percentage of trust level back in Cylance company itself for US people.
 
Last edited by a moderator:
  • Like
Reactions: vtqhtr413 and AtlBo

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I have just finished some tests of cylance smartAV as I just grabbed a free license with the last 2 packs

in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares

I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password

About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it

a hit-and-miss product
 
Last edited:

artek

Level 5
Verified
May 23, 2014
236
I have just finished some tests of cylance smartAV as I just grabbed a free license with the last 2 packs

in the latest pack posted >24hours ago (the rule is to test anything under 24hrs), cylance failed to protect the system and the VM was malfunctioning, fileless malwares took over the VM, process explorer was disabled and could not be opened anymore, system restore was disabled by malwares

I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password

About resource reservation, my CPU and memory usage during the tests were always <20% so cylance should have had enough resource to perform its analysis. My Vm never went unresponsive during the whole test => don't complain about it

a hit-and-miss product

10/19. It detected 10/19. So you're saying that in the intervening days not only was there zero improvement, but the detection rate actually got worse? I'm not really sure how you make a mistake like that unless you never really tested it and you're just rubber stamping his results with a quick glance at the static scan and forgetting the dynamic results.
 
Last edited:
  • Like
Reactions: oldschool

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
10/19. It detected 10/19. So you're saying that in the intervening days not only was there zero improvement, but the detection rate actually got worse?
no I mean the missed samples were still not detected and the system was still infected. It didn't get worse. More importantly, the tested machine was no longer usable as it was locked with a password => the worst thing you can ask for, no difference from being infected by ransomwares

I just tested it 2 minutes ago, still 7/19, not 10. Just static detections, I didn't execute the samples because the result should be exactly the same as before. Cylance did block something after execution but it missed some and the system was dead
Windows 7-2018-08-17-15-01-15.png
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top