Status
Not open for further replies.

artek

Level 4
no I mean the missed samples were still not detected and the system was still infected. It didn't get worse. More importantly, the tested machine was no longer usable as it was locked with a password => the worst thing you can ask for, no difference from being infected by ransomwares

I just tested it 2 minutes ago, still 7/19, not 10. Just static detections, I didn't execute the samples because the result should be exactly the same as before. Cylance did block something after execution but it missed some and the system was dead
View attachment 196001
If you didn't execute the samples how did the system get locked?
 
  • Like
Reactions: oldschool and AtlBo

artek

Level 4
I did, 3 hours ago
after reading this comment, I executed the sample which locked up the machine and it still did
do you need a video to clarify?
I don't need a video. His test says 7 detections on static and 3 on dynamic, which means 10 total detections, but you've lost those dynamic detections somehow.
 
  • Like
Reactions: BryanB and AtlBo

SHvFl

Level 35
Verified
Trusted
Content Creator
I did, 3 hours ago
after reading this comment, I executed the sample which locked up the machine and it still did
do you need a video to clarify?
IMPOSSIBLE. DId you check if your room temperature was under 25C because Cylance will not perform as it should under those conditions. Please retest if you excited the maximum room temperature. /s

I don't need a video. His test says 7 detections on static and 3 on dynamic, which means 10 total detections, but you've lost those dynamic detections somehow.
Different order and he executed the malware that locks the system before those that don't and get detected?
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
I don't need a video. His test says 7 detections on static and 3 on dynamic, which means 10 total detections, but you've lost those dynamic detections somehow.
I tested everything and I got the same result as you said, 7/10 static + 3 more on execution but still missed everything else. Nothing has changed. 3 days passed
the 7th sample made the system unbootable and it didn't get better

IMPOSSIBLE. DId you check if your room temperature was under 25C because Cylance will not perform as it should under those conditions. Please retest if you excited the maximum room temperature. /s


Different order and he executed the malware that locks the system before those that don't and get detected?
haha, my room temp was 32*C at the time of testing. It should be a cause of this poor results over all testing machines
 

Burrito

Level 20
Verified
Wants to protect everyone under the sun, makes AV only available to US residents... :ROFLMAO:
I don't understand why people are upset it's only available for US residents. If a certain 3 letter agency of a very powerful country in North America gave them the funds to provide it for free to its citizens, then those funds can only be spent on said citizens and residents anyway. If anything this is even more confirmation that they have close ties to a certain 3 letter agency that shall remain unnamed.
Just absurd and ridiculous on multiple levels.
 
  • Like
Reactions: BryanB and Slyguy

askalan

Level 16
Verified
Malware Hunter
I also performed a re-test of the previous pack where cylance only detected 7/19. There was zero improvement from last time. My result was exactly the same as the result in the hub, still 7/19 and the VM was locked up with a password
Thanks for testing it! I had the impression that some people didn't believe me on this test because the result was so shocking.
 

Kubla

Level 7
Verified
no I mean the missed samples were still not detected and the system was still infected. It didn't get worse. More importantly, the tested machine was no longer usable as it was locked with a password => the worst thing you can ask for, no difference from being infected by ransomwares

I just tested it 2 minutes ago, still 7/19, not 10. Just static detections, I didn't execute the samples because the result should be exactly the same as before. Cylance did block something after execution but it missed some and the system was dead
View attachment 196001
That is disheartening for the proponents of AI based anti-malware like myself, what that does is demonstrate is that Cylance is not a stand alone AV solution it should be used as a layer in in a multi-layer scheme just as it is in an enterprise environment.
 
D

Deleted Member 3a5v73x

So what's the verdict on Cylance Smart Antivirus among IT gurus in Malwaretips so far? Or suggestions for those that want to use it?
 
Last edited by a moderator:
  • Like
Reactions: BryanB and AtlBo

askalan

Level 16
Verified
Malware Hunter
So what's the verdict on Cylance Smart Antivirus among IT gurus in Malwaretips so far? Or suggestions for those that want to use it?
Well, I'd say so:
Good:
- average good against exe
Neutral:
- is only an antivirus that comes without internet protection etc.
- price you pay
- large CPU load for CPUs with a small amount of cores and little clock rate
- cloud based
Not good:
- against scripts
- behaviour blocker, which allows a lot of bad things
- the advanced mode, which has important and essential functions is difficult to access and remains active only until reboot
- false positives (?)
- data privacy (?)
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
@Evjl's Rain if the ones executed are fileless malware if I read correctly only CylancePROTECT has memory protection capabilities. Correct me if I'm wrong.
I haven't tried cylanceprotect so I have no idea but somebody said it could protect against scriptors while cylance smart AV is totally useless against fileless malwares
 

cruelsister

Level 36
Verified
Trusted
Content Creator
David- Here's the poop- When Cylance went for funding, they did it at the most opportune time possible- malware was everywhere in the News. Those who actually fund these Startups were just chomping on the bit to throw money at these companies (for a piece of the action- namely some stock). Once the company so funded goes public these initial shares can be then sold to the public at a profit. That's how things work.

Now Cylance was really smart in one respect- they used a bunch of this seed money in self promotion. Obviously it worked as even here this thread is 18 pages long!

But the time has come to call a spade a spade- Cylance Smart AV is a Cloud Antivirus. Period. It is prone to numerous False positives of legit applications and will mark as Unsafe anything packed. And as was shown in the test discussed above, it isn't all too hot on D+1 or newer malware- certainly nowhere near the Time To detection results one can see from something like Kaspersky. In short, it is nothing special at all.

Just remember that although a Company calls a Pig a Lamborghini this does not mean you can expect it to run at 200 mph.
 

Duotone

Level 10
Verified
I haven't tried cylanceprotect so I have no idea but somebody said it could protect against scriptors while cylance smart AV is totally useless against fileless malwares
Here:
https://www.cylance.com/content/dam/cylance/pdfs/business-brief/Fileless_Malware_Business_Brief.pdf
https://www.cylance.com/content/dam/cylance/pdfs/feature-focus/Feature_Focus_PROTECT_Memory_Protection.pdf

Cylance made it clear in naming their product "Cylance Smart Antivirus" its an AV. Period... guess we shouldn't expect much.
 

Robbie

Level 28
Verified
Content Creator
@Evjl's Rain has tested Cylance. @askalan has tested Cylance. I have tested Cylance.

How many tests do you need in order to prove to you that Cylance still needs a hard work to be close to a "perfect solution"? If you find the Hub testing not realistic I suggest you to do your own tests and share them here. We will be surely amazed by your work! :)
 
Last edited by a moderator:
Status
Not open for further replies.

Latest Threads