Cylance Smart Antivirus

  • Thread starter Deleted Member 3a5v73x
  • Start date
Status
Not open for further replies.
D

Deleted Member 3a5v73x

Thread author
How many tests do you need in order to prove you fanboys that Cylance still needs a hard work to be close to a "perfect solution"? If you find the Hub testing not realistic I suggest you to do your own tests and share them here. We will be surely amazed by your work! :)
Who exactly are fanboys of Cylance? Does asking a question about product momentarily makes me placed in a fanboy list? If it is like that, I understand. I thought it would be interesting to read different opinions. :emoji_disappointed:
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
I haven't tried cylanceprotect so I have no idea but somebody said it could protect against scriptors while cylance smart AV is totally useless against fileless malwares

@mekelek, was testing CylancePROTECT in the hub back in April-May of this year. He first started testing it without the policy enabled for

Block script threats and instantly terminate
Block and instantly terminate upon memory threat triggers
Block and instantly terminate upon file threat triggers


CylancePROTECT seemed to test poorly before he enabled these in his policy. Afterward Cylance seemed to improve but obviously not perfect.
 
F

ForgottenSeer 58943

Thread author
I'm setting up to test it again. Hope the CPYOU is enuff.

cylance.png


I said day one - pair it with adjuncts and move on. You'll be safe. Anyone can construct bypasses for anything on Windows but the chance of delivery on normal home users is virtually zero as the normal vectors those threats use aren't present. Testing tends to remind me of lock/lock picking aficionados where they rip apart supposedly unpickable locks under ridiculous synthetic situations, then claim the locks suck. Many know better.

The very nature of some here calling people fanboys is not only trolling, but it sets up the premise that the tests may not be completely unbiased. Anyone involved in testing and engineering (as a profession) knows about bias result constructs and selective omissions.

I won't needlessly defend Cylance from all manner of tests, results or opinions because I already said you should pair it to deal with vectors. But I feel that way about all solutions. We must realize that there are many things one must evaluate when deciding on a solution that works for you. Some people demand lightweight, some go for looks, others go for functionality and a couple use Comodo no matter what. :p
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Some people demand lightweight, some go for looks, others go for functionality and a couple use Comodo no matter what. :p

Funny to me that the best/most interesting way I can think of at this point to use Cylance a-v at home (without adding other h/w and/or s/w) is to add it with Comodo to use it in place of Comodo's missing Viruscope.

Seriously, my impression is that it might turn up interesting things, which is great :), but that makes it more like Heimdal for the kernel than an a-v. On the other hand, I can well see the value of running Cylance on a network that is properly configured and monitored, set up with the proper policies etc. Where script is confined by policy, Cylance is basically just noting interesting activity that the others don't detect as potentially dangerous.

For home users, I think Cylance might have a bigger challenge, because home users have to be the IT staff themselves, while they tend to know little about the subject. Pairing C-L with OSA still sounds kind of interesting for that situation, but for overall protection, I probably still want Comodo there too, because the protection scheme seems to match best with what Cylance does. I have a PC that I might try this combo on. For now, it's just running Comodo Firewall...
 
D

Deleted member 178

Thread author
How many tests do you need in order to prove you that Cylance still needs a hard work to be close to a "perfect solution"?
Cylance is overrated (because of its over-biased marketing) and doesn't perform better (or badder) than a classic AV, no need 18 pages and dozen of tests to verify; at page 1, me , @cruelsister and some predicted the fail, it happened as expected.
Cylance Smart AV is a stripped version of CylanceProtect, so those with a bit of knowledge about Cylance didn't expected miraculous results.
 
F

ForgottenSeer 69673

Thread author
I installed it last night and this morning I did a static test on about 40 samples. I had also installed Kaspersky cloud AV.
Kaspersky caught all but the 6 cylance caught. It appears to work like Protect. The files remain after quarantine but are not clickable or accessible.
There was one exe that neither cylance or Kaspersky touched. Later When I get back, I will send that sucker to VT and see if anything flags it.
 
5

509322

Thread author
Cylance causes controversy, like I posted earlier, not necessarily because of the product itself, but instead because of what the people running the company have done and continue to do.

A lot of people will continue the backlash against Cylance as a matter of principle. And those people do not care about whether or not a few security soft geeks are trying to evaluate the product and what the results might be.
 
F

ForgottenSeer 58943

Thread author
I installed it last night and this morning I did a static test on about 40 samples. I had also installed Kaspersky cloud AV. Kaspersky caught all but the 6 cylance caught. It appears to work like Protect. The files remain after quarantine but are not clickable or accessible. There was one exe that neither cylance or Kaspersky touched. Later When I get back, I will send that sucker to VT and see if anything flags it.

Cylance seems to hide+lock threats until full qualification is made. Once it's determined (fully) to be malicious, then it's purged. If it is determined safe, or you allow it, then the flags are removed and Cylance unlocks the file right back where it was. This is also why testing must be carefully conducted as many on-demand scanners will detect those benign hidden+locked files as being actual malware sitting there. You can demonstrate this for yourself, download malware, wait for Cylance to lock it for qualification, then scan the folder with HMP or Zemana, the malware will show up as being there. Don't trust secondary scans without manually inspecting the folder each time (AND the temp folders, etc) to make sure the file is actually there, in many cases, it won't be but those scans make make you think the machine isn't clean. I've noticed on 'tests' that secondary scans showing an unclean machine are actually files that are contained but have flags, and still show up on secondary scans. A hit and quarantine, reported as a miss.

Just absurd and ridiculous on multiple levels.

Cylance234.png
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
Cylance seems to hide+lock threats until full qualification is made. Once it's determined (fully) to be malicious, then it's purged. If it is determined safe, or you allow it, then the flags are removed and Cylance unlocks the file right back where it was. This is also why testing must be carefully conducted as many on-demand scanners will detect those benign hidden+locked files as being actual malware sitting there. You can demonstrate this for yourself, download malware, wait for Cylance to lock it for qualification, then scan the folder with HMP or Zemana, the malware will show up as being there. Don't trust secondary scans without manually inspecting the folder each time to make sure the file is actually there, in many cases, it won't be but those scans make make you think the machine isn't clean.



View attachment 196009
the last lines are true..MBAM and many SOS flagged scheduler tasks by malware with out anything inside that folder ..they are 0 bytes..
which indicates too rigid blind signature based detection..MBAM especially oh god!!
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Final Version of the Software. You acknowledge that any Free Software may contain features, functionality or modules that will not be included in the final production version of the Software. Cylance reserves the right to change, modify or discontinue functions or features of the Software in the final production version.

Does this mean that the temporary free promo version is actually a beta?
 
F

ForgottenSeer 58943

Thread author
Beta? Possible.

But getting it out there into millions of hands = brilliant for increasing the data fed into their AI/ML systems though. What do you think the purpose of FortiClient for Free is? Not generosity. Avast/AVG does this but for advertising/telemetry/datamining. :D
 
Last edited by a moderator:

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
<Mods please delete this comment>
 
Last edited:

artek

Level 5
Verified
May 23, 2014
236
Paywall goes down, have it at boys.

Election 2018

Also.. I have some news about Askalan's hub testing of Cylance that should be reported here but I hestitated as I do not like controversy. The poor results were a VM issue. (I discovered his VM was configured with too few resources to conduct a test) Once corrected, Cylance scored 100% on the last pack. Hopefully Askalan will weigh in on this.
I tested everything and I got the same result as you said, 7/10 static + 3 more on execution but still missed everything else. Nothing has changed. 3 days passed
the 7th sample made the system unbootable and it didn't get better


haha, my room temp was 32*C at the time of testing. It should be a cause of this poor results over all testing machines

I'm kind of confused here. How are two people doing the same test and getting completely different results?
 
F

ForgottenSeer 58943

Thread author
If one is obsessed with every new burger in the market then it is a disease.

You're right. We should all just use F-Prot or VBA32 and stop being obsessed with new security software. Heck, we should all use flip phones, wear bell bottoms, drive our cars from highschool, and game on Commodore Vic 20's.. It's a disease to not be this way.

We should probably focus on positive, beneficial discussion. Not attacking people in the thread and in some cases, others exhibiting an almost uncanny bias. It's rather unbecoming IMO, but I hope the thread doesn't get locked and maybe people can tone it down.
 
D

Deleted Member 3a5v73x

Thread author
Final Version of the Software. You acknowledge that any Free Software may contain features, functionality or modules that will not be included in the final production version of the Software. Cylance reserves the right to change, modify or discontinue functions or features of the Software in the final production version.

Does this mean that the temporary free promo version is actually a beta?
I think it's refference to accounts/trials like this USA 2018 election campaign, because "Buy Now" button doesn't work in those accounts.
cyl.PNG
 

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
You're right. We should all just use F-Prot or VBA32 and stop being obsessed with new security software. Heck, we should all use flip phones, wear bell bottoms, drive our cars from highschool, and game on Commodore Vic 20's.. It's a disease to not be this way.

We should probably focus on positive, beneficial discussion. Not attacking people in the thread and in some cases, others exhibiting an almost uncanny bias. It's rather unbecoming IMO, but I hope the thread doesn't get locked and maybe people can tone it down.

I never attacked anyone here. I only expressed my opinion and you made a weird indirect reference to my comment and later you edited your post to something else to cover it up.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I'm kind of confused here. How are two people doing the same test and getting completely different results?
he doesn't have the samples so he couldn't test it. He just assumed after the VM resource is corrected, cylance would get 100% => which is completely wrong
cylance smart AV doesn't support fileless malware protection (as tests have shown so far, not sure how it will change) so it is impossible for it to get 100%
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top