Cylance Smart Antivirus

[illumination]

What is not being understood, is that i am in no way bashing the product, i am actually helping it by stating with good habits it could be used, and the user will just be fine...This got lost in translation i believe.

The base of security needs taught here, discussions for average users need posted as well as having advanced, it needs to be balanced, yet these IT/corporate guys seems to think we should discuss events home users will never see. A new user coming in with very little knowledge does not stand a chance here, they will become confused, try to replicate others, mess up their systems "believe me i have spent time helping in the help sections from users doing just this" and still in the end, utilize poor habits because they know no better, and continue to get nailed and have issues. Should the Advanced/experts have run and say over the entire forum, or should it be balanced for all...

 

[ForgottenSeer 72227]

Thank you @AtlBo , I keep trying to respond smartly but you keep saying it better than I can. I appreciate ForgottenSeer 58943's enthusiasm no matter the topic, it doe's rub off and I have your same level of interest in these promising apps, this is a security forum and must have attractive subject matter for all. Preach safe practices for sure but don't stifle the genuine exchange of knowledge that I and I'm sure others here look forward to :emoji_v:

I don't think anyone is against sharing knowledge or stifling anybody's ability to learn, that' s not what the debate is about. Its ensuring balance of using software and safe habits. illumination brings up many good points! I think what we also have to be mindful of is if we are giving the impression that x product will save you from everything and someone with little experience sees and believes this, then IMO we are setting them up for failure as no setup is perfect. I am in no way bad mouthing Cylance, I am just speaking in general here. Again this is not about suggesting that people cannot try out new things or not be excited about it, it's just realizing that regardless of what you decide to use security 101 still matters, however sometimes it gets lost in these conversations.

 

[AtlBo]

The base of security needs taught here, discussions for average users need posted as well as having advanced, it needs to be balanced, yet these IT/corporate guys seems to think we should discuss events home users will never see. A new user coming in with very little knowledge does not stand a chance here, they will become confused, try to replicate others, mess up their systems "believe me i have spent time helping in the help sections from users doing just this" and still in the end, utilize poor habits because they know no better, and continue to get nailed and have issues. Should the Advanced/experts have run and say over the entire forum, or should it be balanced for all...

Yes, it's really easy for meaning to be swallowed in the black hole of forum language...that's for sure. As for average users, they may not be getting the whole picture on setting up a system like Glyphon or on properly using OSArmor or Heimdal...granted. But, I sense that Glyphon, for example, is a big step forward in price and also in simplicity of use when compared to say Sophos home firewall or other solutions. The software sounds actually learnable, even if not for a newbie or novice. That's to me exciting potential for home users even if only down the line some years.

Your point is taken that the little guy should be a consideration in discussions. That said, for me, @ForgottenSeer 58943 hasn't ever been anyone to care less how the little guy sees things. Also, for the record, I never read anything that would cause me to feel like there was a potential for noobs to find themselves feeling that they should have to duplicate @ForgottenSeer 58943's setup. Again, very good of you to be concerned, however, considering all the investment board members have made in helping others. Just didn't see a threat myself.

Definintely have enjoyed this and the Glyphon thread as much as any two I've run across here at MTs. Not to fanboy any of the products, o/c, just really interested in the notion of the potential of trying a program like Cylance to study the flow of data from the program and study its "Ai" algorithms. "Ai" will only ever be as good as its algorithms obviously. How sophisticated are they really?

 

[upnorth]

First HUB result: https://malwaretips.com/threads/10-08-2018-17.85864/#post-756182

Thanks @RoboMan

 

[Deleted Member 3a5v73x]

They just use slick marketing and tricks in their product to sucker gullible people into thinking it is the next best thing to money.

Could you please be more mature. I appreciate your input, but you pretend to know better how Cylance works than company itself. I understand what you are saying about Cylance and your feelings and protection capabilities towards their products, but you are going personal to it's users now. I am not mentally attached to them nor defending them, but looks like you want another Cylance's thread locked. Some actually wants to learn something about their new product for home users here and read valuable feedback. Thank you. :emoji_pray:

 

[Deleted Member 3a5v73x]

@RoboMan Thanks.

There's an option to initiate manual scan.

Cylance Agent - Advanced UI Mode

Then browse to a folder you want to scan.

 

[artek]

First HUB result: https://malwaretips.com/threads/10-08-2018-17.85864/#post-756182

Thanks @RoboMan

The comments are a little puzzling to me. 15/17 doesn't seem like a bad result when you have products that missed over 6 samples.

 

[Windows_Security]

No matter what happens on a system using any OS or soft, it is always the user's fault. Read the EULA.

Microsoft created the monster that is Windows. Microsoft is the one who made Windows what it is. Therefore, it is responsible for the current pathetic state of affairs. The only way to change that is for users to stop using Windows. Only then will Microsoft take notice and really change things.

Are you serious? If so I will call Lock Down Quichotte from now on

 

[ForgottenSeer 58943]

First HUB result: https://malwaretips.com/threads/10-08-2018-17.85864/#post-756182

Thanks @RoboMan

Good job @RoboMan

It looks like some of those non-detections may be scanners picking up files locked by Cylance awaiting final determination on removal. I've noticed Cylance tends to do this. For example if you take a directory of a couple malware, Cylance will block access to file execution then hide the file. HMP, Zemana and other scanners will show the file still there and the system infected on scan, but the file is actually unavailable.

For example in the console, some of the threats showing up on secondary scans have already been dealt with but were in the determination phase.

kkftrr.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\kkftrr.exe
BWT.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\BWT.exe
svchost.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\svchost.exe
PAYMENTCOPY-KLM33.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\PAYMENTCOPY-KLM33.exe
update.cab.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\update.cab.exe
C:\Users\lab\AppData\Local\Microsoft\Windows\INetCache\IE\817IYXQB\dpd[1].cab
C:\Users\lab\AppData\Local\Temp\$EXEFILE$806472.$EXE_EXT$
C:\Users\lab\AppData\Local\Temp\$EXEFILE$829718.$EXE_EXT$
C:\Users\lab\AppData\Local\Microsoft\Windows\INetCache\IE\S2L0YDI0\dpd[1].cab
data3.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\data3.exe
C:\Users\lab\AppData\Local\Temp\jutdvwwbf.exe
zebiss.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\zebiss.exe
MPUI-Setup.exe
QUARANTINED 8/10/2018
C:\Users\lab\Desktop\17\MPUI-Setup.exe
884.exe
QUARANTINED 8/10/2018
c:\users\lab\appdata\local\temp\884.exe
TemptfZ71.ExE
QUARANTINED 8/10/2018
C:\Users\lab\AppData\Local\TemptfZ71.ExE

But as expected (and feared), Cylance is basically completely oblivious to certain threats. (Scripts - VBA/JAR) and outbound connectivity. But not only that, Cylance completely missed an EXE which it should have gotten. (jutdvwwbf.exe) That seems like a pretty glaring failure when it's really supposed to find all unknown EXE's and nail them.

 

[artek]

Good job @RoboMan

It looks like some of those non-detections may be scanners picking up files locked by Cylance awaiting final determination on removal. I've noticed Cylance tends to do this. For example if you take a directory of a couple malware, Cylance will block access to file execution then hide the file. HMP, Zemana and other scanners will show the file still there and the system infected on scan, but the file is actually unavailable.

For example in the console, some of the threats showing up on secondary scans have already been dealt with but were in the determination phase.



But as expected (and feared), Cylance is basically completely oblivious to certain threats. (Scripts - VBA/JAR) and outbound connectivity. But not only that, Cylance completely missed an EXE which it should have gotten. (jutdvwwbf.exe) That seems like a pretty glaring failure when it's really supposed to find all unknown EXE's and nail them.

Am I the only one not seeing that jutdvwwbf.exe in Roboman's notes?

 

[stefanos]

The comments are a little puzzling to me. 15/17 doesn't seem like a bad result when you have products that missed over 6 samples.

Finally it is not a very bad result but it was infected. Once again the traditional protection paid
kaspersky proved to be fantastic. I would like to see a test from Evjls Rain Avast+syshardener to compare the traditional free combo protection

 

[Evjl's Rain]

Finally it is not a very bad result but it was infected. Once again the traditional protection paied
kaspersky proved to be fantastic. I would like to see a test from Evjls Rain Avast+syshardener to compare the traditional free combo protection

I know it would be protected/clean before the test and it is
https://malwaretips.com/threads/10-08-2018-17.85864/

 

[stefanos]

I know it would be protected/clean before the test and it is
https://malwaretips.com/threads/10-08-2018-17.85864/

i was sure for this result

 

[Deleted Member 3a5v73x]

Any AV tested with SysHardener/OSArmor will do good.

 

[Evjl's Rain]

Any AV tested with SysHardener/OSArmor will do good.

not really, syshardener will block scripts but has zero effect on .exe malwares. If the AV doesn't have good BB, exe malwares can infect easily
OSArmor tweaked can block exe malwares but it has to be set to block unsigned apps => FPs

 

[Deleted member 178]

Exactly what i predicted, i didn't even need to run samples to guess the result. I expected failure against some scripts but the exe one was too laughable, So much for "AI" hype...

 

[stefanos]

Any AV tested with SysHardener/OSArmor will do good.

Maybe yes. But avast+syshardener is two months clean in all tests from Evjls Rain.
It is one of the top protections and free.

 

[illumination]

Scripts and fileless malware, something that has made it by many products. Although these could/may have been intercepted in the correct sequence of obtaining them.

 

[stefanos]

I do a lot of tests on my own computer and I have my opinion about some products. I could not do a test at the forum because my English is very bad. I am not interested to helping a company that is paid for its product. It has its workers, the testers. Let her do her job well.And as this company wants to earn money, so I want to pay less with the best protection. For this I choose cheap solutions or free solutions with better results than them. I write to my forum my opinion. Some may like them some not. We can not all agree. I have not problem .

 

[rsonic]

I'd love to use Avast, but they had to have those shady practices of harvesting information? Even that kerfuffle about the browser extension? Even if I pay for it, I find it hard to trust them.