Advice Request Delete From Quarantine In Cylance?

[Cortex]

Been using Cylance for a few days & it's amazingly light! it's had a good look round & found some old utilities I have in a software folder than have been flagged as malicious or whatever, the point is I don't use them any-more & never will. They are also cluttering the tray box up & although I can examine then in extreme detail in the dashboard the only thing I can't do it remove them for all time. The dashboard itself is mainly passive with few things you can actually do & the tray box nothing at all apart from switch from events & threats (the same at the moment), a clear data option here would be good. I went off Sophos because the web system on that very was limited. Anyway It's looking worryingly like it's not possible to clear quarantine, I hope it is though. Any ideas please?

 

[vtqhtr413]

I had a similar experience with CylanceProtect, I had downloaded a privacy app called Blackbird before I installed Cylance, then yesterday I sent Blackbird to the recycle bin and Cylance through up a flag telling me it had quarantined Blackbird. I went to the online dashboard and it did show 1 object in quarantine but there was no option to recover or delete it. Oh well didn't want it anyway.

 

[Nightwalker]

I had a similar experience with CylanceProtect, I had downloaded a privacy app called Blackbird before I installed Cylance, then yesterday I sent Blackbird to the recycle bin and Cylance through up a flag telling me it had quarantined Blackbird. I went to the online dashboard and it did show 1 object in quarantine but there was no option to recover or delete it. Oh well didn't want it anyway.

I had the same experience ...

 

[vtqhtr413]

That's the one. The install .exe says CylanceProtect but once installed here it is Cylance Smart AV

 

[Cortex]

So if the files were quite large I'm stuck with them still? & My tray box full of files I never want to see again?

 

[AtlBo]

There is a way to do this, but I can't recall how I did it right off hand. Seem to remember it was very surprising and strange approach...tucked away in the web app. All I can say is click on everything in the web app that is clickable and see what happens. I think you must first be showing a file in quarantine, so maybe I am remembering double clicking on the file? Anyway, maybe that and then try the working links...

 

[Cortex]

I'll contact support I think

 

[rsonic]

I don't think Smart Antivirus is ready for prime time yet. Now it looks like a toned down version of the corp version, and home programs have some different requirements.

 

[ForgottenSeer 58943]

In the web app you can highlight files in the quarantine then select 'Delete' and it will delete them. They'll still show in the log, but once deleted the file won't exist anywhere or take up space. Cylance hides then locks files until final resolution is made, by not waiting for resolution and selecting delete you remove them.

 

[Burrito]

Oh, that's bad. If Cylance is so raw that it traps files with no option to save/delete them, I'll dump Cylance now.

When you go to 'Global Lists' and click on "Quarantined Files" --- you don't get an option to save or delete?

 

[Deleted Member 3a5v73x]

Anyway It's looking worryingly like it's not possible to clear quarantine, I hope it is though.

It is. You must start UI in Advanced mode > right click tray icon > Threat Management > Delete Quarantined.

Cylance Agent - Advanced UI Mode

What happens when a file is quarantined by Cylance Smart Antivirus?

How To Safelist a File

 

[Nightwalker]

It should be possible to recover/whitelist files locally, for example if you dont have access to the dashboard and Cylance had a false positive detection, you are screwed until someone with access fix it for you.

 

[Deleted Member 3a5v73x]

It should be possible to recover/whitelist files locally, for example if you dont have access to the dashboard and Cylance had a false positive detection, you are screwed until someone with access fix it for you.

True, that feature request has been made tho. Hopefully Cylance will look into it.

 

[Burrito]

There is not a way to toggle on 'Advanced Mode?'

Do you have to go through these steps? It's fine.... just a little surprising there is not a more direct way to toggle it on.

To enable Advanced UI mode, follow the steps below:
1. Disable/Exit the Agent UI

• Windows: Right-click the Agent icon (system tray), then select Exit.
• Mac OS X: Right-click the Agent icon (top menu), then select Exit.

2. Open the command prompt, then do the following:

• Windows:
  • Change the directory to: C:\Program Files\Cylance\Desktop
  • Type CylanceUI.exe -a

 

[Deleted Member 3a5v73x]

There is not a way to toggle on 'Advanced Mode?'

Nop, but steps are easy, just Exit client > type in cd C:\Program Files\Cylance\Desktop > enter > CylanceUI.exe -a

Upon next client restart it will revert to Normal, without advanced options.

 

[Burrito]

Nop, but steps are easy, just Exit client > type in cd C:\Program Files\Cylance\Desktop > enter > CylanceUI.exe -a

Upon next restart client will revert to Normal, without advanced options.

Ok, thanks davisd.

 

[ForgottenSeer 58943]

Guys guys... I always run Cylance with the -a advanced mode toggle automatically on Windows startup.

Follow my steps here;

1) Open task manager, go to startup tasks, DISABLE Cylance.
2) Browse to Cylance directly, right click CylanceUI.exe and select 'Create Shortcut'. It will prompt you that it can't create a shortcut in that location and ask if you want to create it on the desktop. Select yes.
3) Right click the shortcut for Cylance on desktop, select properties, change it to: "C:\Program Files\Cylance\Desktop\CylanceUI.exe" -a
4) Hit windows key +R, enter shell:startup
5) This will open the startup directory, copy the cylance shortup into that directory.

Now if you open task manager and go to startup it will have created a SECOND Cylance startup entry next to the disabled one, this one will be your advanced interface option startup shortcut.. Reboot and see for yourself. I've run Cylance with the -a toggle automatically like this for over a month with zero issues.

 

[Cortex]

Thank for that & the effort other members have put in also. I do think it ought to be more simplistic as the Dashboard is password protected anyway, but suggestions can be made so I'll add that. Anyway again thank you. Paul

 

[509322]

Files are force quarantined. And if the file is moved from quarantine and renamed, Cylance changes the file properties such that the file remains hidden and cannot run.

To remove from Quarantine, files must either be deleted by the user manually via the advanced user mode GUI or whitelisted by Cylance support. You don't have to physically submit a file to have it whitelisted by Cylance. Just contact support and they will do it. The disadvantage or inconvenience is the time-delay of the process of Cylance whitelisting the file.

Cylance's argument is that their algorithm has a small number of false positives.They claim "a miniscule false positive rate of .000314%."

https://www.cylance.com/content/dam/cylance/pdfs/white_papers/False_Positive.pdf

Here is a developer's experience trying to get something whitelisted by Cylance - when he is not a paying Cylance client - just merely a guy trying to get his work whitelisted so Cylance won't kill it:



Not an isolated case. Research it.

 

[Nightwalker]

Files are force quarantined. And if the file is moved from quarantine and renamed, Cylance changes the file properties such that the file remains hidden and cannot run.

To remove from Quarantine, files must either be deleted by the user manually via the advanced user mode GUI or whitelisted by Cylance support. You don't have to physically submit a file to have it whitelisted by Cylance. Just contact support and they will do it. The disadvantage or inconvenience is the time-delay of the process of Cylance whitelisting the file.

Cylance's argument is that their algorithm has a small number of false positives.They claim "a miniscule false positive rate of .000314%."

https://www.cylance.com/content/dam/cylance/pdfs/white_papers/False_Positive.pdf

Say what they want but I had false positives with applications like DNS Jumper and uGet Download Manager, something that no other security solution detected.