Cortex

Level 8
Been using Cylance for a few days & it's amazingly light! it's had a good look round & found some old utilities I have in a software folder than have been flagged as malicious or whatever, the point is I don't use them any-more & never will. They are also cluttering the tray box up & although I can examine then in extreme detail in the dashboard the only thing I can't do it remove them for all time. The dashboard itself is mainly passive with few things you can actually do & the tray box nothing at all apart from switch from events & threats (the same at the moment), a clear data option here would be good. I went off Sophos because the web system on that very was limited. Anyway It's looking worryingly like it's not possible to clear quarantine, I hope it is though. Any ideas please? :)
 
Last edited:

BryanB

Level 17
Verified
I had a similar experience with CylanceProtect, I had downloaded a privacy app called Blackbird before I installed Cylance, then yesterday I sent Blackbird to the recycle bin and Cylance through up a flag telling me it had quarantined Blackbird. I went to the online dashboard and it did show 1 object in quarantine but there was no option to recover or delete it. Oh well didn't want it anyway.
 

Nightwalker

Level 15
Content Creator
Verified
I had a similar experience with CylanceProtect, I had downloaded a privacy app called Blackbird before I installed Cylance, then yesterday I sent Blackbird to the recycle bin and Cylance through up a flag telling me it had quarantined Blackbird. I went to the online dashboard and it did show 1 object in quarantine but there was no option to recover or delete it. Oh well didn't want it anyway.
I had the same experience ...

Capturar (1).JPG
 

AtlBo

Level 26
Content Creator
Verified
There is a way to do this, but I can't recall how I did it right off hand. Seem to remember it was very surprising and strange approach...tucked away in the web app. All I can say is click on everything in the web app that is clickable and see what happens. I think you must first be showing a file in quarantine, so maybe I am remembering double clicking on the file? Anyway, maybe that and then try the working links...
 

Slyguy

Level 40
In the web app you can highlight files in the quarantine then select 'Delete' and it will delete them. They'll still show in the log, but once deleted the file won't exist anywhere or take up space. Cylance hides then locks files until final resolution is made, by not waiting for resolution and selecting delete you remove them.
 
D

Deleted Member 3a5v73x

Last edited by a moderator:
D

Deleted Member 3a5v73x

It should be possible to recover/whitelist files locally, for example if you dont have access to the dashboard and Cylance had a false positive detection, you are screwed until someone with access fix it for you.
True, that feature request has been made tho. Hopefully Cylance will look into it.
 
Last edited by a moderator:

Burrito

Level 13
Verified
1536003120963.png


There is not a way to toggle on 'Advanced Mode?'

Do you have to go through these steps? It's fine.... just a little surprising there is not a more direct way to toggle it on.

To enable Advanced UI mode, follow the steps below:
1. Disable/Exit the Agent UI

  • Windows: Right-click the Agent icon (system tray), then select Exit.
  • Mac OS X: Right-click the Agent icon (top menu), then select Exit.
2. Open the command prompt, then do the following:

  • Windows:
    • Change the directory to: C:\Program Files\Cylance\Desktop
    • Type CylanceUI.exe -a
 

Slyguy

Level 40
Guys guys... I always run Cylance with the -a advanced mode toggle automatically on Windows startup.

Follow my steps here;

1) Open task manager, go to startup tasks, DISABLE Cylance.
2) Browse to Cylance directly, right click CylanceUI.exe and select 'Create Shortcut'. It will prompt you that it can't create a shortcut in that location and ask if you want to create it on the desktop. Select yes.
3) Right click the shortcut for Cylance on desktop, select properties, change it to: "C:\Program Files\Cylance\Desktop\CylanceUI.exe" -a
4) Hit windows key +R, enter shell:startup
5) This will open the startup directory, copy the cylance shortup into that directory.

Now if you open task manager and go to startup it will have created a SECOND Cylance startup entry next to the disabled one, this one will be your advanced interface option startup shortcut.. Reboot and see for yourself. I've run Cylance with the -a toggle automatically like this for over a month with zero issues.

Cylance123.png
 

Cortex

Level 8
Thank for that & the effort other members have put in also. I do think it ought to be more simplistic as the Dashboard is password protected anyway, but suggestions can be made so I'll add that. Anyway again thank you. Paul
 
5

509322

Files are force quarantined. And if the file is moved from quarantine and renamed, Cylance changes the file properties such that the file remains hidden and cannot run.

To remove from Quarantine, files must either be deleted by the user manually via the advanced user mode GUI or whitelisted by Cylance support. You don't have to physically submit a file to have it whitelisted by Cylance. Just contact support and they will do it. The disadvantage or inconvenience is the time-delay of the process of Cylance whitelisting the file.

Cylance's argument is that their algorithm has a small number of false positives.They claim "a miniscule false positive rate of .000314%."

https://www.cylance.com/content/dam/cylance/pdfs/white_papers/False_Positive.pdf

Here is a developer's experience trying to get something whitelisted by Cylance - when he is not a paying Cylance client - just merely a guy trying to get his work whitelisted so Cylance won't kill it:

https://www.reddit.com/r/antivirus/comments/6r09o0
Not an isolated case. Research it.
 
Last edited by a moderator:

Nightwalker

Level 15
Content Creator
Verified
Files are force quarantined. And if the file is moved from quarantine and renamed, Cylance changes the file properties such that the file remains hidden and cannot run.

To remove from Quarantine, files must either be deleted by the user manually via the advanced user mode GUI or whitelisted by Cylance support. You don't have to physically submit a file to have it whitelisted by Cylance. Just contact support and they will do it. The disadvantage or inconvenience is the time-delay of the process of Cylance whitelisting the file.

Cylance's argument is that their algorithm has a small number of false positives.They claim "a miniscule false positive rate of .000314%."

https://www.cylance.com/content/dam/cylance/pdfs/white_papers/False_Positive.pdf
Say what they want but I had false positives with applications like DNS Jumper and uGet Download Manager, something that no other security solution detected.
 
  • Like
Reactions: oldschool