Advice Request Delete From Quarantine In Cylance?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
5

509322

Say what they want but I had false positives with applications like DNS Jumper and uGet Download Manager, something that no other security solution detected.

.000314% = 0.00000314

Evidently, they mean only files force-quarantined and not those that their product rates as UNSAFE but still allows to run while reporting to VT as UNSAFE.

User says "... wut... ?"
 
F

ForgottenSeer 58943

I've only had a couple files show up as possible false positives. To be honest, I couldn't verify they weren't some sort of update channel or back end compromised file so I simply allowed them to be quarantined and moved on from there. Better safe than sorry.

My oldest gamer son reports that a couple games got hit by Cylance. One was a Chinese game, the other a Russian game. I couldn't verify their integrity but they are known games - but knowing Russian/Chinese software prevalence for funny business I hesitantly whitelisted them. The only other thing snagged I can report are a suspicious Python file in Bleachbit (which oddly enough, didn't impact the function of the app but triggered other sandboxes) and some game my son tried to crack and Cylance (rightly so) hit off on the hacked registration modules as they varied from the known entity of the legitimate program.

Smooth sailing otherwise. No more or less false positives than any other product, maybe even slightly less.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
.000314% = 0.00000314

Evidently, they mean only files force-quarantined and not those that their product rates as UNSAFE but still allows to run while reporting to VT as UNSAFE.

User says "... wut... ?"

In my case all files were force-quarantined and there is the bug that the Dashboard doesnt show the quarantined files.

Oh, the horror for the average user ...

Capturar.JPG
 

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Do you think Alan Profazio had an argument with his partner that morning? :) - The files that were quarantined on my system bar one were very old & had been unused for years. I was meaning to have a clear out anyway.
 
5

509322

Oh, the horror for the average user ...

In that regard, Cylance is many, many.................many................ times better than Windows...

And Cylance is nowhere near as bad as some AVs\security softs. Not even remotely in the same class of annoyances and bugs.

The annoying thing is that there is so little for the user to interact with in Cylance, that when something like this does happen it is extremely glaring and annoying,

Cylance has known about these issues since 2016. Evidently the fixes aren't easy ones. Seemingly trivial things are not always easy to fix. But who knows why these things persist.
 

rsonic

Level 2
Verified
Jul 25, 2018
74
In that regard, Cylance is many, many.................many................ times better than Windows...

And Cylance is nowhere near as bad as some AVs\security softs. Not even remotely in the same class of annoyances and bugs.

The annoying thing is that there is so little for the user to interact with in Cylance, that when something like this does happen it is extremely glaring and annoying,

Cylance has known about these issues since 2016. Evidently the fixes aren't easy ones. Seemingly trivial things are not always easy to fix. But who knows why these things persist.

Is that... an Apple AV? Just works? (Except when it doesn't)
 
5

509322

Is that... an Apple AV? Just works? (Except when it doesn't)

At least Cylance isn't the atrocious oinker that Windows Defender is... here piggy, piggy, piggy ! Oink, oink, oink !

So much for Microsoft's Watson Ai\ML... which by the way, as far as Microsoft is concerned, was created with the primary purpose as a money-maker, instead of making Windows Defender "Borg Gen-X Jedi Death Star Killer Star Date 2459.99." I just love when the fanboys and developers spin-doctor Watson to make it out to be a whole lot more than what it actually is. Wait... that's Cylance marketing ! It's funny how the original-original Cylance bashers during 2015\6 now use Cylance-style marketing and spin-doctoring to promote it as an adjunct. Better than a sordid, cheap 1930s cinematic drama. Here piggy, piggy... oink, oink ! :emoji_popcorn:

The only thing really decent about WD is that Microsoft implements fairly good secure code - or so says Tavis Ormandy.
 
Last edited by a moderator:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
OK, I've had exactly 2 files quarantined - the BleachBit Python file that Sly mentioned, and Hard_Configurator. Allowing was easily accomplished through the dashboard by clicking checkmark next to file. I filled in a description of the file, e.g. "This is a controller GUI app for WD..." in the "Allow" form in the interface and voila, both programs ran fine. Nada, nothing since in quarantine and it's running fine here. I read a little about the Advanced UI but haven't explored it because I didn't need to. I'll have to go back and read more stuff on their website. That's my experience so far and I've been satisfied with it. But I'm also OK with hardened WD which runs fine on my machine. I see much handwringing in threads about bugs in other AVs …

Edit: I must have a trouble-free setup because if something breaks, chances are I wouldn't know how to fix it! :LOL: I'm kind of like the blind man tapping to find his way around an unfamiliar place.
 
Last edited:

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Files are force quarantined. And if the file is moved from quarantine and renamed, Cylance changes the file properties such that the file remains hidden and cannot run.

To remove from Quarantine, files must either be deleted by the user manually via the advanced user mode GUI or whitelisted by Cylance support. You don't have to physically submit a file to have it whitelisted by Cylance. Just contact support and they will do it. The disadvantage or inconvenience is the time-delay of the process of Cylance whitelisting the file.

Cylance's argument is that their algorithm has a small number of false positives.They claim "a miniscule false positive rate of .000314%."

https://www.cylance.com/content/dam/cylance/pdfs/white_papers/False_Positive.pdf

Here is a developer's experience trying to get something whitelisted by Cylance - when he is not a paying Cylance client - just merely a guy trying to get his work whitelisted so Cylance won't kill it:



Not an isolated case. Research it.

I propose a new term for these types of products: Consensual ransomware.
 
  • Like
Reactions: oldschool

Cortex

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I had issues with Sophos in not being able to clear the detection & blocked log, (anything actually) so if you accidentally strayed onto a dodgy site such as 'unclotheredgirlswhoarenaughty.con' (not that I ever did of course) the blocked site would remain illuminated for all to see for all eternity & longer in the log.There must be some very pure & very good people working at Sophos. Cylance seem far better :eek::emoji_innocent::eek::emoji_innocent::eek:
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
If they could charge you directly to whitelist files, then they certainly would. Let's say... $1 per file. Don't think that they haven't tried to think up up some "viable" way to do so.
Well if you are not paying for Cylance, can you still get your program whitelisted whether you are a user or a developer? Seems like extortion to me. And their false positives are ruining VirusTotal results across the board. Cylance and DrWeb need to be removed from VT for good.
 

artek

Level 5
Verified
May 23, 2014
236
The two areas Cylance needs to improve the most is the UI and the support. Support being the one I would address the most jarring of the two. I was really not impressed talking to their support crew.
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,043
Did you actually talk to support? I called and was told that phone support was not part of Smart Antivirus, and was directed to website help page and email.
 
  • Like
Reactions: AtlBo and vtqhtr413

artek

Level 5
Verified
May 23, 2014
236
Did you actually talk to support? I called and was told that phone support was not part of Smart Antivirus, and was directed to website help page and email.

No it wasn't the phone support, and I did get the same guy twice in a row, so who knows, maybe just a single bad employee. But I've heard that complaint enough about their web support, that I think they need to hire some better support staff.
 
  • Like
Reactions: Burrito and AtlBo

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Ok, sure enough, Cylance did quarantine a DNS utility I have.

I tried to figure out a way to remove it from quarantine without going into advanced mode with no luck.

OK, I've had exactly 2 files quarantined - the BleachBit Python file that Sly mentioned, and Hard_Configurator. Allowing was easily accomplished through the dashboard by clicking checkmark next to file. I filled in a description of the file, e.g. "This is a controller GUI app for WD..." in the "Allow" form in the interface and voila, both programs ran fine. Nada, nothing since in quarantine and it's running fine here. I read a little about the Advanced UI but haven't explored it because I didn't need to.

It was not immediate, but eventually, the file showed up in the little pop-up used for updates. From there I was able to go to the dashboard and reinstate it without going into advanced mode.

The GUI is a little old-and-clunky feeling... it reminds me of the Revo Uninstaller GUI.

I'm still a little skeptical about Cylance.... but there is enough evidence that it's pretty good at its niche --- that I'll stick with it.
 
F

ForgottenSeer 69673

I don't see the problem with allowing FP's all you do is go to your dashboard and click on your device = your computer name. It shows all quarantined files. click the checkbox next to the file you want to allow and click allow.
I found out today when clicking on some malware links posted here, that when you click on a download file, windows stars downloading it even before you click to download as a partial. Then if you click cancel, Cylance still quarantines the file.
 
  • Like
Reactions: AtlBo and oldschool

rsonic

Level 2
Verified
Jul 25, 2018
74
I don't see the problem with allowing FP's all you do is go to your dashboard and click on your device = your computer name. It shows all quarantined files. click the checkbox next to the file you want to allow and click allow.
I found out today when clicking on some malware links posted here, that when you click on a download file, windows stars downloading it even before you click to download as a partial. Then if you click cancel, Cylance still quarantines the file.

Well, I'd click the files if they appeared there.

And I don't want to be on call to whitelist FPs for my entire social circle with whom I share AV licenses.
 
5

509322

No it wasn't the phone support, and I did get the same guy twice in a row, so who knows, maybe just a single bad employee. But I've heard that complaint enough about their web support, that I think they need to hire some better support staff.

Support is an entry-level, help-desk type position full of recent grads. Companies make people work their way up out of the pit.

That's how support works. And that is because nobody wants to pay for support and support is a high expense.

Pay me $50 per year for support, and if enough parties pay that amount, I will provide you with better support.

Cylance's support isn't going to improve. For the most part, it is the luck of the draw... the support tech that you get on the other end makes all the difference. And most goods ones get promoted up out of the pit.

It's a market reality thing instead of a Cylance thing.
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top