Ever Heard of Cylance?

Yes, I read the comments before I posted. Note, I didn't comment on the Symantec test results. Only on Symantec's comment that CylanceProtect appears to only examine PE's.

MalwareTips has a similar CylanceProtect thread going on. Latest there is Managed Malware has agreed to give cruelsister a copy of CylaneProtect to test with no strings attached. So hopefully in the near future we will get some feedback on her testing. Especially about the use of cloud based hash detection by the product. Also, I assume she will with test with some non-PE based malware; scripts, etc..

 

Let see her opinion, if she does it, it will be good for everybody.

 

did we ever figure out if the added memory and app protection cylance offers was used? it sounds like the tests wer done with the basic cylance product. I will have to check out the malwaretips thread also.

 

From everything I have read to date, all vendor x vs. Cylance was done using CylanceProtect exclusively. Note that the product that Cylance submitted to AV-Test for comparative testing was the stand-alone CylanceProtect product. So it would be reasonable to assume for the other vendors to use CylanceProtect exclusively for their cross-comparision testing.

In any case, the Cylance additional add-ons are not available in the home version.

 

thanks for pointing me to malwaretips thread. kinda funny but I have only visited that site a few times. might have to start more now. Yes I am interested to see how CS tests turn out.

c

 

@cruelsister I will say this if you do decide to test CylanceProtect. Unless you can get a copy independently like Sophos, Symantec, and others have, I wouldn't waste my time. You have no way of verifying that the copy you receive from Managed Malware hasn't been altered, etc.. Note that the AV labs always download their test copies from publically available sources.

 

What a shocking video! So Cylance isn't all that after all. BTW, I haven't read all of the thread.

 

you should lol, was very informative

 

I'm not going to lie, it's too much info for me. But perhaps I will read some of itman's posts. But I'm not surprised by the failing of Cylance. Like I said before, for years companies have been claiming to have tackled the malware problem with heuristics, AI and behavior blockers, but none of them managed to deliver. You will always need human expertise.

 

That's why they use the buzzword "AI". AI makes people think of Skynet and Skynet doesn't need malware analysts.

 

itman was managedmalware going to send them the program or just a lic?

"(You have insufficient privileges to reply here.)" MalwareTips

how do I get sufficient privileges again?

 

No idea on both counts. You will have to contact Malwaretips.

 

I signed up there anyway , will wait and see.

 

Cylance vs. APT's
​

CylanceProtect was definitely no match for this advanced persistent threat that was able to disable it, thoroughly debug it, and deduce that the APT was never detected by it.

​

The threat actors realized they were being detected and began to investigate instead of running away. They started by disabling the “Cylance PROTECT” service on the system that was compromised (see Figure 1).

Following eviction and re-entry, CTU researchers observed the adversary collecting information by archiving the contents of the C:\Cylance folder (“temp.log” is a renamed copy of the WinRAR archive utility), apparently in an attempt to determine how they had been discovered. The threat actors used the command shown in Figure 2.

The adversary had apparently reviewed the information collected from the Cylance product and did not find evidence to indicate that they had been detected through that source.​

Ref.: https://www.secureworks.com/blog/detecting-defensive-evasion-with-red-cloak

 

Oh God! Do these people realize that the total views for ALL of my videos is about 0.01% of what I would get by posting a video of my cat using the litterbox?

But seriously, a number of parameters have to be in place before I would even consider it (which I am), but the one thing I must confirm first is that I have to verify that no conflicts, either current or future, exist between where I work now (Finance) and Cylance. The current concern would be the extent of our interest in last month's 100 million USD Series D funding; future concern would be an interest in the inevitable IPO. I'm not trying to punk out- it's just that I have my own politics to survive.

But other than that I will sleep on it tonight (actually Dance on it) and come up with some requirements I need to be in place.

 

CS I hear you load and clear and am sure Dell in monitoring this situation in some way shape or form too. at the very least it may turn out to be a battle between Dell and everybody else court wise. Not many would win in that case. after al like you said Dell might just buy Cylance and just not be simple partners.
anyway hoping you are allowed to test it.

~ Off Topic Remarks Removed ~

 

Im Mod there; for the moment it was just an idea i threw to Cylance, and i was surprised they considered it ; now it is to CS to decide.

About your issue with the forum itself; try to describe it in your presentation post.

 

Actually I remember registering at malwaretips a few months ago and the same thing happened. today when I try log in I site says it can't fine me. That happened last time too. I suppose it could be adguard or something. I check my other security software on this end.

 

@boredog im using Adguard with all stealth mode activated and i have no issue on MT.

 

yes I just checked here too but I don't want to keep posting off topic here but I did send a PM to someone there but since I can not log in, I can not check my inbox. like I said last time I registered , a few days later the site would not accept my username, password.

update: signed up again. my screen shot shows I am logged in. I then went to post in members intros and get same message. (You have insufficient privileges to post here.) I log out and then to log back in and same old same old, doesn't see me.

 

I have never able to make a post at malwaretips but now I get this error. ip banned.
I would take this private but cant upload files. guest

 

Great "history lesson" article by securityweek.com: http://www.securityweek.com/sophos-blasts-cylances-competitive-testing-methods on the Sophos vs Cylance debacle.

The moral from both the Sophos experience with Cylance and the whole history of gaming test results is that the public should be aware of vendors' own tests, and place more faith in independent tests operated under AMTSO overview.
​

Note that most of the major AV labs are now using the AMTSO malware database for test purposes.

 

Adguard stealth mode is the culprit.

 

Maybe you would better try to register again? It seems you aren't registered yet.

 

MT ban IP from Adguard users (maybe related to one of the Stealth mode option), only workaround at the moment is adding MT to the exclusions of Adguard.

anyway it is not the place to discuss about forums login issues, we can do i via PM.

edit: issue fixed , you should login normally