Ever Heard of Cylance?

Discussion in 'other anti-virus software' started by kerykeion, Dec 31, 2015.

  1. guest

    guest Guest

    That is how it is supposed to be, almost all vendors do this to get beta-testers. Emsisoft, Webroot renew the beta-tester license every year; other gives lifetime license until the tester stop.
     
  2. guest

    guest Guest

    just disable or put on learning mode every softs then reinstall.
     
  3. guest

    guest Guest

    the home user have to rely on Cylance guys for the policies; the user can't do anything, no control at all but read the logs.
     
  4. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    289
    Question for those who have tried Cylance:

    Do they offer a native 64bit version or is it one of those sloppy mixed 32/64bit applications where only the driver is 64bit? :)
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No specific names, but I do remember that AV companies often claimed that they had developed powerful heuristics that could spot most malware, but we all know how that played out. It's still quite easy to bypass AV detection with certain methods. But this new tech from Cyclance does some promising.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Heuristics versus behavior analysis: http://science.opposingviews.com/behavioral-vs-heuristic-antivirus-3122.html
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Hope folks will also post their performance experience with Cylance Home ver..

    In the AV-Test of it, Cylance was the second worst in performance of the products tested with a time of 4 secs.. This was double the industry average of 2 secs..
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    Went through my security logs this morning and did find the culprit stopping me. It was Winantiransom Plus. There was an entry in Preemptive strike section.
    I white listed their program and uninstalled it, then reinstalled it and that worked. Funny thing is I never got an alert from Winantiransom Plus during install on this one. Not liking that much.
     
  10. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    I always appreciate your posts! :-* Overkill...? (me being paranoid on XP :doubt:) I guess those 4 do not seem like overkill here as tried various apps over time, some work together, some don't, AND kis (free license), VS, AG & mbae don't cause my XP any problems, no slowdowns, just hummms along. Cylance with these 4 was fatal, and no clear direction yet where the incompatibility was. MM 1st thought was kis. I suspect AG but had no time for further testing, but may do some this weekend, or not. I've been pleasantly surprised by kis. It was unclear if Cylance was intended as an extra layer or primary protection. I was hoping for happy extra layer.
     
  11. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    I'm sure you are right ref post 27 & polices with Cylance, or inability to adjust. As for kis & AG, I'd been running AG since Dec 2011, and it has played well with other apps. nod32 expired recently, and I had a free license for kis, so installed it. no glitches seen. my 2016 experience with kis has only been positive, so why remove AG if no ill side effects? But I don't disagree with you, and you are deeper into IT than me.
     
  12. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    I saw same here
     
  13. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    That did not work here on my XP
     
  14. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    simmer

    In my case I had to white list the program with the program I mentioned that was blocking it, Then uninstall Cylance, then reinstall it with AppGuard set to allow installs.
     
  16. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  17. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    MM_dan invited me to reinstall cylance, (repeat he also offered a full refund :D) as my first installation was mostly BSODs for 36 hrs, but I thought the culprit was AppGuard, and decided to uninstall AG especially after itman suggested AG was a potential conflict anyway with 2016 kis (although never saw that pre-cylance). The 2d install of cylance went very smoothly. :thumb: The installation itself took about 5 min (not sure what it was doing), no forced reboot!, xp is currently running mbae 1.08 and voodoo 2.86, browser is in sbie. overall no anomalies being seen but it's only been an hour ;) The big test is still coming as I have not yet re-enabled kis. Right now I'd say the xp is a tad more sluggish with cylance and no kis than it was running VS AG kis & mbae and I thought those 4 pre-cylance apps were not sluggish at all. This would be consistent with reports above that cylance performance was on the slow side, but here not so slow to be annoying, just slightly noticeable, and I have the hope that as it learns the system it will speed up :doubt: -- I saw that with trendmicro on my win10 64 laptop. cylance_svc is using 127,000 kb (this is down from 150,000 seen shortly after install) and its UI steady at 42,400 kb. cpu usage is minimal. and this hardware is aged somewhere between 6 to 9 years, so on some of the newer hardware here it might not seem slow at all (but I'm not ready to slap down $60 to put it on another pc yet). Will I intentionally throw known malware at this xp to test cylance? unlikely. When I get new hardware and running VMs I may give that a try.
     
  18. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    yeah, I ended up uninstalling AG (for now). First time, I did config cylance as a power app on AG, thought that might help but for sure I'm no AG guru.
     
  19. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    I can't really tell if cylance is doing anything but it's green "safe" and I set it to show notifications, and so far zero. As for any malware on this xp, I doubt it will find anything... and hope it keeps it that way.
     
  20. guest

    guest Guest

    and honestly you don't need it when i see your setup. KIS + VS is already redundant.

    From how they described their product, you have nothing to do (anyway you can't do anything even if you want); i would throw some malwares to see how Cylance reacts; that is the only thing you can do with it :p
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Download the Surfright exploit test tool and run its tests. You want to make sure there are no conflicts between Cylance and MBAE. Cylance's exploit protection is substandard as noted in the AV-C/MRG test of it.
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Would also like to see how Cylance performs using APTs that deploy Win's own processes against itself e.g. PowerShell, embedded .Net assemblies and utilities, etc..

    Also scripts have been the traditional Achilles' heel for behavior blockers. A packed script that uncloaks in memory would be a good test since Cylance's claims to pre-execute everything.

    Also malware that performs process hollowing coupled reflective memory injection.
     
  23. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Although Cylance will do quite well against normal trojans, ransomware, etc, it does have issues detecting malware compiled with things like secretsquirrel or Ebowla. It excels in catching Powerscript or java malware but leaves a bit to be desired against Python based stuff. But what I found most pathetic was in their recent Dog and Pony show Cyclance was pitted against an essentially Unmanaged SEP using a selected (by C) malware testbed. Needless to say C trounced SEP- but this demo was kinda like challenging a deaf person to a round of Name That Tune.

    And need I even mention malicious macros in Word documents?
     
  24. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    did you people read the white paper posted the blog?
    "Cylance prevented the Microsoft Word RTF (CVE-2014-1761) zero-day malware threat from executing before it was ever observed in the wild—without any foreknowledge. Cylance discovered and quarantined this threat in March 2014, even though it did not appear on malwr.com until April, and even then, was detected by only 4 of 51 antivirus engines."

    https://community.spiceworks.com/pages/cylanceinc

    Math VS Malware is the link in Emily's post.
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.