Yes, it appears that Cylance is quite good at pointing out Windows "vulnerabilities" such as this 2015 instance: In a statement provided by Microsoft and attributed to a company spokesperson, Redmond confirms the flaw but says that it's not necessarily a new kind of attack, but mostly an old technique that involves users and lures them into clicking malicious links. Indeed, Cylance said in its original report that users would have to click a malicious link sent by the attacker in order to have their computers exploited, but it explained that usernames and passwords would be stolen after authentication is performed in the background without any other prompt displayed to users. Microsoft, on the other hand, says that users are at the core of this exploit and explains that, without their input, no such vulnerability would be possible. The software giant, however, hasn't provided any information on a possible patch to address the flaw, but this is expected to be launched next month as part of the Patch Tuesday rollout. “We don't agree with Cylance's claims of a new attack type. Cybercriminals continue to be engaged in a number of nefarious tactics. However, several factors would need to come together for this type of cyberattack to work, such as success in luring a person to enter information into a fake website. We encourage people to avoid opening links in emails from senders that they don't recognize or visiting unsecure sites,” a company spokesperson said. Ref.: http://news.softpedia.com/news/Micr...e-Responsible-for-Their-Security-478349.shtml I will stick with the AV-C/MRG findings from the previously posted link: Among the missed samples are Metasploit exploits with in-memory Meterpreter, Dridex financial malware, in-the-wild exploit (malvertisement) and Sandworm Office exploit.
Ya I get invites all the time from Rapid 7 to attend their online webinars but they always hold them on a Thursday in the mid afternoon while I am working Lots of software developers here uses their exploits to test their software.
I guess it is good enough for Dell!!!! this article is from Nov 2015 and so Dell is most likely using it by now. " partnership announced by Dell on Tuesday shows how cybersecurity defenses are evolving, which could have wide-ranging effects on vendors like Symantec, McAfee and Trend Micro. The PC giant has partnered with Cylance, an Irvine, California-based company that specializes in detecting and blocking attacks on endpoint computers. Early next year, Dell will wrap Cylance’s Protect product in its Data Protection Endpoint Security Suite, said Brett Hansen, Dell’s executive director of data security solutions. The suite is an integrated package with encryption capabilities, authentication features and malware detection." http://www.pcworld.com/article/3005...-doubt-on-traditional-antivirus-programs.html
Some background info on Cylance I picked up from a bleepingcomputer.com forum posting: Cylance was started by former McAfee executive Stuart McClure in 2012. The company has since been in stealth mode, though it has previously talked about some of its products. It officially announced its board members today, including Stewart Baker, formerly of the National Security Administration, and former chief information security officer for the CIA Robert Bigman. Earlier this year, Cylance -- creator of an endpoint intrusion detection system used by Dell, among others -- signed a strategic investment and technology development agreement with CIA's In-Q-Tel. "The partnership is intended to simplify the review process for intelligence agencies seeking more effective endpoint security technology for preventing the success of today's new breed of cyberattacks. The investment does not restrict Cylance's business or technology in any way," said Stuart McClure, founder and CEO of Cylance. Fireye is also a CIA/NSA entrenched company. CIA's investment wing (In-Q-Tel) also helped fund Fireye. I'd avoid anything with even a casual link to any of the intelligence firms. Unit8200, NSA, CIA, DISA, etc. Bluecoat, Checkpoint, Palo Alto are also Unit8200 firms. Lookout Mobile Security, Fireye, Cylance, etc are CIA affiliated (in some way, small or large) firms. Especially after the Snowden revelations, but even before that part of our vetting process was to ensure no spooks or ex-spooks held higher level positions in the firms we used and they weren't funded in any way by them. Sometimes you need to browse the SEC disclosures to find this information but I believe it's prudent to do so. Ref.: http://www.bleepingcomputer.com/for...ategy-trend-cylance/?hl=+cylance#entry4003444
itman I understand your concerns but why would not gov agencies use the best? They sure don't be doing so well at present. The Chinese, Russians, Koreans, thieves are hacking into not only gov sites but banks, big business ect. I predicted this years ago right here at Wilders. We all know all big software companies are tied to those gov agencies you mentioned even though they are not admitting it. What is the buzz word today? oh ya transparent. Ya that's it.
update of my cylance experience. The short answer is that cylance is no longer installed on XP, and I do have my $60 back mm_Dan & Joel, were friendly, timely & helpful. follow up to 2d install, I had one BSOD after +100 min (not caused my kis, but then 32 hrs of running aok and fast (it sped up) followed by an unattended BSOD at 8am: unexpected_kernel_mode_trap. Even though cylance was running mostly smooth, and MM reported I was fully protected, and although I was connected to cylance servers inbound, I was NOT connected to MM servers outbound, they could not see me, so they could not "manage me", they said that's not possible, so I sent MM my cylance debug logs, MM sent them to cylance techs. They had me do some registry edits, but then the cylance service would not restart, then they said there was some snafu with .NET framework () , and MM said to just uninstall & reinstall (the 3d time). Tried to, but this time it did not install at all, even to the cylance servers. I suspect cylance techs blocked my token password to avoid wasting their corporate time. All ok, I learned a little, got money back, removed AppGuard as redundant. And the XP is rocketing along aok with 2016 kis, VS 2.86 & mbae. I would try cylance again in the near future, but probably not on this XP, although overall, the outside management of the app is more of a buzzkill than a plus (for me).
This reliance upon outside services/cloud/etc. is one of the things that concerns me the most with modern day, next-gen AV.
simmer I know I should not ask but are so many people still die hards and still using XP? Their are scripts for turning off windows spying that I have posted here as links for Win 10. These are besides the check boxes MS provides to supposedly op out of many things.
I totally agree, especially if the device is infected and cannot access the internet... that is a huge problem. As far as I know, the only alternative is to store the data on the end point... I mean, the data has to be stored somewhere. My guess is that, just with everything, there is a happy medium . Edit: BTW, from what I understand, Cylance does not depend on the cloud, and they actually encourage their users to disconnect and scan. Just looking at their software, I am certain that their algorithms are on the endpoints, which is cool, because it is a backup just in case the endpoint cannot connect.
As far as I am aware of, most major AV's only rely on the cloud for reputation validation activities for unknown/untrusted processes. And many provide local blacklists that they employ for like processes until a determination can be made as to trust worthiness.
Before uninstalled, cylance had 3 large files on hdd, probably more mb than typical av database that I think are algorithm files. Supposedly no need to be connected online for cylance to operate correctly, but... mm wants the ability to monitor your box. the addition 1+1 did not seem to quite equal 2 but in less than obvious ways. "the mistakes machines make are so subtle" (slipped into movie_mode for a second "Fail-Safe 1964 ). Supposedly only need to be online a few times a year for cylance to update its files. I think a cylance paper said something about it checking 7 million characteristics of a file to make its +/- decision. (how many flops is that?) VS_dan, with no management console, I'm 99% sure there was no scan feature with cylance on XP. It scanned in real-time whatever was opening, being used... A solid are green test for 32 hrs! you can also run cylance cmds. boredog, you asked "... but are so many people still die hards and still using XP?" you meant, why are so many, or are there so many?? I've read a lot of corps still run XP. Surprised me, I think they're cheap and XP works (unless it doesn't). As for me, No. 1, I'm lazy (or I work too hard during the day), (the box I really depend on is linux) & the XP normally works 5x5 here, and I know every file that runs, every hiccup, I have the sense that I know it very well, can make it do what I want, normally, as opposed to the pc running you, and I have the illusion that I'm fairly well protected. Lastly, my wife runs financial software from 20 years ago, I've told her... I ran w2k well into the XP era, until folks reported w2k code had been broken. Haven't heard that yet for XP but I could be wrong. I don't mind at all for paying for good software, I'm not a big fan of paying for redundant software. I use w7 during the day, I'm not sure that I can do any more on w7 than on XP other than run VS_3.xx beta how's that question any different than why does my boss run w7 when he could be running w10? Having said all that, I expect I'll replace this XP box with new hardware and better ability to VM.
This suggests that Cylance is building an existing process profile and storing it for baseline reference. Most of the AI behavior blockers do the same. Profile database is most likely initially populated during that first long scan after it is installed. Thereafter, only new processes need to be added to the profile database.
I read this differently. Cylance directly from Cylance: not for consumers Cylance Protect from Malware Managed: for consumers, but not aimed at those who want to access settings and adjust policies and the like.
They said it clearly , you have absolutely no control over the program , just the right to read the events logs. All is managed by Cylance's techs ; so you have to rely on them. So a useless program for people like us. imagine it as Symantec EP managed but not by you but by Symantec....
I did not have that much time running cylance, but it does keep a cache file in \windows that changes its hash regularly, normally I rarely reboot, but at the time XP was BSOD'ing and on reboot I'd get a file report and only cylance file changing was its cache. IIRC what appeared to be the algorithm files (3) were each about 150 mb. I heard that mm had "managed" just 1 XP, mine, but rumor is hundreds of Win10 and thousands of Win7. mm invited me back to reinstall cylance on my XP, claim they figured it out . I was considering trying on my w10x64 laptop ? I read a blurb that Bitdefender paid av has some algorithm feature, but don't know if that's Ai or anything like cylance. And yes mm manages it, I had not control other than I think I could turn it on & off IIRC, and even when it did install correctly, and was reported running correctly fully protected, all green go, mm was not getting the poop from my XP, and mm was getting tech support from cylance, finally at mm suggestion I uninstalled shortly after the last BSOD.
Other AV vendors have incorporated AI technology at various levels in their behavior blockers and heuristic engines. Symantec for example uses AI algorithms in their Sonar protection: Symantec one of the biggest security products provider in the world has developed STAR (Symantec’s Security Technology and Response) which has an engine, called SONAR, a core part which scans and detects the malware. SONAR system uses artificial Intelligence-techniques to learn the difference between good and bad applications. It look for sequences of suspicious behaviors in running programs that are uncharacteristic of legitimate software; when SONAR observes such a suspicious sequence, it can terminate and remove the offending program immediately, without any virus fingerprints Ref.: https://www.linkedin.com/pulse/fighting-virus-malware-artificial-intelligence-sugandha-sharma My personal opinion is the retail versions of these vendor products are better suited for the home user. They offer additional signature and reputation based protection as a backup without requiring any special configuration by the user.
BTW is any of you are using this product and want to turn Windows Defender back on, This is how it worked for me on Windows 10. From admin command prompt type CD.. CD.. C:\cd Program Files/Cylance/Desktop C:\CylanceSvc.exe /unregister
Here's a more recent reference for you: Our SONAR system uses artificial Intelligence-techniques to learn the difference between good and bad applications. To train SONAR, our engineers have provided the system with almost 200 million different behavioral profiles of both good and bad applications. SONAR then learns how to differentiate between legitimate and malicious behaviors on its own, enabling it to identify new threats based on past experiences. The system monitors nearly 400 different behaviors to make its classifications, enabling it to quickly spot malicious actions and remove bad applications before they can do damage. Ref.: https://www.symantec.com/about/corporate-profile/technology/security-tech-response
Have no clue. Nor do I care to know. Point was to show that other vendors employ AI technology; not how effective they are in using it. However as previously noted, there have been two labs test of Symantec vs. Cylance and Symantec scored the highest in both tests.
itman I was one of the original Norton fan boys here One of the original Norton testers here and so I wont argue with you on that point. What I would like to know is why did Dell go with one and not the other? was it competition?
This might explain your question: After investing in the startup earlier this year, Dell revealed Tuesday that it has teamed up with Cylance in an exclusive partnership to integrate its next-generation endpoint security into the Dell Data Security solutions fold. Ref.: http://www.crn.com/news/security/30...nce-for-next-generation-endpoint-security.htm
