Cylance Smart Antivirus for Home users

I found an AV-Comparatives Bitdefender commissioned Endpoint comparative test that included Cylance Protect that is accessible to all here:https://www.av-comparatives.org/tests/advanced-endpoint-protection-test/ . Note in this test the vendors were allowed to customize settings for max. protection. Cylance was tested with default settings.

Summarizing the test results by category:

Proactive Protection

Cylance scored in 2nd place with a detection rate of 99.5% with 9 false positives. Appears no penalty was levied for FPs.

PowerShell Fileless Malware and File Based Exploits

Cylance with global script blocking policy activated scored 24/25. As AV-C notes, this policy also blocks legit PowerShell scripts. Bottom line - Cylance detection capability in this category is suspect.

Real-World Protection

Cylance scored in 5th place with a detection rate of 99.7% with 12 false positives.

Ransomware

Cylance scored in 2th place with a detection rate of 99.3%​

Since this is Cylance's corp. product, it is fair to assume that the Home product will offer significantly less protection.

 

Cylance Home owners could safely run this test http://metal.fortiguard.com/tests/ and see how it does alone and with supplemental protection.

 

From the link you provided:

• Carbon Black, Cylance, Kaspersky Lab, McAfee and Symantec products were tested with default settings.

What are you basing this assumption on?

You're saying Cylance scored fifth. The top-two products both have 100% detection rate. The next three are tied at 99.7. It's providing the same protection rate as Symantec and Kaspersky, with a higher false-postive rate. If you were going to rank the products based on detection rate in this test it would make way more sense if it looked like this
1st- Sophos, Bitdefender
2nd - Cylance, Kasperksy, Symantec.
etc.,

 

Note that this is an archive detection test only. There is a thread on it here at Wilders.

 

this is an entirely useless test. it's like running eicar's test..

 

Nice find, I did not expect a top tier solution like SentinelOne to be in last place.

 

Does the Home version have the same features and configuration options as the Protect version?

 

It also hasn't scored well on Malware Research Group tests. You can check those out.

 

nope, they dumbed it totally down to 3 options that are presets. i was shocked when i was told.

 

It might not have the same configuration options as the Protect version, but all that means is that they have taken away the granularity of the control options. It doesn't mean that they're not providing a similar level of protection.

 

We'll just have to wait and see if Cylance submits it to the AV Labs for comparative testing of like AV home products which are tested at default settings.

Also of note is Cylance has declined to be tested in MRG's like endpoint comparatives.

 

They're not the only vendor doing that with MRG.

 

Putting aside the AI crap, the first thing anyone testing Cylance Home is to determine how easy it is to put it out of commission. I already mentioned one needs to check if it is is using the Win 10 ELAM driver to launch itself early in the boot as a PPL process. That in itself proves nothing in that WD uses it and can be disabled with a couple of Powershell commands.

 

A user in Mawaretips tested Cylance

"Cylance is decent. But keep in mind it's not going to offer any web protection, exploit protection and firewall/intrusion protection at all."
https://malwaretips.com/threads/cylance-smart-antivirus-pc-mag-review.85288/post-752513

 

said user's word should be taken with a huge grain of salt
he has a weekly favorite product he hypes up then suddenly finds that it's **** and moves on
this week it's Cylance, Heimdal and Sophos
he's still deep in the heimdal plugging, and he started the "**** on it" period with Cylance and Sophos
his previous best products on the world turning out to be the worst: Trend Micro, Fortinet, Bitdefender, Kaspersky, etc etc

 

I understand this, but they should also offer a normal non-web based GUI. It's ridiculous that you have to use a browser to manage this stuff, and I assume you don't need a network connection right? I believe Sophos Free AV also does this, it's a turnoff.

But I wonder, if those AV's are so good then why do they still need the cloud?

LOL, but it does seem like a fair review and he agrees with what you said, it shouldn't be used on its own. But for someone like me it might be enough, because I mostly care about blocking malware on execution, I don't need other bloat.

 

OK I see, but I guess it's not a big deal since there are plenty of other on demand scanners. BTW, can it also work on-demand only or is the real-time protection always on?

 

said user's review is on par with other garbage av test sites.
he was hyping a product how insane it is and how it catches everything, and when someone tried it with actual fresh samples, it failed miserably(Sophos Home)
he's a clown and/or a terrible PR guy that makes people buy whatever he picked that week to talk heaven about.

Cylance might not be enough alone, but sure as hell can detect more than most of the medium tier AVs.

 

What do you think about putting Cylance behind a UTM-Like router as suggested in that thread to cover the web protection, exploit protection and firewall/intrusion protection?

 

Don't know. I would guess that something like Heimdal would be enough in my opinion to cover what Cylance lacks. But to each their own in that matter.

 

Always on as far as I know.

 

I use Cylance with Adguard (paid) and also have WD enabled for the occasional scan only. This gives me peace of mind that my urls are checked and ads blocked. I am happy with this very light set up.
This set up works for me, but everyone is different, so ignore the fanboys and bashers, try your own software and use what works for you

 

Well, you might be right about this, I'm not active on Malwaretips.com, but I noticed he agreed with you about Cylance.

 

Sounds good, I would add Hitman Pro or EEK as secondary on demand scanner just in case.

 

They locked both of those discussions for some reason. Maybe the mods there are gonna add a dedicated Cylance section.