Discussion in 'other anti-virus software' started by kerykeion, Dec 31, 2015.
Their product seems interesting, shame it's enterprise-only now. Though, I've requested for a demo.
FYI. Some discussion starting here (and following 3 posts):
what is more shameful , is that they gives the demo only to USA-based companies or individuals...
Not sure why you call it shameful. May be restricted licensing issues involved that they have yet to work out.
they are a business , so they need a wide customer base especially if they are new in the market; and it is just a demo (no need licenses) ; how can they sell if the demo isn't available...unless they only need to sell in their home country. i hope they changed that protective behavior. i will try requesting a demo again, let see.
True, with a big but. A lot of the new companies first start in their home country. Then when they go abroad, the need an infra structure in the new area. I'll be surprised if the give out a demo without first being able to talk with you. And once they find out you are an individual as opposed to a business, they might not even give you the demo.
Reason is simple. Support costs make it unprofitable to deal with individuals instead of IT people.
Good example of this is ShadowProtect. Desktop version for one copy is now $99. They are discouraging the home user. Again it's a support cost issue.
you are right on this, but nothing prevent them to warn the individual reaquesting the demo that no support will be offered.
It will cause bad publicity. Warn the customer all you want,when a major problem occurs, then no support = bad publicity.
I've read about it, but if it's really that good, why don't they release a consumer version? They are claiming they can spot about 99% of all malware, but I still don't know exactly how, because they are being a bit vague. And I also noticed that the CylancePROTECT anti-exloit component seems to work about the same as HMPA and MBAE, so it's nothing revolutionary.
Take this with a grain of salt:
Cylance has been tested by AV-Test:
"less than 1% of CPU and require no Internet connection or signature updates."
If this is true the AV signature based industry is dead
IMO this test is a joke, he is using virustotal.... a Symantec employee LOL
What about Deep Instinct, http://www.deepinstinct.com/#/home anyone seen a test or a demo of their product?
Both seem to be using artificial neural networks to predict if a file is malicious. While this is an interesting approach with a possibility good success return, some of their claims seem like word plays in marketing like their software not requiring victims. If the malicious file the user encounters has a similar pattern (for lack of a better word) then the algorithm can indeed detect it before it runs, however, they still need some data to introduce new coding patterns in malware. Wish they offered a consumer version with a trial or some audits from 3rd party labs, at least. The live shows they do, doesn't represent anything for me as you can effect and manipulate the results easily.
PS: I did see the av-test report for Cylance.
Cylance is getting pretty good feedback from Spicework's forum. Basically it's a Webroot type product, works really well.
USA market only , pointless.
Why no use VoodooShield beta 3, it also uses Artficial Intelligence/Machine Learning.
Wow, a thread filled with my biggest fans (sarcastic) .
Here is some info on Cylance... it is now available for non-enterprise users: https://www.wilderssecurity.com/threads/voodooshield.313706/page-400#post-2588256
Cool, didn't even know about this. But I trial version is not available so it seems. Also, I watched some of the videos, and it didn't become clear to me how the malicious files are exactly blocked? Was it by AI, behavior blocker, or policy based anti-exe?
From what I can tell, it is all pure Ai, and it automatically scans the entire hard drive. At first, I was not sure if Cylance was working or not (while it was performing its initial scan), so I decided to execute some malware. I had always heard that Cylance analyzes the files pre-execution, so I figured it would be utilizing some kind of anti-exe as well, but from what I can tell, it is not since the malware was allowed to run. The malware dropped some files, and Cylance ended up detecting them (I believe it caught all of the dropped files). Once the initial scan is complete, I will execute some more malware to see how it reacts... but from I can tell, it is basically a continuous automatic scanner, and very little user intervention is required or possible.
There is also a discussion on the VoodooShield? thread, so we might want to either move the conversation there, unless you guys think it is better to keep it on this thread.
OK thanks for the info, I will also check out the VS thread. If it's really more effective than current AV's it would be a cool thing. The thing is, in the last 10 years I've heard so many companies claiming to have developed revolutionary new anti-malware solutions, that I have become a bit skeptical.
Per the AV-Test comparative previously referenced BitDefender, Kaspersky, Trend, and Sophos all received higher scores.
No thanks on this product at this time.
Description per Cylance rep. from Spiceworks forum:
The core technology works by inspecting a binary pre-execution to determine malicious intent, and either blocking execution or disallowing. We have additional technology that watches memory and running processes to ensure that they are not subject to exploitation via traditional exploitation techniques as well as return oriented programming (stack pivots, etc).
Here's an actual malware report I extracted from Spiceworks.
Following is Cylance Protect's report on why it blocked a particular toolbar application:
•This PE is hiding something in its "relocations" area, and we're not sure what. The relocations area in a PE file is generally used for relocating particular symbols, but this particular object contains something else.
•This object imports functions that are used to list files.
•This object imports functions that can capture and log keystrokes from the keyboard.
•This object imports functions that are used to gather information about the current operating system.
•This object seems to be looking for common protection systems.
•This object imports functions used to access and manipulate temporary files.
•This PE imports functions that can be used to delete Files or Directories.
•This PE imports functions that can be used to spawn another process.
Sure looks like a probability based behavior blocker to me. Analysis ....... "If it looks like a duck, talks like a duck, and walks like a duck ........... Its a duck!" Also explains the high FP rate on the AV-Test report.
Please give link, in particular when quoting.
Link given in reply #11.
Separate names with a comma.