Cylance Smart Antivirus Review | Tested vs Malware

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to the PC security channel today we'll be taking a look at silence which is one of the new AI driven threat protection engines next-gen a V's whatever you like to call it and it's owned by blackberry apparently despite the fact that I get quite a few requests to test products like these I usually don't do it because there isn't an easy free trial that they provide however in this case one of my subscribers reached out to me and gave me a copy and really wanted to see a tested so I was like fair enough let's let's give it a shot so as usual I've loaded it up on my VM one of the first things that surprised me about this product was how simplistic it is like it literally just has this one small window that says silence smart antivirus and that's basically it threats events that is all you get on the local interface now it does have a dashboard which is separate however I cannot really show you that because I believe you need a separate account for that since I did not buy this myself I don't think I can log in but the product is installed and it's fully functional so that's all we need for the test the only issue I can think of is that I can't really disable it in any way so we'll just have to drag our Falls in and see what happens for this test I have a new collection of classified malware that I grabbed a few minutes ago we have 1536 items so around about 1500 that's what I'm aiming for these days it's large enough to give us an accurate detection ratio but small enough that the test doesn't take forever now if we take a look 15:35 it always says one more when it's moving because it counts the folder as well so one of the first things we figured out is that it works entirely on execution which is nice I mean that's the way I kind of like it these days which also means we should have no trouble with Malick's unless it decides Malick's is malicious and tries to terminate it like BitDefender did in my last video for those of you who are new to the channel Malick's is a little script I used to run all the files in the folder one by one start each process as a new thread it's essentially a way to automate running all of these files so we can see how the product performs proactively Malick's also automatically tells us how many files are blocked which is great so we're gonna say that real-time protection is turned on as it is by the way for those of you who are curious about the Netflix dot exe thing that's just a ransomware I tried to load just to make sure that was working so it's not like a false positive or anything you've started with the toast so far it seems everything has been blocked we're starting to get notifications now about Falls being quarantined the test is also running at a very steady pace so that's something that's good to see we've had no hiccup so far and if we opened task manager fairly low CPU usage Sullins taking up 11% that's not too bad I'm guessing most of the processing is taking place in the cloud on their servers which is why we're not getting a lot of activity here I did notice the CPU spike there and went up 200% for a few moments but it's likely more just a malware trying to execute then silence being too much of an issue here the process also seems entirely automated so far I haven't gotten any actionable alerts looks like we have a setup application that went through I'm just gonna go ahead and install it huh seems part of it was blocked half a couple of pages trying to load then nothing significant so far more files being quarantined to be honest I'm kind of pleasantly surprised by the high detection so far partly because a lot of these samples do include PPS something that you should always note when talking about AI products obviously or any AV product in general is also the false positive rate which is something we'll talk about a little bit later once we're done with the initial part of the test but that will tell us how accurate these detections actually are or if they're just blocking pretty much every executable file now I have made a separate video talking just about white listing solutions and what I think about them I highly recommend that you check that out TL DR if you're not detecting malware if you're not differentiating between malware and legitimate applications it's kind of pointless Windows UAC does that anyway like warns you when something wants elevated privileges I don't think that's a great model for an AV application I think an AV application should be able to accurately distinguish between malware and legitimate programs that's what you're running it for whether or not silence does that we will figure out once we are done with the false positive test but at the moment it seems like at least when it comes to blocking malicious files it's doing that part quite well now I'm noticing that silence seems to be taking up a lot of memory I'm guessing that's because it's trying to cache some of the files or maintain some kind of a database while communicating with the cloud servers it shouldn't be an issue on any modern system though 350 megabytes is really like that's cents in pennies in 2019 I just thought it was an interesting observation to make in terms of how the program operates but in terms of resource usage you should totally be fine the main thing is it's not hogging the CPU too much even when it stacks and it has to do a lot of work the system is fully operational so it's not poorly designed in that sense also in case anyone's curious the system we're running over here is an IEEE 78758 so it's 6 core 12 thread CPU in terms of RAM we have 16 gigabytes on the host so those are the host specifications the VM I believe has 4 gigs of RAM and hey we are done with the tast it seems all files were executed and we have a proactive detection of 97.5 9% at the moment though I'm seeing quite a few process in memory we have malware five one six dot exe ah buta dot exe that's interesting we have some kind of spiritual transformation going on over here malware 1280 and sounds like a GPU name over 14 it's a quite a few process in fact it seems the files that did run they've all successfully managed to stay in memory usually a lot of them just terminate or die but in this case we have quite a lot of stuff active on the system so what are we going to do about it first we'll just install everything that we have here yeah sure run everything why not okay this window is stuck that's great maybe I should just close this no still won't die home Phil da/dx scene that's nice but yeah besides the stock setup window our system is fairly operational no I'm just gonna restart the system don't know look what Windows is up to of course that setup window isn't going to close getting windows ready do not turn off your computer but I'm on a VM I can do that can I I'm really tempted but no I don't want the entire system to crash because I tried to escape a Windows Update and jeopardize the entire test woohoo we're logging and I'm glad that didn't take forever we'll see if we still have any malware application starting up or if that was all just a ruse almost be disappointed if we don't have a single process that made a startup item come on we've got to get something maybe a casino app maybe a gambling up illegal application hack tool something it's taking forever to log on so well maybe we do have stuff on the system all right we're finally in now I'm gonna try and delete all the files because we're not interested in these anymore some of this is still active so I cannot delete it great so it's just one file malware twenty eighty dot exe now one thing I did notice is that the system is really slow for some reason it was fine on the last boot but now it's it's messing around oh crap stuff is happening I got a jump scare there oh yeah it happened again what's what's going on now okay new faults have been detected and quarantined so it's it's still doing it but this is where our second opinion scanners step in just gonna drag in the folder and we'll start by running hitman pro first I'll just run ccleaner just to clean out some of the traces get rid of temp files we don't want to look at those hitman Pro does have a habit of picking up a lot of those cookies and traces that's why I always run ccleaner before that because I don't want a messy results window pro tip now let's see if we've got any baddies I'll also install malware bytes in the mean time and we'll run norton power eraser as well the application you Turandot exe was quarantined some people will not be happy about that oh no I don't want to do a rootkit skin apply go haha so it looks like hitman pro has found a ton of stuff over here malware twenty eighty dot exe service host system 32 this is nasty ouch for a moment I actually thought that Sahlen's hadn't done too bad but look at this stuff and I'm not surprised the system started up really slow and then we have the jump scare from some of the things popping up this by the way is as I believe the VirtualBox display adapter so don't worry about that this is not malware but the rest of it looks looks like it is and you Turandot exe i mean i don't think this is a legitimate version of utorrent we don't have anything installed it's just probably some kind of Trojan masquerading as that and this confirms my suspicions and it's running at startup as well and it's clearly not utorrent whatever it is I'll see well malwarebytes is gonna find norton still processing data I hate that you want for Norton what does it have to process data at 20 times like why can't it just have a linear sensible progress bar like everybody else I hate that infinite cycle of doom where it just keep scanning keeps removing keep scanning keeps removing good Lord see this is this is so much more sensible right you have step by step thing or go like hitman pro you just have one linear step and then you have another linear step why do you have two like how does this make any sense do i developers help me here this is the part where I wish I had gigabit internet alright hitman pro is done results don't look good obviously we have quite a few active malware samples on the system there's a registry key modification but mostly I'm concerned about this and this and all of this stuff and it's not even one of those cases where it's debatable whether or not the malware is active and doing anything because we just noticed the system was slow to start up and then we had the jump-scare Sif's around windows 98 window flashing on the screen so I think that's bad enough that's bad enough to give anybody nightmares so we don't want that that's a horrible result Norton Power Eraser found a ton of stuff as well the optimizer it turns out it's some kind of pupae - so this is actually not looking good at all you have some other Falls that we didn't find before it USB dot exe huh just from the name itself like I can tell these are not good files so it detects the registry modifications as well and yeah at the SRV host dot exe file I'm guessing this kind of trying to look like SVC host which is a legitimate windows fall malwarebytes is still going but damn silence nice smooth test but you missed a lot of stuff buddy especially when you're claiming to be next-gen you're getting outdone by traditional good ole Davies like you're getting outdone by Norton it's been a long time since I've had one two three four five six like more than ten results in Norton Power Eraser like parser usually just detects like one or two files malwarebytes has identified 13 so far and I'm not surprised malwarebytes does count all the individual traces separately so we'll probably end up with a pretty big tally now while this is going I think we can take a look out a few legitimate files and do a bit of a false positive test let me see if I can find some of that stuff yay so we're gonna have some fun over here so if you don't know what I'm doing I'm trying to run Falls that should not be blocked and we'll see if silence blocks them ah it does look at that ji GEI engine well the name kind of says it all there isn't it this is just a really old program that's supposed to do encrypted communication a lot of hey my engines fall for this because again they're not using very robust methods to detect malware that's kind of the downside of using very loose classification techniques I mean all companies do it but if that's the only thing you're doing that's not exactly a bonus at least it hasn't blocked process hacker that's relief oh wait it did did it just delete process hacker because I had it running so maybe it didn't delete it because it was running but now that oh my goodness I don't know if this was blocked by malware or something else but so this one was quarantined okay let's let's try grabbing and running process hacker again so we'll go into lob and tools let's try and grabbing some of these tools this is process Explorer this is process hacker these are all legitimate programs right so it blocks process hacker but it managed to let in a ton of malware into the system oh my goodness I totally understand why some people just completely hate these new next-gen IVs now like seriously come on at least it's not blocking everything I mean it let's process Explorer run but yeah that's that's still quite bad it's just that malwarebytes is starting to pick up all the stuff that silence has in quarantine as well it's there some way I can delete these again the amount of control this program gives is also appalling like it you can't do anything from the desktop application for everything you have to go to the dashboard I don't even know if you can delete the files that are quarantined now one of the reasons I guess they do have quite a few corporate clients is that it works very well in terms of automation it works in the background quite well it's very subtle it doesn't create a lot of visual noise or distraction but even from a UI standpoint this is not the best UI I can imagine and if it's not doing a great job protection wise I don't know like I'm sorry I just like already I don't think I can recommend this oh dear it looks like Mallory buddy's gonna go through the entire quarantine I think it's fair enough that we can stop the scan now I'll just pause it and we'll look at the identified threats let's see you've got the same stuff Program Files home Ville more of that we've got a bunch of tasks interesting so we've gone adware DNS unlocker we've got trojan trick bought maybe that's the one that's giving us the jump scares then we've got more adware more generic malware this is suspicious file this is a SAR v host dot exe pretty sure this is not outerwear it's it's probably a Trojan and then we have the fake uTorrent application again likely a Trojan and more of this DNS unlocker stuff which well you can you can think whatever you want of it but then there's the pupae optional optimizer honestly I'm not too annoyed by the pupae is being missed I guess that's that's okay but the fact that it misses all of this all of this stuff over here that is a huge concern and also the fact that it blocks process hacker this seems like a step back for me I mean of course I'll give you some some background info here as well pretty much every AV company has some kind of AI our statistical clustering mal ran let's use it all the time but that's usually not the only thing that goes into deployment because it's not very accurate so just because some company says it's AI or fancy doesn't mean it's necessarily the best so when you look at a product page like this it seems like they're doing something fancy high-tech new that other AVS don't do but in reality visuals don't really tell you how sophisticated their detection technology is it's the results that will tell you that and for silence the results don't look too promising please like and share the video if you enjoyed it it really helps and don't forget to subscribe to the PC security channel this is Leo I'll see you in the next one and as always stay informed stay secure [Music]

Info

Channel: The PC Security Channel

Views: 111,117

Rating: 4.9219513 out of 5

Keywords: TPSC, The PC Security Channel, security, cybersecurity, Internet Security, Antivirus Reviews, test, malware, prevention, detection, AntiMalware, tutorial, virus, trojan, PUP, Ransomware, finance, antivirus, review, free, 2019, backup, protection, Cylance, Cylance Smart Antivirus, Cylance vs Malware, BlackBerry Cylance, Next gen AV, AI vs Malware, AI engine, Next gen antivirus review, Cylance Review, Cylance Test, Cylance Smart Antivirus Review, Cylance Smart Antivirus Test

Id: eGsfX43FWjQ

Channel Id: undefined

Length: 22min 19sec (1339 seconds)

Published: Sun Jul 28 2019