Installing Cylance Smart Antivirus

So I need some new anti-virus in the lab and I was thinking I need something better than traditional AV. I heard a number of guys who I trust and believe in talking about Cylance, and looked into it.  It is next - generation type of security software that does anti-virus - the product is Cylance Smart Antivirus. And interesting enough it has a 10 device package for 50 US / 59 CAD per year.  Not bad.  So this article is about me making it work.  Maybe it can help you.

Pre-reqs

• If you have Cylance as a benefit of work, to get the bits you need to go to https://home-registration.cylance.com and register.
• If you don’t have Cylance as a benefit of work, you will need to head to https://shop.cylance.com to buy the bits, and have the cloud helping to protect you.
• I cannot tell from the quick start guide, or the user guide if the product will uninstall other anti-virus software. So I uninstalled my previous AV - which was Trend. When you install on Windows it will actually tell you it doesn’t uninstall any.  But it does disable Windows Defender.  But you have to enable it if you remove Cylance.
• In the email after the purchase there is a URL to register.  This is important as it is where you will do policy, and check the condition of your protected machines. It is where you get the bits as well.
• Docs - here is the quick start guide, and the user guide.  Pretty small which is nice and I was happy to see that a low page count did not equal low functionality or less features!
• My test machines have either macOS Mojave (10.14.5) or Windows 10.

First Machine Install - Mac

So we have the bits, and we will need the token that is available with the bits, as that is what will connect the install to the management infrastructure securely.

• So we need to log into the management UI - link here.
• It looks sort of interesting, and yet boring at first.

• We need to use the Add a Device button.

• We see a few things here.  The install bits and the install token.  Which I have hidden in the screenshot above, after all I do not want to manage your anti-virus install!
• I like how we can add a device via email too.
• I am installing on a Mac. So I download the DMG file and start installing.
• Practically the second step is to copy and paste the token.
• I have to enable an extension for Cylance but that is quick and easy as I am prompted and I then just have to hit allow.  This is normal for anti-virus software.
• The install will also prompt to clean up the install bits which I say yes too.
• I see nothing in my UI to say things are installed or not.  So I change in the management UI back to Devices.

• So I can see that my MBA is now protected and online too.
• I can select my computer to see what OS and version, plus IP and MAC info, and any threat activity.  Which there is none - at this time.

Policy

There is not much.  If you select the Settings button at the top, which is slightly greyed out you will see the policy, and it is all enabled.

• The settings are default and that means I will start with them and see how it goes.
• This is very different for anti-virus software - right?  Not big policies to deal with and all the decisions. But this is nice, if something bad starts to happen I suspect it will be grabbed.
• Global Lists is currently blank, but if there are false positives that is how they will be dealt with. Nice it is global so that it my bother me but no one else once I add it to the list.
• I tried using the Eicar (link here) test malware to see how this software would handle it - how it alerts and all that.  But it did not react to it. This is explained in this article - Eicar is not an execution file but a text file with a signature in it and Cylance is not signature based.
• I can confirm that when the agent is installed it does an initial scan.  Which is why you see a small number - for me it was 51, but in a little bit it is quite a bit bigger - for me 1219. After that it checks incoming new portable executables, and modified files.  This helps to keep it low impact but still catch the bad stuff.

Second Machine - Windows

The process is pretty similar on Windows.  But there are some small differences - the first is it will tell you that it will not uninstall other AV products. It will disable Windows Defender, but it will not enable it if you remove Cylance.  You can find help on enabling Defender in this article.

In addition, in Windows you will get a front end to Cylance as it applies to that Windows machine.

Conclusion

I will add this to a few machines - both Mac and Windows and we will see how it goes. So far I am quite happy, as I think that this has a better model than traditional AV but we will see. Also, no signatures to worry about updating - that is nice.  It is replaced with behavior monitoring, and maybe signatures on that in the cloud but I don’t have to manage that so that is quite good.

Michael

=== END ===