Installing Cylance Smart Antivirus

So I need some new anti-virus in the lab and I was thinking I need something better than traditional AV. I heard a number of guys who I trust and believe in talking about Cylance, and looked into it.  It is next - generation type of security software that does anti-virus - the product is Cylance Smart Antivirus. And interesting enough it has a 10 device package for 50 US / 59 CAD per year.  Not bad.  So this article is about me making it work.  Maybe it can help you.


  • If you have Cylance as a benefit of work, to get the bits you need to go to and register.
  • If you don’t have Cylance as a benefit of work, you will need to head to to buy the bits, and have the cloud helping to protect you.
  • I cannot tell from the quick start guide, or the user guide if the product will uninstall other anti-virus software. So I uninstalled my previous AV - which was Trend. When you install on Windows it will actually tell you it doesn’t uninstall any.  But it does disable Windows Defender.  But you have to enable it if you remove Cylance.
  • In the email after the purchase there is a URL to register.  This is important as it is where you will do policy, and check the condition of your protected machines. It is where you get the bits as well.
  • Docs - here is the quick start guide, and the user guide.  Pretty small which is nice and I was happy to see that a low page count did not equal low functionality or less features!
  • My test machines have either macOS Mojave (10.14.5) or Windows 10.

First Machine Install - Mac

So we have the bits, and we will need the token that is available with the bits, as that is what will connect the install to the management infrastructure securely.

  • So we need to log into the management UI - link here.
  • It looks sort of interesting, and yet boring at first.

  • We need to use the Add a Device button.

  • We see a few things here.  The install bits and the install token.  Which I have hidden in the screenshot above, after all I do not want to manage your anti-virus install!
  • I like how we can add a device via email too.
  • I am installing on a Mac. So I download the DMG file and start installing.
  • Practically the second step is to copy and paste the token.
  • I have to enable an extension for Cylance but that is quick and easy as I am prompted and I then just have to hit allow.  This is normal for anti-virus software.
  • The install will also prompt to clean up the install bits which I say yes too.
  • I see nothing in my UI to say things are installed or not.  So I change in the management UI back to Devices.

  • So I can see that my MBA is now protected and online too.
  • I can select my computer to see what OS and version, plus IP and MAC info, and any threat activity.  Which there is none - at this time.


There is not much.  If you select the Settings button at the top, which is slightly greyed out you will see the policy, and it is all enabled.

  • The settings are default and that means I will start with them and see how it goes.
  • This is very different for anti-virus software - right?  Not big policies to deal with and all the decisions. But this is nice, if something bad starts to happen I suspect it will be grabbed.
  • Global Lists is currently blank, but if there are false positives that is how they will be dealt with. Nice it is global so that it my bother me but no one else once I add it to the list.
  • I tried using the Eicar (link here) test malware to see how this software would handle it - how it alerts and all that.  But it did not react to it. This is explained in this article - Eicar is not an execution file but a text file with a signature in it and Cylance is not signature based.
  • I can confirm that when the agent is installed it does an initial scan.  Which is why you see a small number - for me it was 51, but in a little bit it is quite a bit bigger - for me 1219. After that it checks incoming new portable executables, and modified files.  This helps to keep it low impact but still catch the bad stuff.

Second Machine - Windows

The process is pretty similar on Windows.  But there are some small differences - the first is it will tell you that it will not uninstall other AV products. It will disable Windows Defender, but it will not enable it if you remove Cylance.  You can find help on enabling Defender in this article.

In addition, in Windows you will get a front end to Cylance as it applies to that Windows machine.


I will add this to a few machines - both Mac and Windows and we will see how it goes. So far I am quite happy, as I think that this has a better model than traditional AV but we will see. Also, no signatures to worry about updating - that is nice.  It is replaced with behavior monitoring, and maybe signatures on that in the cloud but I don’t have to manage that so that is quite good.


=== END ===

4 thoughts on “Installing Cylance Smart Antivirus

  1. Hi Michael - Did you ever manage to implement cylance with Veeam Secure restore?
    Currently the AntivirusInfos.xml contains info for Defender, ESET, Kaspersky and Symantec.

  2. Sorry Michael, to be clearer,
    We also use Cylance and using Veeam Secure Restore
    - see this link from Veeam
    excerpt below…

    During secure restore, Veeam Backup & Replication reads settings from the configuration file and triggers the antivirus to scan backup files. The settings in the file are already predefined for the following antivirus software:

    Symantec Protection Engine
    Windows Defender
    If you want to scan machine data with other antivirus software, you must add settings for this software to the antivirus configuration file. Mind that the antivirus software must support the command line interface (CLI).

    Is this something you ever attempted with Cylance ?

    1. HI Niall,

      I have not tried this with Cylance. It is not true anti-virus software, but it should still work however I am not sure if it has the API support to make it work. I think that Secure Restore is best used with traditional anti-virus.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.