Cylance Antivirus Susceptible to Concatenation Bypass

The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files.

Security researchers isolated properties of the machine learning algorithm allowing them to change most known-malicious files in simple ways that cause the Cylance product to misclassify the file as benign. Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way.

CylanceProtect less than and equal to 2.0.1533.2

Checks if a vulnerable version is present on the target host.

Cylance has issued and automatically deployed a patch. Consider applying workarounds as well as the patch, as Cylance states in its response that they had to remove features from the product and it is unclear whether or not this patch protects against all similar easy methods for forced misclassifications of malicious files.