Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Cylance Antivirus Susceptible to Concatenation Bypass
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files.
Insight
Insight
Security researchers isolated properties of the machine learning algorithm allowing them to change most known-malicious files in simple ways that cause the Cylance product to misclassify the file as benign. Several common malware families, such as Dridex, Gh0stRAT, and Zeus, were reported as successfully modified to bypass the Cylance product in this way.
Affected Software
Affected Software
CylanceProtect less than and equal to 2.0.1533.2
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Cylance has issued and automatically deployed a patch. Consider applying workarounds as well as the patch, as Cylance states in its response that they had to remove features from the product and it is unclear whether or not this patch protects against all similar easy methods for forced misclassifications of malicious files.