On July 18th, researchers publicly disclosed a specific bypass of CylancePROTECT®. We verified the issue was not a universal bypass as reported, but rather a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances.
Blackberry® Cylance® released a number of mitigations, and subsequently requested that an independent 3rd party, SE Labs, test the latest version of CylancePROTECT to validate the fix and/or to highlight areas that should be examined further.
SE Labs is an independent organization that assesses products and services designed to detect attacks, protect against intrusions or both. SE Labs is a member of the Microsoft Virus Information Alliance (VIA); the Anti-Malware Testing Standards Organization (AMTSO); and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG).
For this test, SE Labs collected samples of highly prevalent, damaging malware of different types and 'families' and made changes to the files to attempt to bypass the updated version of CylancePROTECT.
They then exposed the system to these threats to see if they were detected and blocked or were scored as legitimate. The testing methodology used the same techniques as the researchers who initially discovered the vulnerability, while also using additional techniques that could reasonably be expected to attract the attention of would-be attackers.
The results from SE Labs conclude that the machine learning features in the latest version of CylancePROTECT detected and protected against all of the variations used to perform the test.
BlackBerry Cylance continues to work towards protecting end users and their data with many technologies, including machine learning, to offer modern cybersecurity capabilities against advanced threats.
