Cylance Smart Antivirus review

Cylance Smart Antivirus is a lightweight antivirus solution from Cylance Inc, the AI-based security vendor recently acquired by Blackberry for $1.4 billion.

The package doesn't detect threats by their file signature, instead using its 'artificial intelligence engine' to identify threats proactively.

This approach greatly reduces any impact on your system performance. Smart Antivirus doesn't have to regularly download massive definition files, for instance, or hog your hard drive to run full system scans. It doesn't even have a 'Scan' button: all you have to do is leave the program running, let it scan executables as they're accessed or launched, and any threats should be blocked before they can cause any damage.

• You can sign up for Cylance Smart Antivirus here

This approach greatly reduces any impact on your system performance. Smart Antivirus doesn't have to regularly download massive definition files, for instance, or hog your hard drive to run full system scans. It doesn't even have a 'Scan' button: all you have to do is leave the program running, let it scan executables as they're accessed or launched, and any threats should be blocked before they can cause any damage.

One other major benefit of this AI-type approach is that it should, in theory at least, be better able to immediately identify brand new and undiscovered threats. While others are waiting for updates to their definitions - which can only arrive after the threat has been recognized, too late for those who've been infected - Cylance Smart Antivirus aims to be smart enough to pick up on new dangers as soon as they appear.

Pricing options are simple, with three purchase plans varying only in the number of devices they cover.

The Personal plan covers a single device (Windows or Mac), and costs $29 (£22.31) for one year, $49 (£37.69) for two years.

The Household plan covers up to five devices and is priced at $69 (£53.07) for one year, $109 (£83.85) for two.

The Family plan enables using Smart Antivirus on up to 10 devices for $99 (£76.15) paid annually, or $149 (£114.62) with the two-year option.

This is good value if you're covering a single computer, not so much if you're covering multiple devices. Bitdefender Antivirus Plus is a relatively costly $38.99 (£29.99) for a one device, one-year license, for instance, but steep discounting means a ten device, two-year license is only $116.99 (£89.99), and just $162.49 (£124.99) over three years. That could mean paying a minimal $5.41 (£4.16) per year per device.

There's no trial for Smart Antivirus, unfortunately. Cylance does offer a 30-day money-back guarantee, but the EULA page suggests this is more conditional than usual, and you won't necessarily get your money back unless the company agrees that there's been a breach of its limited warranty ("the Software licensed will perform substantially in accordance with the Documentation provided by us in connection with that Software at the time of purchase.") We don't know whether Cylance will always use that standard when deciding to deal with a refund request, but it looks like they could, and that's a mild concern.

Setup

Getting started with Cylance Smart Antivirus begins by choosing your preferred plan and handing over your cash.

After creating a Cylance account, you're able to log in to the Smart Antivirus web console, where most of the program's management functions are located.

Add the current device to your account, and the website presents you with Smart Antivirus Windows and Mac clients.

We downloaded and installed the Windows build in just a few seconds. It proved relatively lightweight by modern standards, with Smart Antivirus requiring less than 180MB of drive space, and its two background processes generally using under 60MB RAM.

There's a good reason for this lack of resource hogging, of course: Smart Antivirus is strictly antivirus-only, and even that is simpler than most applications. 

There's no URL filtering here, for example, no spam blocking, no specialist banking protection, no password manager, no file shredder or any of the other security extras you'll often see elsewhere. 

Smart Antivirus is designed to be a true 'set and forget' tool, where ideally, once you've installed it, you'll never look at the program's interface again. That philosophy won't appeal to everyone, but there's no doubt it keeps life simple, and post-setup you'll be able to continue with your computing life as usual.

Features

Smart Antivirus has a remarkably short feature list, as we've discussed already, and there are very few ways to control or interact with the package.

The program console, for instance, displays basic status information only: a log of events and a list of any quarantined threats. There's nothing you can do with this data, other than look at it, and even then, it doesn't make as much sense as we would like.

The Events panel initially displayed a log of significant discoveries and actions, for instance, just as we expected. But later that day, these all disappeared. We could look at the Threats tab to see a list of quarantined files, but there was nothing in the Events area to give us any explanation or context.

Experienced users might want to investigate a quarantined file further, but Cylance offers no way to help, not as much as an 'Open File Location' option. Right-click a quarantined file and all you'll see is a 'File Properties' option, and even that was permanently greyed out for us.

By default, there are no other local options. Smart Antivirus doesn't have a Scan button, as it automatically detects and deals with executables as they're accessed. And it doesn't have any local settings, beyond the ability to turn notifications on or off.

The program does have an 'advanced mode' with a few more features, although this is very deeply buried. Instead of having something like an 'Advanced mode' menu item you could select and deselect, Cylance expects users to go online, find the link for the Smart Antivirus manual, not notice or care that it's actually titled 'CylanceProtect Home Edition', find the information about 'advanced mode', then change the Cylance shortcut to add a '-a' command line switch and relaunch the program.

Anyone who manages to do that, will find a scattering of new options to run background or specific folder scans, log more or different information, or delete their quarantined files. These are very basic, and poorly presented in the interface, being tucked away at the bottom of the system tray icon's right-click menu, but we're happy to see them, anyway.

Head off to the Cylance web dashboard and you'll find a handful of other settings. Apart from the ability to turn automatic protection on or off, the interface suggests it can help you manage your quarantined files, and manage a safe list where in theory you're able to whitelist files which Smart Antivirus might detect but you're sure are safe.

This sort-of works, but in a more cumbersome way than you'd expect from a local client-based interface.

For example, the 'How to safelist a file' page, asks you to manually enter the SHA256 of your target file into a web form. If, understandably, a user has no idea what an SHA256 is (essentially, a signature for the file), the page airily suggests that you temporarily turn off security to allow the file to run. 

So, let's be clear. Cylance is hiding a useful function away on a web page; it's making the process ridiculously overcomplicated; and instead of implementing or explaining a way to simplify this (manually copying the SHA256 from the local client to the clipboard, say), it's suggesting users disable their own protection every single time they want the program to run.

That's not all. Despite the page being titled 'How to safelist a file', it's referring to the process of adding a file to the quarantine list. The dashboard doesn't have an option of manually adding a file to the safelist, as we write. A four-month-old user comment on the page explains this, and adds other sensible ideas, but Cylance appears to have made only one change, in response: it's turned off the option for anyone else to comment on the page.

We suspect these design principles are coming from Cylance's enterprise products, where limiting what users can do locally is a very good idea, being able to control them from a central web console is another major plus, and administrators know exactly what an SHA256 means. The consumer world is a very different place, though, and it looks like Cylance has a lot of work to do before it begins to understand what home users will expect.

Protection

It's vital to understand how well any antivirus protects against threats, and normally we look to AV-Comparatives, AV-Test and other testing labs to help us find out. But that's not an option here because Cylance hasn't been tested by any of the major labs for a few years. (The company accused the labs of bad practice, but we don't have the space to deal with that; Search Cylance testing for the background.)

Our own small-scale tests can't compete with the top labs, but we equipped a virtual machine with 20 malware samples and set out to discover how Cylance Smart Antivirus would perform. The results were impressive, with all 20 blocked before they could execute (our real-world ransomware samples were unable to encrypt a single file.) 

The only small issue was a single false positive from a custom program of our own. This was a surprise, because it's small, simple app, doing nothing even slightly dangerous, and has never been flagged by any other antivirus we've reviewed. But this was the only file where we had a problem, and once we restored it from quarantine, we could run the file as usual.

As a final test, we ran our own ransomware simulator on the Cylance-protected system, and waited to see what would happen. As this was custom code, Smart Antivirus wouldn't have seen it before, making it a more interesting test of behavior. And the results were a little disappointing, with our simulator allowed to run to completion, encrypting thousands of test files.

Although this can't match the performance of Bitdefender and Kaspersky's products, which both managed to stop our simulator and restore any encrypted files, we don't mark any antivirus down significantly for ignoring it. This failure has to be a small concern, but the reality is that Smart Antivirus blocked all our real ransomware samples, without difficulty, and that's the test that matters most.

Final verdict

Cylance Smart Antivirus did well in our simple malware tests, but we would like to see it checked by the major labs to get a full idea of its abilities. A revamp for the awkward and frustrating interface would also be welcome, although if you can live with that, the package deserves a closer look.

• We've also highlighted the best antivirus software in this roundup