Vice has a great article on how researchers were able to make Cylance think that known viruses were safe, all by purchasing Cylance, reverse engineering, and running test after test after test.
They didn’t just run the files against the static Cylance program – they executed the malicious files on a virtual machine with Cylance PROTECT running on it, to see if it would catch the malicious files in action. The theory was that even if the product was tricked by the strings, the malicious action of the file would still be detected by Cylance, but it wasn’t.
Vice
cybersqueeze 