In the series of Advanced Threat Protection tests, the AV-TEST laboratory tested 14 enterprise protection solutions against data stealers and ransomware. In this Live Attack test, 10 real-world attack scenarios on Windows are to be fended off. In addition to detecting the malware, every single defense step of a protection solution counts.
AV-TEST's Advanced Threat Protection tests test protection software in the laboratory using very real and dynamic attack scenarios. Since the effort involved in these tests is extremely high, the attacks per product are limited to 10 scenarios. In the December test, the lab carried out 5 special attacks with ransomware and 5 attacks with so-called data stealers, which simulate a ransomware attack and steal the data in the background. The results are very interesting, as the enterprise solutions withstood all attacks very well, while two consumer products had problems.
14 products in the Advanced Threat Protection test
In the Advanced Threat Protection tests, the AV-TEST laboratory tested 14 protection solutions for companies (Image: AV-TEST).
The 14 business solutions faced the test: Acronis Cyber Protect, Avast Business Antivirus Pro Plus, Bitdefender Endpoint Security, Bitdefender Endpoint Security (Ultra), Comodo Client Security, F-Secure Elements Endpoint Protection, G DATA Endpoint Protection Business, Malwarebytes Endpoint Protection, McAfee Endpoint Security, Microsoft Defender Antivirus, Sangfor Endpoint Secure Protect, Sophos Intercept X Advanced, Symantec Endpoint Security Complete, and VMware Carbon Black Cloud.
Strong against ransomware
Each product must pass against 5 ransomware scenarios and 5 data stealer scenarios in this test. The laboratory examines every single step of the attack. This starts with the arrival of the mail, the detection of the attacker and the examination of what scripts or auxiliary tools are being executed. Then every further attack step must be blocked. If a security program recognizes and blocks an attacker, the attack is considered recognized and resolved. The test candidate receives full points for his protection score. The maximum score in this test is 45 points.
The December test (first released in March 2022) could not have gone better for the enterprise products. All 14 products in the test performed perfectly in each of the 10 scenarios and stopped all attacks. Thus, all endpoint products receive the maximum 45 points
Advanced Approved Endpoint Protection Certificate
To be awarded the "Advanced Approved Endpoint Protection" certificate, a product must achieve at least 75 percent of the protection score points in the test. In this test, that's at least 33,75 points. Thus, all test participants of the company's products receive this certificate. Only Acronis does not receive a certificate. It completes the test without errors, but only those who are certified in the regular monthly test and meet the criteria here are certified.
More at AV-TEST.org
About AV-TEST AV-TEST GmbH is an independent provider of services in the field of IT security and anti-virus research with a focus on the identification and analysis of the latest malware and its use in comprehensive comparative tests. The fact that the test data is up-to-date enables the quick-response analysis of new malware, the early detection of virus trends, and the investigation and certification of IT security solutions. The results of the AV-TEST Institute represent an exclusive information base and serve manufacturers for product optimization, specialist magazines for the publication of results and end customers for orientation in product selection.
The company AV-TEST has been operating in Magdeburg since 2004 and employs more than 30 people with profound specialist and practical experience. The laboratories are equipped with 300 client and server systems in which more than 2.500 terabytes of self-determined test data of harmful and harmless information are stored and processed. Further information can be found at https://www.av-test.org.