The AV-TEST laboratory tested 11 company products for their effectiveness against ransomware. The report shows the result of 113 ransomware attacks on the test systems. The initiator and client of the test at the independent test institute AV-TEST was Kaspersky.
In June-August 2021, AV-TEST carried out a test of the ransomware protection offered by 11 different Endpoint Protection Platforms (EPP). A total of 113 different attacks were carried out.
113 ransomware attacks in the lab
The end result of the endpoint protection vs. ransomware test (image AV-TEST).
These three assessment scenarios were independently developed and carried out by the test laboratory:
- Real-world scenario - ransomware attacks user files on the local system
- Real world scenario - ransomware attacks user files in remote shared folders
- Proof-of-concept - ransomware attacks user files on the local system (detection of alternative encryption methods or techniques used by malware)
During the test, the products were expected to detect and block ransomware activity and its files, as well as roll back changes to user files and eliminate the threat from the target system. Only these results were considered a real success and the corresponding solution was counted in each test case.
11 corporate solutions in the anti-ransomware test
The laboratory has independently included the following company products in the test framework:
- Bitdefender Gravity Zone Business Security 7.2.1.69
- ESET Protect Entry 8.0.202.0
- F-Secure Elements Endpoint Protection 21.6
- Kaspersky Endpoint Security Cloud 11.6.0.394
- McAfee Mvision + Microsoft Defender 5.7.33.245 + 4.18.2106.6
- Microsoft Defender Antivirus ATP 4.18.2106.6
- Sophos intercept X Advanced 2.18.2
- Symantec Endpoint Protection 14.3 RU2
- Trend Micro Endpoint Security with APEX One 14.0.9672
- WatchGuard Endpoint Security 8.0.18
- Webroot Business Endpoint Protection 9.0.30.75
The evaluation of the test results
Real-world scenario - ransomware attacks user files on the local system (Image: AV-TEST).
The laboratory has summarized the results as follows:
- “Completely blocked” means that ransomware has been detected and all user files have been protected.
- “Partially locked” means that ransomware has been detected but some user files have been lost (not protected).
- The protection solution detected alternative encryption methods or techniques used by the malware and blocked everything
For the result, all recorded percentages were added up and divided by the number of tests (3).
The clear result
Real-world scenario - ransomware attacks user files in shared remote folders (Image: AV-TEST).
Kaspersky Endpoint Security Cloud achieved the best results, protecting against 100% of all 113 ransomware attacks in the test without losing a single user file. The individual results of the three scenarios showed a difference in the detection / protection capabilities of the examined products. The following is noticeable in the individual tests:
- Test point "Real-World Scenario - Ransomware attacks user files on the local system" almost all solutions can achieve a value of 100 percent.
- In the second “Real World Scenario – Ransomware attacks user files in remote shared folders” the result looks extremely bad. While Symantec detects 50 percent of attacks, Sophos detects 86 percent in whole or in part. Kaspersky sticks to 100 percent detection here. All other solutions recognize nothing - so 0 percent!
"Ransomware attacks user files on the local system", defense based on the behavior of an attack (Image: AV-TEST).
- In the third test "Proof-of-Concept - Ransomware attacks user files on the local system", where the solutions make their decisions based on the behavior of an attack looks a little better, but not good. McAfee & Microsoft are at 50 percent, Trend Micro at 64 percent and Watchguard at a good 86 percent. Here, too, only Kaspersky can achieve 100 percent. All other solutions land at 21 to 36 percent - ESET even at 0 percent.
The test was commissioned by Kaspersky, but the AV-TEST laboratory is known for its independent tests and their high level of professionalism and is accepted by all companies. The complete test with all processes and results is freely accessible online as a PDF.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/