One of the better antivirus testing, what we have seen so far

Although the AV-Comparatives not accustomed readers to carry out similar tests in the past, this time an Austrian lab gave it to find out. In the first sentence in the PDF report , we read that the preparation of the test was commissioned by Bitdefender — we suspect that it was the methodology. Competitive protective solutions has been selected by Bitdefender. It is a pity that AV-Comparatives "had" nothing to say on this issue, but as a result, we can guess that Bitdefender, who chose to test the third-party products which directly competes on the market. Why do we think that it was one of the better testing, which to date has carried out AV-Comparatives (apart from the fact that the test was made on behalf of one company)? Well, a comprehensive survey of most vectors of attack makes that we are dealing with today's fidelity attempts overcoming security on systems that are protected by the installed software for business.

The study tested the following solutions:

  • BitDefender Endpoint Security Elite 6.2
  • Carbon Black (Cb) DEFENSE 3.0
  • CrowdStrike FalconHost 3.7
  • Cylance CylancePROTECT 2.0
  • Kaspersky Endpoint Security for business 10.3
  • McAfee Endpoint Security 10.5.2
  • SentinelOne Endpoint Protection 1.8.41
  • Sophos Endpoint Protection Advanced Central and Intercept X 11.5.9-3.6.10
  • Symantec Endpoint Protection Standard 14.0

Solutions for business protection business environments have undergone four tests that have been carried out in the period from November to January 2017 2018 year. Their goal was to compare the automated capabilities of prevent and detect various types of threats:

Test # 1

The first test was proactive protection, that is, in which "freeze" the test product for some time. Then it tries to test on a collection of viruses. As described in the report, antivirus solutions have been cut off from the Internet on November 14. A week later you checked the protection on 1000 new malware samples that appeared in-the-wild after freezing antivirus software.

Wyniki z testów antywirusowych nr 1

The test includes also susceptible to false alarms, using 1000 clean files. Although Bitdefender has blocked 99.9% of the threats it has identified 8 safe files as a threat. This can be interpreted the other way — 99.9% means that the product did not stop 1 samples of malicious software. Solution from Cylance not stopped 5 samples, and Kaspersky Lab product until 25.

Test # 2

The second test was checking the effectiveness of bezplikowym malware protection. Malware type "fileless" works directly in your computer's memory. In this scenario, running a virus will not be moved to quarantine by security software, because there is a file, but a set of instructions to perform, to operate on system processes. This family of malware is often used in attacks (. Advanced Persident Threat) to be carried out on a large scale or in attacks on high-level employees.

Thanks to this testing security industry is interesting:

Wyniki z testów antywirusowych nr 2

Presented the results leave no illusions. Threat type fileless still are not too well detected by modern security products. We don't want to do here surreptitious, but Polish antivirus Arcabit already has this type of viruses the relevant patent, which is able to block literally every attack that uses PowerShell to interpreter system connect to the C & C server.

In this test Bitdefender GravityZone failed to block for the duration of the two samples. Each of the 25 attacks has been thoroughly described in the PDF document. We encourage you to familiarize yourself with this description prepared by AV-Comparatives. From each other, we must also add that the attacks were not hard to spot, but provided that the would like patent protection has Arcabit.

Ex aequo on the site of the first Bitdefenderem, Kaspersky Lab product Kaspersky Endpoint Security did not stop attacks No 15 and 16 — attacks # 3 and 5 have been blocked by the firewall, which confirms that this is one of those underrated elements of protection, that in the era of huge amount of attack vectors, any reputable security software should have.

More in detail about fileless attacks we wrote in a report on the test of protection against these threats. Test conducted in October last year.

Test # 3

The third test was conducted on 300 samples of malicious software that were captured from real attempts to spread viruses. In this study examines a viable protection using the scenario, which is the normal behavior of the user, when surfing the Internet.

Wyniki z testów antywirusowych nr 3

Test # 4

Last test check for protection against ever-dangerous ransomware'm. Here uses 300 samples of different varieties of ransomware virus. The study was conducted at the turn of November and December 2017.

Wyniki z testów antywirusowych nr 4

At the end of it's worth even mention one thing. Solve your Bitdefender GravityZone activated all the protective functions. Like the Microsoft CrowdStrike and SentinelOne-all of the options is set to maximum. The third-party products Carbon Black, Cylance, Kaspersky Lab, McAfee, and Symantec were tested on default settings, what we as a bad practice. I wonder what the representatives of these companies. To from other producers could have been without legal consequences apply such controversial settings, all the products have been purchased from distributors, with the exception of the delivered product from Bitdefender.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.