AV-Comparatives AV-Comparatives Real-World Protection Test Jul-Aug 2023

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Digmor Crusher

Level 24
Verified
Top Poster
Well-known
Jan 27, 2018
1,396
Always amazed that AV-Comparatives is still viewed as credible by anyone.
Seeing that no one knows what samples they use or how they actually perform the tests they are as credible as any other testing site. It's the same as going to auto sites to review a vehicle, you'll get numerous opinions and it's up to you to filter them. I find it somewhat incredulous that anyone bashes these type of sites as 90% of the people doing so have no idea how they test and what it means. They are just one, of many , resources for people to form an educated opinion.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Do you really think that WD is a good antivirus?
I think it's an okay antivirus.

In a real attack on your device, I highly doubt WD would be able to help you.
Maybe, maybe not. But I wouldn't trust a third-party AV to protect my system either.
Regardless of the AV, it is and should always be the last line of defence. The user's the first and I'm confident in my ability to keep my system free from malware.
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,128
Regardless of the MB it consumes, the number of processes in RAM is too much. They already have almost the same processes as Mcafee.
Why is that an issue for you? The only thing that matters to me with in terms of performance, is if an antivirus is making my computer run noticeably slower. I don't care how much RAM is used, or how many processes it creates, if my computer isn't running slower. If an antivirus was using gigabytes of RAM, but it wasn't affecting performance, I wouldn't care. I don't have any idea how much RAM my antivirus is using, as it's not something I care about. RAM usage only matters to me, when my PC's RAM usage is very high.
 

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
I do think AV vendors mislead consumers, in that they make exaggerated claims about their ability to protect users from threats. Ultimately it's up to consumers to decide whether the cost is worth the increased/perception of increased protection (regardless of whether their decision is their own or influenced by a vendor's marketing).


It can but I very rarely hear about AVs getting exploited outside of vulnerability research and corporate environments. Plus Defender has be successfully exploited previously too.

AV vendors totally mislead consumers because their products are not needed at all. Increased protection is already in Windows and nobody needs to pay for it.

Defender was exploited previously? is there any proof for that

I will test your Microsoft Defender Hardening very soon 😉 Your software interests me... :)

Glad to know that! by the way, it's defense in depth, so to perform a realistic test you need to use all of the categories, not just Microsoft Defender. 🙂
Here is a document about pentesting


Since the integration of AI Machine Learning, WD has become an excellent antivirus that even manages to outperform many market leaders. By default, it's excellent, and in High or Hard mode, it's like a fortress!

I've already managed to bypass WD by injecting arbitrary code, it works once, but not afterwards...

Is there a PoC for that?
I'm interested in knowing full details about this

The technique I was using involved forcibly adding an executable to WD's Exceptions. Microsoft has added Behavior detection to counter this, and it no longer works.

You did it with Administrator privileges? Because if you did then that's perfectly normal and it's not a vulnerability/bypass, as I explained in this document.
 

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113

Thanks, here is a quote from what I wrote in the rationale post

These methods will create multiple layers of security; also known as defense in depth. Additionally, you can create Kernel-level Zero-Trust strategy for your system.

If there will ever be a zero-day vulnerability in one or even some of the security layers at the same time, there will still be enough layers left to protect your device. It's impossible to penetrate all of them.

Also, zero-day vulnerabilities are patched quickly, so keeping your device and OS up to date, regardless of what OS you use, is one of the most basic security recommendations and best practices you must follow.
 
  • +Reputation
Reactions: Shadowra

SpyNetGirl

Level 3
Well-known
Jan 30, 2023
113
What do you mean? My comparison or my bypass test?

If it's bypass, you've said it all ^^

Please read the documents below, they will clear any confusions


 
  • Applause
Reactions: Shadowra
F

ForgottenSeer 93475

First time I see Avast/AVG acing it and first time I see Kaspersky which used to always lead the pack fall back so much.
In fact, he was not late at all, but they put him back to the back of the class, as the people who believed their results did not like him to remain in the first class
View attachment 278614

Its only using like 450mb of ram after a few days, i think first couple of days it was getting used to the system.
just this..
Screenshot_171.png

They are missing crowd intelligence from the western world, less users is less telemetry and big data.
this M.T not subreddit................plssssss
@all members bashing AV-comparatives

They have to many quality seals (they have the most out of all professional lab testing organizations) I know for that you don't (just to name one quality certificate of AVC) an ISO certification when you are not transparent and have predictable, repeatable processes in place. AV-comparatives not publishing their processes to the public does not mean that their approach is not checked and certified. Also many Universities have ties with AV-comparatives. In the academic world there are also requirements and regulations how research is performed.

The fact that their results may differ from youtube testers, does not dis-qualify their testing method.
All people who don't believe them have their reasons, av-comparatives were always manipulating their results, so stop forcefully asking them to believe them
Remember that it is not important that you have everything necessary to conduct the tests, but rather credibility is what is actually necessary
 
  • Like
Reactions: codswollip

RansomwareRemediation

Level 4
Verified
Well-known
Jun 22, 2020
189
For Windows, the only winner I see is Microsoft Defender Antivirus.

How many here look at AV-C, online reviews or video tests and think "I should use this AV because of it's performance in this specific test".

All these "tests" are simulations.
I insist, do you really think that WD is a good AV? In a real ransomware attack, it has been proven that WD is no good at protecting. Regardless of whether it is configured, and whether it has AI, all AVs have it. Not all tests are simulations.
 
  • Like
Reactions: micasayyo and Brie

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
147
Defender was exploited previously? is there any proof for that
I remember 10 years ago, ZeroAccess altered the permissions of Windows Defender and MSE folders (before the Windows Defender in Windows 10 era) and used a trick by placing junctions that completely disabled it. But this was valid for other security software as well. It was a very stubborn and creative malware. :)


From the FRST log:

ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

From the Rkill log:
* ALERT: ZEROACCESS Reparse Point/Junction found!

* C:\Program Files\Windows Defender\MpCommu.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MpTpmAtt.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MsMpCom.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\MsMpRes.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisIpsPlugin.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisLog.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\NisWfp.dll => <Unknown Target> [File]
* C:\Program Files\Windows Defender\ProtectionManagement.dll => <Unknown Target> [File]
* C:\Program Files (x86)\Windows Defender\MpAsDesc.dll => <Unknown Target> [File]
* C:\Program Files (x86)\Windows Defender\shellext.dll => <Unknown Target> [File]
Another common trick was to use the IFEO keys in the registry:

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top