AVLab.pl Protection effectiveness of EDR solutions against Internet threats

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
182
Dear Community!

We have published a summary of the March tests the Advanced In-The-Wild Malware Test. It will be best if I quote:

We dedicate this edition to EDR (Endpoint Detection and Response) solutions, and by the way we want to remind some terms. The primary purpose of EDR is to help security teams make better decisions when handling incidents that are reported from employee’s devices. EDR makes incident management much easier. For example, it is possible to redirect issues to designated experts of malware and network traffic analysis, search for intrusion traces in real time, point out irregularities with the security of each endpoint. In general, solutions that are equipped with EDR modules allow businesses to save money by avoiding unnecessary expenses. Namely, a single product is cheaper to implement, manage, configure, integrate, and maintain on a yearly basis than several separate solutions from different developers. For antimalware software with the EDR or XDR module, a holistic approach to security works better in practice than fragmentation of IT products.
Click to expand...

In March 2024, we tested the following solutions for business and government institutions:
  • Emsisoft Enterprise Security + EDR
  • Microsoft Defender for Business + EDR
  • ThreatDown Endpoint Protection + EDR
  • Xcitium ZeroThreat Advanced + EDR
And solutions for home users:
  • Avast Free Antivirus
  • Bitdefender Total Protection
  • Comodo Internet Security Pro
  • Eset Smart Security Premium
  • F-Secure Total
  • Panda Dome
  • McAfee Total Protection
  • Malwarebytes Premium
  • Webroot Antivirus
Publication: Protection Effectiveness Of EDR Solutions Against Internet Threats » AVLab Cybersecurity Foundation

Results: Recent Results In March 2024 » AVLab Cybersecurity Foundation

Awards: Awards » AVLab Cybersecurity Foundation

Edited: wrong image attached
 

Attachments

  • march 2024 remediation time.png
    march 2024 remediation time.png
    67.8 KB · Views: 105
  • Like
  • +Reputation
  • Applause
Reactions: amico81, Tume, vtqhtr413 and 11 others
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,513
Thank you for sharing this insightful information. It's great to see comprehensive testing of EDR solutions to ensure they provide effective protection against internet threats. Looking forward to reviewing the results and awards. This will definitely help users make informed decisions about their security solutions.
 
  • Like
Reactions: Jack
Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
182
LennyFox said:
Wow, impressive response times of F-secure, McFee and ESET (y) Pitty ESET does not obtain a 100% score (maybe ESET should call @cruelsister for some tips :) )

Thanks for posting @Adrian Ścibor
Click to expand...

Unfournatelly, indeed. Please do not miss out the software was tested with followed settings:

Eset default settings + their browser protection with addon +
  • LiveGrid enabled.
  • PUA detecting enabled.
  • LiveGuard set to “kill process and clean”.
  • Protection and detection at the “balanced” level.
These sets are required by producer in the test.
 
  • Like
  • +Reputation
  • Applause
Reactions: vtqhtr413, Idanox, ErzCrz and 5 others
Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
182
Sorry for the off-topic.

Sometimes you wonder if there is a difference between a 99% score and a 100% score? I believe there is an answer to this - I was asked this by Emsisoft and other questions.

Maybe some of you will find it interesting:

www.emsisoft.com

Testing cybersecurity products: A Q&A with AVLab's Adrian Ścibor

The intricate process of antivirus and anti-malware testing, as explained by AVLab Cybersecurity Foundation, underscores the critical need for evolving cybersecurity measures in an increasingly digital world. Click here to read our full interview with Adrian Ścibor, the founder of the AVLab...
www.emsisoft.com www.emsisoft.com
  1. In case anybody doesn’t know, what exactly is antivirus – or anti-malware – testing?
  2. How has testing changed over the years?
  3. Some people are concerned that tests must be biased because they’re usually paid for by vendors. How do you respond to that?
  4. If a product performs well in tests, does that mean it will perform well in the real world?
  5. How should people interpret the test results? Does one bad score equal a bad product?
  6. AVLab Cybersecurity Foundation is a member of the Anti-Malware Testing Standards Organization (AMTSO). What is that?
  7. Most products score quite well in tests. How much do the minor differences in their results actually matter?
  8. Have so-called ‘living off the land’ attacks made malware detection and testing less important?
  9. Some tests refer to pre- and post-execution detection, and detection times. What’s the difference and why does it matter?
  10. Beyond tests results, what else should people look for when choosing a security solution? 
 
  • Like
  • +Reputation
  • Applause
Reactions: Moonhorse, vtqhtr413, Andy Ful and 10 others
Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
182
ErzCrz said:
Great to see more another comprehensive test @Adrian Ścibor

Really like that the configurations are listed in the publication.

I'd love to see the software version numbers and OS used in the test.
Click to expand...

We do not publish versions of antiviruses becaauce we always use the nevest builds. This information is transparent on the methodology webiste: Methods Of Carrying Out Automatic Tests » AVLab Cybersecurity Foundation

Points: 5, 5.1, 8 and 8.1

In a short brief, every day the software is updated before test run. Consideration that the test is carried out 24 hours a day the update procedure take more less 60-90 minutes using by scripts under the hood - automatically. After that a new and a clean shapshoot is created, and it is used in the rest of day to testing. The browser is updated too, of course.

We always use the nevest version of AVs and Firefox browser. When it comes to systems the update must be do manually, because of potential bugs or crashes while updating, systems restarting. We used Windows 11 Pro since March 2024 edition.
 
  • Like
  • Thanks
Reactions: [correlate], Moonhorse, Jonny Quest and 6 others
ErzCrz

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,025
Adrian Ścibor said:
We do not publish versions of antiviruses becaauce we always use the nevest builds. This information is transparent on the methodology webiste: Methods Of Carrying Out Automatic Tests » AVLab Cybersecurity Foundation

Points: 5, 5.1, 8 and 8.1

In a short brief, every day the software is updated before test run. Consideration that the test is carried out 24 hours a day the update procedure take more less 60-90 minutes using by scripts under the hood - automatically. After that a new and a clean shapshoot is created, and it is used in the rest of day to testing. The browser is updated too, of course.

We always use the nevest version of AVs and Firefox browser. When it comes to systems the update must be do manually, because of potential bugs or crashes while updating, systems restarting. We used Windows 11 Pro since March 2024 edition.
Click to expand...
Thanks, that makes perfect sense. I hadn't read that article in full previously.
 
  • Like
Reactions: [correlate], Adrian Ścibor, Khushal and 1 other person

Similar threads

Adrian Ścibor
    • Like
    • +Reputation
    • Thanks
AVLab.pl Product Of The Year 2024 – Recommended solutions for securing Windows
Replies
6
Views
978
Security Statistics and Reports
oldschool
oldschool
Adrian Ścibor
    • Like
    • Applause
    • +Reputation
AVLab.pl Overview of protection of EDR-XDR solutions. Simulation of offensive security tests including the visibility of attacks in telemetry.
Replies
3
Views
1,110
Security Statistics and Reports
Zero Knowledge
Z
upnorth
    • Like
    • +Reputation
    • Thanks
Security News New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
Replies
0
Views
1,090
Security News
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top