It does not protect well against zero hour malware,
I am afraid that there are no such tests for any AV. In known Real-World tests, there are some 0-day samples (but not zero-hour). The rest are 1-day or even a few days old malware. If I correctly recall, about 2/3 of samples in the wild can be 0-day malware. But when tested in the lab, the ratio can rapidly drop with any hour (many 0-day samples became dead or 1-day samples). If the test is done one time a day, the ratio can drop probably to one 0-day sample per 10 samples.
and fails utterly against banking trojans
That is true, but only if the banking trojan is run in the already infected environment. Such a scenario is probable in Enterprises via lateral movement. At home, the banking trojans are delivered by other malware types that are well-detected. So, the chances of banking trojan infection are very small (combined chances of initial_malware_infection * chances of banking_trojan_infection).
Anything beyond normal attacks and it is more probable that Microsoft Defender will fail to protect a system. This is confirmed by testing by MRG Effitas and AVLab.
That is more or less true for a free version (similarly to other free AVs), but I would not say that it is confirmed by MRG Effitas and AVLab.
MRG Effitas (360° Protection)
does test only the business versions. It can confirm that
Defender Antivirus Enterprise is an average protection layer against malware simulation on the already infected system (not good in the Banking Simulator Test) and as good as the top solutions in other banking tests (Real Botnet Test and Financial Malware Test). The overall protection against banking malware is better than Trend Micro Security and Avira Antivirus Pro.
The AVLab testing procedure is somewhat flawed for Microsoft Defender, because the "Block at first sight" feature does not work properly. It is rather a custom protection level (different from the real protection) used as a reference for other tested AVs.
Anyway, the results of the last test in January 2024 (2 missed samples) would be probably the same as with a fully functional "Block at first sight. The missed samples are legal PUAs (XMRIG, ReksFN) and Defender was tested with disabled PUA protection. Those PUAs were probably used as payloads and abused by initial malware. It is not clear if AVLab tested also the initial malware, if so then they were detected and Defender might score with 100% protection in the wild.
VirusTotal
www.virustotal.com
VirusTotal
www.virustotal.com
I can confirm from my experience, that Defender can miss some legal adware and PUAs even when PUA protection is enabled.