AV-TEST 9 Security Packages for Consumer Users in an Advanced Threat Protection Test against Ransomware

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,855
The lab of AV-TEST examined protection packages in the Advanced Threat Protection test, a type of live-attack test. Each product in the test was required to withstand 10 sophisticated attacks with scripts, macros and ransomware, precisely resembling the threat scenario posed by hackers. In doing so, each defensive step was evaluated according to the pattern of the MITRE ATT&CK Matrix. The test shows that many products are true system defenders – whereas others are not.

Classical security tests demonstrate how well security packages offer protection against ten thousands of Trojans, viruses etc. But what happens when a new variant of malware attacks? Will it be detected, blocked and deleted? Can its execution be totally prevented, or are there perhaps individual files encrypted in the end, as is the case with ransomware, for example? Answers to these questions are found in the latest lab test by AV-TEST, in which each protection package was required to fend off 10 real attack scenarios with ransomware. In order for every reader to relate to the test, all the single steps of an attack per product are spelled out in special MITRE ATT&CK Matrix charts.

In the latest test, 9 well-known consumer security packages faced off to see how well they offered protection in 10 real-life scenarios against ransomware. The protection packages came from Bitdefender, BullGuard, G DATA, Malwarebytes, Microsoft, NortonLifeLock, PC Matic, Protected.net and VIPRE Security.
The results:
Chart:
csm_1121_EPP_Consumer_Ergebnis_EN_dbf294110a.jpg
 

SeriousHoax

Level 41
Verified
Top poster
Well-known
Mar 16, 2019
3,085
@SeriousHoax Then Defender is indeed impressive, without Controlled Folder access and ASR rules (y)
Yeah, it's pretty good and one of the most important part of Windows's Security. Though I'm not much of a fan of its super high cloud reliance and some of the performance impact it has.
Avast and Avira have a very good balance between offline and online signatures. I recently saw Avast removed some not so popular and a bit older PUPs and cracks from their signature and made them available in their cloud signatures only. This is a smart approach to optimize their local signature. For newer samples, they are faster than MD to push offline signature updates.