AV-Comparatives APT Detection Coverage Test 2026

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Minimalist

Minimalist

Level 12
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Oct 2, 2020
576
5,550
1,068
Slovenia
Advanced Persistent Threats (APTs) are often associated with large enterprises, critical infrastructure, and high-value corporate targets. However, the reality is broader. Private individuals, such as (but not limited to) investigative journalists, activists, or even spouses in abusive relationships, can also become entry points or direct victims of sophisticated, long-term attacks.

In our latest APT Detection Coverage 2026 study, we evaluated how well leading consumer security products detect well-known APT toolsets. This is particularly relevant given that many real-world APT campaigns begin on endpoints outside traditional enterprise environments.
Click to expand...
www.av-comparatives.org

APT Detection Coverage Test 2026

How well are private individuals, such as journalists, activists or spouses in abusive relationships protected against APT by Consumer Security products?
www.av-comparatives.org www.av-comparatives.org
 
  • Like
  • +Reputation
  • Thanks
Reactions: Mndgs, SeriousHoax, Behold Eck and 17 others
Panda performed great on-execution compared to on-demand scan; a good behavioral analysis?
 

Attachments

  • Capture1.JPG
    Capture1.JPG
    70.3 KB · Views: 143
  • Capture.JPG
    Capture.JPG
    71 KB · Views: 150
  • Like
  • Wow
Reactions: SeriousHoax, Behold Eck, Brownie2019 and 6 others
Parkinsond said:
Panda performed great on-execution compared to on-demand scan; a good behavioral analysis?
Click to expand...
In August it got 91,6 and 92% detection rate on scan only. In September when execution test was performed it got 99%+ detection rate so the difference could be result of behavioral analysis.
 
  • Like
  • Thanks
Reactions: Behold Eck, [correlate], Sorrento and 7 others
stonjean633 said:
They are also using very old samples which are irrelevant at present.
Click to expand...
Not agreeing or disagreeing with your assessment, but the report says this:

The age of a sample was not used as a selection criterion for exclusion. Publicly documented APT toolsets often remain operational for extended periods, and detection capability is expected to apply regardless of the initial publication date of a sample. Detection capability is expected to apply to publicly documented malicious binaries independent of whether the original command -and-control infrastructure or exploited vulnerability remains operational at the time of testing.
Click to expand...
 
  • Like
Reactions: Brownie2019, [correlate], Sorrento and 7 others
Commenting as a tech enthusiast looking at free stuffs, with some interests in top-reputation products:
  • ESET does seem to deserve its reputation (and maybe the subscription fee).
  • Microsoft also seems to deserve the "it's good enough for most people" label if you're constantly online.
  • Avast performs better than Microsoft offline, but the extra coverage may not be sufficient, and the online scans are worse for modified samples. It's probably better in terms of UI/configuration (easy hardened mode?).
  • Bitdefender's online and offline scans don't differ much and seem to be falling behind other vendors. Even Microsoft’s online scans are better.
  • McAfee doesn’t seem to perform as well as expected.
  • Kaspersky's online performance is slightly better than all of the above. It may deserve the subscription fee if constantly online as well.
 
Last edited:
  • Like
  • Wow
  • Applause
Reactions: SeriousHoax, Halp2001, RansomwareRemediation and 9 others
Wrecker4923 said:
Commenting as a tech enthusiast looking at free stuffs, with some interests in top-reputation products:
  • ESET does seem to deserve its reputation (and maybe the subscription fee).
  • Microsoft also seems to deserve the "it's good enough for most people" label if you're constantly online.
  • Avast performs better than Microsoft offline, but the extra coverage may not be sufficient, and the online scans are worse for modified samples. It's probably better in terms of UI/configuration (easy hardened mode?).
  • Bitdefender's online and offline scans don't differ much and seem to be falling behind other vendors. Even Microsoft’s online scans are better.
  • McAfee doesn’t seem to perform as well as expected.
  • Kaspersky's online performance is slightly better than all of the above. It maybe deserves the subscription fee if constantly online as well.
Click to expand...
I can confirm talking to K's malware analyst team lead after i saw him adding certain trojan downloader missed samples as UDS which i sent him as undetected malware that he feels that online detection is the way to go for most modern malware given that we have large quantity of malware and refused to add proper signatures. U can call it a lazy approach but given the amount of samples AVs have to process each day, it might be the only advantageous approach.
I am impressed seeing ESET's higest detection rate after K but at the same time dissapointed that offline and online detection results are quite close implying ESET's reduced importance to cloud.
 
  • Like
  • +Reputation
Reactions: SeriousHoax, [correlate], Sorrento and 6 others
Wrecker4923 said:
Commenting as a tech enthusiast looking at free stuffs, with some interests in top-reputation products:
  • ESET does seem to deserve its reputation (and maybe the subscription fee).
  • Microsoft also seems to deserve the "it's good enough for most people" label if you're constantly online.
  • Avast performs better than Microsoft offline, but the extra coverage may not be sufficient, and the online scans are worse for modified samples. It's probably better in terms of UI/configuration (easy hardened mode?).
  • Bitdefender's online and offline scans don't differ much and seem to be falling behind other vendors. Even Microsoft’s online scans are better.
  • McAfee doesn’t seem to perform as well as expected.
  • Kaspersky's online performance is slightly better than all of the above. It may deserve the subscription fee if constantly online as well.
Click to expand...
You forgot Panda.
 
  • Like
  • HaHa
Reactions: oldschool, [correlate], Sorrento and 2 others
Divergent said:
During the follow-up testing phase, researchers gave vendors the exact files they missed and later re-tested those same static hashes.
Click to expand...
I am not agreeing or disagreeing with the rest of your analysis, but I want to note that based on the test results table, the August retests were done only with the original files, not the modified files with different hashes. (I wonder why they didn't retest the modified files as well to provide more data points and perhaps a clearer picture.) Also, from the report, it states that "remaining misses from the execution test of the original test cases were shared once more with the respective vendors," which may suggest that the modified versions weren't given to the vendors.

Minimalist said:
So the difference could be result of behavioral analysis.
Click to expand...
It was also pointed out that a substantial difference between the August scans (especially the online ones?) and the September (modified?) execution may indicate improved behavioral analysis. While I don't know if there are other plausible explanations, the behavioral analysis could be one of them. For example:
  • Dr. Web: 74.8% -> 96.27%
  • Panda: 92.0% -> 99.82%
  • Quick heal: 79.8% -> 89.8%
  • Trend Micro: 83.9% -> 93.26%
The analysis you provided may explain why some of the numbers are unrealistically poor, but some of us also want to know why certain numbers have unexpectedly but noticeably improved.
 
  • Like
Reactions: ForgottenSeer 123960, Halp2001, [correlate] and 3 others
Good point @Jonny Quest. For the home user, the key takeaway is that beyond the APT headlines, the real-world protection comes down to the synergy between cloud detection and behavioral analysis.

While ESET, Kaspersky, and Microsoft show great consistency, Panda’s performance during execution is also noteworthy. Ultimately, daily threats like phishing or ransomware are well-covered as long as that dual-layer protection remains active. 🛡️💻✨
 
  • Like
  • Thanks
  • +Reputation
Reactions: Behold Eck, Zartarra, Brownie2019 and 3 others
That's the million-dollar question, @lokamoka820 and @Jonny Quest.

Personally, I don't use Panda. My current setup is Microsoft Defender paired with Hard_Configurator, as I prefer a hardening approach for my system.

Regarding the recommendation: While Panda's scores in this specific APT test are impressive, choosing an AV goes beyond a single report. Factors like system impact, consistent history in various tests (like Real-World Protection), and UI preference matter. For a home user, Panda is a solid 'set and forget' cloud option, but as Jonny mentioned, its past performance has been inconsistent. I wouldn't rush to switch just based on one test, but it's definitely an interesting 'comeback' to keep an eye on. 🧐🛡️
 
  • Like
  • +Reputation
  • Applause
Reactions: BSONE, piquiteco, Zartarra and 7 others

You may also like...