AV-TEST ATP test: defending against attacks by ransomware and info stealers

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

SeriousHoax

SeriousHoax

Level 56
Thread author
Verified
Top Poster
Content Creator
Well-known
Forum Veteran
Mar 16, 2019
4,563
36,000
5,480
Planet Earth
They are the leading vectors for attacks: ransomware and info stealers. If attacks are successful, what follows is extortion for ransom, the data ends up for sale on the Internet, or both. None of this happens if good protection software thwarts the attacks immediately. But is the software capable of doing so? The current Advanced Threat Protection – ATP – test examines 25 security packages for consumer users and corporate users in 10 scenarios in a live battle to fend off ransomware and data stealers. The Advanced Threat Protection test shows that many providers fulfill their protection promises. The test also reveals errors in some products that have consequences, however: the systems are encrypted and the data is stolen.

ATP: 25 protection products in a live test​

The test was completed by 10 products for consumer users and 15 solutions for corporate users and their endpoints. The packages for consumer users came from AhnLab, Avast, AVG, Avira, Bitdefender, ESET, F-Secure, G DATA, McAfee and Norton.

The solutions for corporate users came from AhnLab, Avast, Bitdefender (with 2 versions), Crowdstrike, ESET, Kaspersky (with 2 versions), Microworld, Qualys, Rapid7, Sophos, Symantec, Trellix and WithSecure.
1780862761850.png

Make sure to read the full test details here:
www.av-test.org

ATP test: defending against attacks by ransomware and info stealers

They are the leading vectors for attacks: ransomware and info stealers. If attacks are successful, what follows is extortion for ransom, the data ends up for sale on the Internet, or both. None of this happens if good protection software thwarts the attacks immediately. But is the software...
www.av-test.org www.av-test.org
 
  • +Reputation
  • Like
  • Sad
Reactions: Sorrento, RansomwareRemediation, Khushal and 6 others
Not good from ESET and G-Data and looks like Microsoft Defender refused to take part in this test.
ESET was also unable to detect or stop a data stealer and therefore lost all 4 points. In another case involving ransomware, detection also failed, but further protective measures took effect, stopping the attack. This meant another point taken off for ESET. At the end of the test, the solution scored 30 out of 35 points.

G DATA had an issue with a data stealer and an instance of ransomware in that it simply did not recognize the attackers, thus allowing the data to be stolen or the system to be encrypted. This meant that 7 points were lacking in the final tally, for a final score of 28 points.

The solution from ESET had a difficult challenge in this test. In the case of one info stealer, the defense was unable to stop it, and the data was gone – along with the possible 4 points. In four other cases, the ESET solution recognized the attackers, but only partially blocked them in the beginning. Therefore, the attackers were able to infiltrate attack DLLs onto the systems. But that was the end of the line, as further defense mechanisms stopped the attacks completely. This cost ESET another point in the rating in four other instances, however. In the end, ESET reached 27 out of 35 possible points on the protection score.
Click to expand...
 
  • +Reputation
  • Like
  • Sad
Reactions: Sorrento, RansomwareRemediation, Khushal and 6 others
And there is a difference why F-Secure did better (in this test) than Avira, even though it uses the AviraSDK, as it also has it's own proprietary engines/technology as well.
This is why I'll still take these test with a grain of salt either way, informational yes, including the most recent F-Secure review on the forum :)
 
  • Like
Reactions: Parkinsond, Sorrento, Khushal and 2 others
Jonny Quest said:
And there is a difference why F-Secure did better (in this test) than Avira, even though it uses the AviraSDK, as it also has it's own proprietary engines/technology as well.
This is why I'll still take these test with a grain of salt either way, informational yes, including the most recent F-Secure review on the forum :)
Click to expand...
This test is from Feb 2025 and F-Secure may have still had its DeepGuard component at the time. Actually, I'm not sure why this was posted at all given it's a year and a half old test.
 
  • Like
  • +Reputation
  • Wow
Reactions: Parkinsond, Sorrento, SeriousHoax and 3 others
realnighthax said:
This test is from Feb 2025 and F-Secure may have still had its DeepGuard component at the time. Actually, I'm not sure why this was posted at all given it's a year and a half old test.
Click to expand...
Nice catch, as Deep Guard was "replaced, renamed" Behavior Detection in March 2025, with v25.2. Rats, I want a test do over, as all of the results may have changed, would have changed since then, as the report was posted in Feb of 2025, but the research, testing may have been a month or two before?

Version 25.2​

Released March 2025

New Device Protection Security Core​

This update introduces a new security core, bringing significant changes to how protection settings and features are managed, streamlining user views and controls.

After the product has been upgraded to 25.2, there will be a period of several minutes while the new Device Protection components are being installed; during the upgrade, Windows Defender will temporarily activate.

User interface changes:

  • "DeepGuard" is renamed to "Behavior Detection".
  • The "Files checked" and "Files blocked" counters now track both signature-based and behavior detection scanning. "Applications verified" and "Applications blocked" counters are no longer displayed. These counters will reset to zero with the upgrade.
  • Real-time protection settings have been simplified and are under "Virus Protection".
  • The "Ransomware Protection" feature is now integrated into "Virus Protection" and is no longer separate.
  • "Scanning settings" page is removed, with controls now under the "Device Protection" page.
  • Running speed for scheduled scans can no longer be configured.
  • Updates for Device Protection are now grouped under a single update entry.
  • Security Cloud setting is no longer available on the Privacy page.
  • “Turn off protection” button is no longer available on the Support page.
Click to expand...
 
Last edited:
  • Like
  • Wow
Reactions: Parkinsond, Sorrento, SeriousHoax and 3 others
SeriousHoax said:
Not good from ESET and G-Data and looks like Microsoft Defender refused to take part in this test.
Click to expand...
why talking about old report buddy? Tbh ESET even in their 2026 testing struggled. What is more concerning is that the business version is no better.
1780886546802.png

www.av-test.org

ATP test: Keeping data thieves and encryptors at bay

Attackers are constantly developing new tools and tactics in order to launch attacks on Windows systems. The actual attack generally takes place through ransomware or an infostealer. In our latest Advanced Threat Protection test – or ATP test, for short – the AV-TEST team checked whether...
www.av-test.org www.av-test.org
In the end, the Windows package from ESET also detected all attackers; however, it ran into trouble in four cases. The package managed to detect two malware samples, yet it couldn’t completely stop them. Only through the use of secondary protection modules was it possible to stop the attackers. This resulted in half a point being deducted twice. The scenarios started in a similar fashion for two infostealers. Detection was a success; however, there were problems when it came to stopping the infostealers. The malware was prevented from being installed, but it was not possible to block further malware processes. And in both cases, the attackers eventually prevailed. Since data was stolen, it led to a deduction of 2.5 points in both instances. Altogether, 6 points were deducted from the protection score, which means that the ESET product earned a score of only 29 points.
Click to expand...
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Parkinsond, Sorrento, Virtuoso and 3 others
realnighthax said:
This test is from Feb 2025 and F-Secure may have still had its DeepGuard component at the time. Actually, I'm not sure why this was posted at all given it's a year and a half old test.
Click to expand...
Khushal said:
why talking about old report buddy? Tbh ESET even in their 2026 testing struggled. What is more concerning is that the business version is no better.
View attachment 298005
www.av-test.org

ATP test: Keeping data thieves and encryptors at bay

Attackers are constantly developing new tools and tactics in order to launch attacks on Windows systems. The actual attack generally takes place through ransomware or an infostealer. In our latest Advanced Threat Protection test – or ATP test, for short – the AV-TEST team checked whether...
www.av-test.org www.av-test.org
Click to expand...
My bad. I just saw the date May 8 and thought it was just last month. I missed the year.
Edit: The latest ESET result on this test isn't impressive either. Detected all yet couldn't stop two infostealer from stealing. What kind of half-ass detection is that!
 
  • HaHa
Reactions: lokamoka820, Parkinsond, Sorrento and 1 other person

You may also like...