App Review Comparative Entreprise AV : CrowdStrike - Cynet - SentinelOne - Trend Micro Apex

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra
Shadowra

Shadowra

Level 41
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
High Reputation
Forum Veteran
Sep 2, 2021
3,040
39,023
3,980
29
France
Content source
https://odysee.com/@Shadowra:f/Comparative-CrowdStrike-vs-Cynet-vs-SentinelOne-vs-TrendMicro-Apex-XDR:d
Today, we’re comparing four security solutions: CrowdStrike, Cynet, SentinelOne, and Trend Micro Apex.
Let’s see how well they protect the system!



Quick summary:

All four security solutions passed the URL test with flying colors.
However, when it comes to the full-system scan, it’s a different story.
Only CrowdStrike leaves a machine virtually unscathed.
Cynet, SentinelOne, and Trend Micro all fail against the same attack: a Wipper malware that destroys the system and the MBR.
Special mention also goes to Trend Micro, which was THE WORST antivirus because not only is it resource-intensive, but it also let a nasty worm slip through before the Wipper (Unicorn.exe). !

@kamiloxf request
 
  • Thanks
  • +Reputation
  • Like
Reactions: [correlate], stonjean633, brees504 and 20 others
Shadowra said:
Today, we’re comparing four security solutions: CrowdStrike, Cynet, SentinelOne, and Trend Micro Apex.
Let’s see how well they protect the system!



Quick summary:

All four security solutions passed the URL test with flying colors.
However, when it comes to the full-system scan, it’s a different story.
Only CrowdStrike leaves a machine virtually unscathed.
Cynet, SentinelOne, and Trend Micro all fail against the same attack: a Wipper malware that destroys the system and the MBR.
Special mention also goes to Trend Micro, which was THE WORST antivirus because not only is it resource-intensive, but it also let a nasty worm slip through before the Wipper (Unicorn.exe). !

@kamiloxf request
Click to expand...

A quick caution about the conclusion:

A single video test can be interesting, but it is not enough to establish that one product is definitively “the best” or “the worst.”

What this result does show

  • In that specific setup, with that specific malware set and product configuration, CrowdStrike appears to have handled the scenario better.
  • The other three products appear to have had trouble with the destructive stage of the attack, especially if the sample really damaged the system and MBR before protection fully stopped it.
  • If Trend Micro missed an earlier worm sample in the same run, that is worth noting, but it still remains one test result, not a universal verdict.

Important limitations of this kind of comparison

  • Enterprise security products can behave very differently depending on policy configuration, prevention mode, rollback settings, tamper protection, cloud connectivity, and whether optional modules are enabled.
  • XDR/EDR platforms are not always meant to be judged the same way as a consumer antivirus running a simple on-demand test.
  • Response quality can depend on whether the product is operating in detect-only, block, or fully managed mode.
  • A wiper or MBR-targeting sample is a high-impact scenario, but one scenario alone does not measure overall protection, false positives, visibility, remediation, lateral movement detection, or incident response value.
  • Resource usage claims also need controlled measurement to be reliable.

About the “worst antivirus” claim</B]

That is too strong based on the information shown here. A more accurate way to put it would be:

  • “In this test, Trend Micro performed poorly compared with the others.”

That stays factual without turning one result into a blanket conclusion.

How I would interpret the products in general

  • CrowdStrike is widely regarded as strong in behavioral detection, EDR visibility, and managed enterprise use.
  • SentinelOne is generally known for strong autonomous protection and rollback-focused marketing, but real-world performance can still vary by policy and scenario.
  • Trend Micro Apex One / Apex-related enterprise offerings usually rely heavily on layered defenses and policy tuning rather than one single protection layer.
  • Cynet is often positioned as a broader platform with automation and managed security elements, so test outcomes may depend heavily on deployment configuration.

Best takeaway for the thread

The video suggests CrowdStrike handled this particular destructive attack path better than Cynet, SentinelOne, and Trend Micro in that lab run.

But I would be careful about calling the others outright failures across the board, and especially careful about declaring any of them “the worst” from one test alone.

The most reasonable conclusion is that this was a strong result for CrowdStrike and a poor showing for the others in this specific scenario.
 
  • Like
Reactions: [correlate]
Bot said:
A quick caution about the conclusion:

A single video test can be interesting, but it is not enough to establish that one product is definitively “the best” or “the worst.”

What this result does show

  • In that specific setup, with that specific malware set and product configuration, CrowdStrike appears to have handled the scenario better.
  • The other three products appear to have had trouble with the destructive stage of the attack, especially if the sample really damaged the system and MBR before protection fully stopped it.
  • If Trend Micro missed an earlier worm sample in the same run, that is worth noting, but it still remains one test result, not a universal verdict.

Important limitations of this kind of comparison

  • Enterprise security products can behave very differently depending on policy configuration, prevention mode, rollback settings, tamper protection, cloud connectivity, and whether optional modules are enabled.
  • XDR/EDR platforms are not always meant to be judged the same way as a consumer antivirus running a simple on-demand test.
  • Response quality can depend on whether the product is operating in detect-only, block, or fully managed mode.
  • A wiper or MBR-targeting sample is a high-impact scenario, but one scenario alone does not measure overall protection, false positives, visibility, remediation, lateral movement detection, or incident response value.
  • Resource usage claims also need controlled measurement to be reliable.
Click to expand...
I consider Trend Micro to be the worst because it’s unstable, slow, and had to be restarted once before finishing.
I didn’t say that CrowdStrike was “the best”…
 
  • Like
  • +Reputation
  • Applause
Reactions: [correlate], stonjean633, Sorrento and 9 others
Shadowra said:
I consider Trend Micro to be the worst because it’s unstable, slow, and had to be restarted once before finishing.
I didn’t say that CrowdStrike was “the best”…
Click to expand...
That is a fair clarification.

You did not call CrowdStrike “the best.” You said Trend Micro was the worst in that test, which is a narrower claim.

What your video supports

  • If Trend Micro was unstable during the test run
  • If it was noticeably heavy on system resources
  • If it missed the worm sample before the wiper
  • If it required a restart before the test was completed

Then it is reasonable to say that in this specific comparison, Trend Micro had the weakest overall showing.

What still needs caution

Calling it “the worst antivirus” in a broad sense would still go too far unless that is backed by repeated testing under controlled conditions.

A safer wording would be:

  • “Trend Micro had the worst performance in this test.”
  • “Trend Micro was the weakest product in this particular comparison.”

That keeps the conclusion tied to the evidence shown.

Bottom line

So yes, your point is valid as long as it stays scoped to this test result. The stronger claim is not that CrowdStrike is automatically the best overall, but that Trend Micro appears to have performed the worst in this specific run.
 
  • Like
Reactions: [correlate]
Shadowra said:
I consider Trend Micro to be the worst because it’s unstable, slow, and had to be restarted once before finishing.
I didn’t say that CrowdStrike was “the best”…
Click to expand...
This matches the opinion of MSPs who’ve dealt with the business versions. Most of them mention performance degradation as the main reason to not like Trend Micro.
 
  • Like
  • +Reputation
  • Wow
Reactions: [correlate], Moonhorse, Sorrento and 9 others
Khushal said:
Absolutely crowdstrike is great but has its own set of weaknesses and its protection against EDR killers not perfect yet!
Click to expand...


I rather have Trend than the BSODs. It's a mortal sin in the AV Enterprise.
 

Attachments

  • Screenshot_20260520-204710_(1).png
    Screenshot_20260520-204710_(1).png
    1.1 MB · Views: 35
  • Like
  • HaHa
  • Sad
Reactions: [correlate], Zartarra, Zero Knowledge and 5 others
I didn't watch the video because I don't watch videos, but the screen shot you posted looks phenomenal.
Shadowra said:
Only CrowdStrike leaves a machine virtually unscathed.
Click to expand...
You didn't say it but is this the winner? Usually with your videos it easy to determine a winner or loser.
And as usual, thanks for all your hard work.
 
  • Like
  • +Reputation
  • Thanks
Reactions: [correlate], stonjean633, simmerskool and 5 others
Digmor Crusher said:
I didn't watch the video because I don't watch videos, but the screen shot you posted looks phenomenal.

You didn't say it but is this the winner? Usually with your videos it easy to determine a winner or loser.
And as usual, thanks for all your hard work.
Click to expand...

Yep , CrowdStrike came out on top in the comparison

Victor M said:
@Shadowra Are you under vendor pressure not to declare a winner?

EONS AGO I believe IBM's makes you sign a contract not to publish test scores comparing their product with another. Don't tell me they made you sign one of those.
Click to expand...
That’s never happened to me—I regularly send my test results to vendors along with the full malware package.
In fact, I get a lot of thanks (often from ESET, Bitdefender, or Avast).

Even if a vendor were to put pressure on me one day, I’d stay true to myself and remain impartial. 😉
 
  • Like
  • Applause
  • +Reputation
Reactions: [correlate], stonjean633, Jonny Quest and 7 others
Shadowra said:
Yep , CrowdStrike came out on top in the comparison


That’s never happened to me—I regularly send my test results to vendors along with the full malware package.
In fact, I get a lot of thanks (often from ESET, Bitdefender, or Avast).

Even if a vendor were to put pressure on me one day, I’d stay true to myself and remain impartial. 😉
Click to expand...
Can u tell which AV vendor's response was (fastest and best) and which was worst in these sample submission cases? I do also submit a lot of samples daily to different vendors and just wanted to get an idea whether your experience is any different.
 
  • Like
Reactions: [correlate], stonjean633, simmerskool and 2 others
Khushal said:
Can u tell which AV vendor's response was (fastest and best) and which was worst in these sample submission cases? I do also submit a lot of samples daily to different vendors and just wanted to get an idea whether your experience is any different.
Click to expand...

For me, the fastest ones are Avast, Avira, and Kaspersky.

The worst is Eset. They add updates, but they don't always provide a fix...
And for some GDI malware, it can even take several days...
 
  • Like
  • +Reputation
Reactions: [correlate], stonjean633, Jonny Quest and 3 others
Shadowra said:
Even if a vendor were to put pressure on me one day, I’d stay true to myself and remain impartial
Click to expand...
The question is not whether you would remain impartial. The question is why did you change the video summary. You usually report a winner. You usually report each product's score - eg malware remaining.

What did you agree to with the vendors in order to get the software ?
 
  • Like
  • Wow
Reactions: [correlate], stonjean633, simmerskool and 3 others
Victor M said:
The question is not whether you would remain impartial. The question is why did you change the video summary. You usually report a winner. You usually report each product's score - eg malware remaining.

What did you agree to with the vendors in order to get the software ?
Click to expand...

Nothing.
The publishers didn't provide me with the licenses; it was the person who submitted the request. They didn't ask for anything regarding the summary either.

If the summary is brief, it's just because I didn't have enough time (the next ones will be detailed again; I'm not changing how I work, of course).
 
  • Like
  • +Reputation
  • Thanks
Reactions: franz, [correlate], stonjean633 and 4 others

You may also like...