AV-Comparatives Malware Protection Test March 2022

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,045
Introduction

In the Malware Protection Test, malicious files are executed on the system. While in the Real-World Protection Test the vector is the web, in the Malware Protection Test the vectors can be e.g. network drives, USB or cover scenarios where the malware is already on the disk.

Please note that we do not recommend purchasing a product purely on the basis of one individual test or even one type of test. Rather, we would suggest that readers consult also our other recent test reports, and consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows a program to be tested in everyday use before purchase.

In principle, home-user Internet security suites are included in this test. However, some vendors asked us to include their (free) antivirus security product instead.
Test Procedure

The Malware Protection Test assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. The methodology used for each product tested is as follows. Prior to execution, all the test samples are subjected to on-access and on-demand scans by the security program, with each of these being done both offline and online. Any samples that have not been detected by any of these scans are then executed on the test system, with Internet/cloud access available, to allow e.g. behavioural detection features to come into play. If a product does not prevent or reverse all the changes made by a particular malware sample within a given time period, that test case is considered to be a miss. If the user is asked to decide whether a malware sample should be allowed to run, and in the case of the worst user decision system changes are observed, the test case is rated as “user-dependent”.
Detection vs. Protection

he File Detection Test we performed in previous years was a detection-only test. That is to say, it only tested the ability of security programs to detect a malicious program file before execution. This ability remains an important feature of an antivirus product, and is essential for anyone who e.g. wants to check that a file is harmless before forwarding it to friends, family or colleagues.

This Malware Protection Test checks not only the detection rates, but also the protection capabilities, i.e. the ability to prevent a malicious program from actually making any changes to the system. In some cases, an antivirus program may not recognise a malware sample when it is inactive, but will recognise it when it is running. Additionally, a number of AV products use behavioural detection to look for, and block, attempts by a program to carry out system changes typical of malware. Our Malware Protection Test measures the overall ability of security products to protect the system against malicious programs, whether before, during or after execution. It complements our Real-World Protection Test, which sources its malware samples from live URLs, allowing features such as URL blockers to come into play. Both tests include execution of any malware not detected by other features, thus allowing “last line of defence” features to come into play.

One of the significances of cloud detection mechanisms is this: Malware authors are constantly searching for new methods to bypass detection and security mechanisms. Using cloud detection enables vendors to detect and classify suspicious files in real-time to protect the user against currently unknown malware. Keeping some parts of the protection technology in the cloud prevents malware authors from adapting quickly to new detection rules.
Test Results

1650017610791.png
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
320
ESET had bad test results during two test periods. What happened? I found that ESET pays little to no attention to sample submissions from users - they barely responded to my submissions of undetected samples.

P.S., kudos to AVC because unlike other tests, it can differentiate top AV products.
 
Last edited:
F

ForgottenSeer 94654

Oh look. Same results every time, basically. Not very useful just looking at results on a monthly basis. Must consider results across years, and that in itself is highly problematic for various reasons. Then careful testing reveals this kind of testing gives a false sense of protection.

Oh well. People just love these marketing tests.
 
  • Like
Reactions: Sorrento

cofer123

Level 1
Sep 7, 2021
22
ESET had bad test results during two test periods. What happened? I found that ESET pays little to no attention to sample submissions from users - they barely responded to my submissions of undetected samples.

P.S., kudos to AVC because unlike other tests, it can differentiate top AV products.
ESET tests have been disappointing for a while... sometimes I wonder if it's still worth it.

What I find most annoying is that, on the ESET forums at least, Marcus always deflects these results claiming that the premium product offered by ESET is Smart Security Premium, downplaying the relevance of the results since the tested product was EIS. This is a very poor excuse though, because:
  • The only relevant difference of EIS and ESSP is the recently added LiveGuard module, which offers a protection layer other AV suites offer in their cheaper products;
  • EIS is not cheap, nor a basic protection product, yet its protection performance is questionable;
  • Free AVs like Microsoft Defender provide better results than ESET does with a paid product.
 

Gandalf_The_Grey

Level 61
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,045

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,289
Yeah it is definitely a weak spot.

But not necessarily a problem because "everyone" is connected to the internet "all the time".

Some may argue that offline protection is needed in case malware blocks the internet connection, well, if that happens the security solution already failed, so whatever.
 

Trooper

Level 15
Verified
Top poster
Well-known
Aug 28, 2015
734
But not necessarily a problem because "everyone" is connected at internet "all the time".

Some may argue that offline protection is needed in case malware blocks the internet connection, well, if that happens the security solution already failed, so whatever.

Agreed. If that happens it's time to whack the device or restore from backups.
 

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,289
Norton's false positives rate: 4/10,040 - being TOP 5 on handling FP's while scoring 100% protection rate. (on this test)

Where are the haters now?

Spoilers: they be :sleep: :sleep: :sleep: :sleep:

Try here:

1650017222232-png.265927



 
  • Like
Reactions: Sorrento

RoboMan

Level 34
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,344
Try here:

1650017222232-png.265927



That's a whole different test lol, this test you show has the web as the attack vector, while the one we're debating about is the protection against the execution of malware.
 
  • Like
Reactions: Sorrento

Nightwalker

Level 23
Verified
Helper
Top poster
Content Creator
Well-known
May 26, 2014
1,289
That's a whole different test lol, this test you show has the web as the attack vector, while the one we're debating about is the protection against the execution of malware.

I know all that, what I answered was "Where are the haters now?"(probably in that thread that I posted the link.)
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,566

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
320
ESET tests have been disappointing for a while... sometimes I wonder if it's still worth it.

What I find most annoying is that, on the ESET forums at least, Marcus always deflects these results claiming that the premium product offered by ESET is Smart Security Premium, downplaying the relevance of the results since the tested product was EIS. This is a very poor excuse though, because:
  • The only relevant difference of EIS and ESSP is the recently added LiveGuard module, which offers a protection layer other AV suites offer in their cheaper products;
  • EIS is not cheap, nor a basic protection product, yet its protection performance is questionable;
  • Free AVs like Microsoft Defender provide better results than ESET does with a paid product.
Yes. I actually love ESET’s detection methodology - using one signature to detect a number of virus variants, unlike other AVs tending to name new malware as Trojan.Generic.xxx.

But ESET is too arrogant to consider users’ feedback, including sample submissions. Also, ESET is crazy about false positive control, which may partially result in its bad performance at detecting malware. IMO, if I have zero tolerance to false positives, I won’t install any AV products. A certain number (below industry avg.) of false positives is acceptable, as long as it’s easy to exclude and submit samples and the vendor can rectify this error in a timely manner.

I have tried ESSP with LiveGuard included, and I must say LiveGuard’s behavior is annoying because it will block unknown apps from being accessed for some minutes and the detection rate has not significantly improved.
 
Last edited:

safetrend

Level 1
Apr 15, 2022
45
Yes. I actually love ESET’s detection methodology - using one signature to detect a number of virus variants, unlike other AVs tending to name new malware as Trojan.Generic.xxx.

But ESET is too arrogant to consider users’ feedback, including sample submissions. Also, ESET is crazy about false positive control, which may partially result in its bad performance at detecting malware. IMO, if I have zero tolerance to false positives, I won’t install any AV products. A certain number (below industry avg.) of false positives is acceptable, as long as it’s easy to exclude and submit samples and the vendor can rectify this error in a timely manner.

I have tried ESSP with LiveGuard included, and I must say LiveGuard’s behavior is annoying because it will block unknown apps from being accessed for some minutes and the detection rate has not significantly improved.
I totally agree with your opinion. Eset lays too much stress on FP. yes, it's important but not more than protection itself. When I used ESET, I set the protection to all agressive, and it was like other AV's normal protection.

By the way, Do you know how effective Live Guard is? As I know, it's kind of sandbox module just like one in the Avast. I felt the machine learning of ESET(so called Augur) was effective, but I don't know much about Live Guard.