MRG Effitas MRG Effitas 360 Degree Assessment & Certification Q4 2020

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
This test is for businesses, so the tested AVs have some Advanced Threat Protection features. The results cannot be compared to the results of AV Home versions.

1614684355462.png


1614684604008.png


1614684652971.png


Non-default endpoint protection configurations.
Endpoint protection software was running on custom configuration if suggested by the vendor.
  • Avast Business: Antivirus Detailed logging was enabled via configuration file.
  • Avira Antivirus Pro: Log level was set to ‘Complete’ instead of ‘Default’ in ‘System Scanner’ and in ’Real-Time Protection’.
  • ESET Endpoint Security: Detection of ‘Potentially unwanted applications’ and ‘Potentially unsafe applications’ were turned on among with ‘SSL/TLS protocol filtering’.
  • Microsoft Windows Defender: Microsoft Defender ATP endpoint detection and response capabilities were turned on including ASR rules.
Default endpoint protection configurations
  • Bitdefender Endpoint Security
  • F-Secure Computer Protection Premium
  • Symantec Endpoint Protection
  • Trend Micro Security
A detailed report (and more charts) is available here:
 
Last edited:

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Endpoint protection software was running on custom configuration if suggested by the vendor.
Awesome that MRG Effitas implemented this testing policy. I don't think Defender would have scored so highly with the fileless samples if ASR Rules weren't included. Again, though, this is Enterprise, where ground zero can have more far-reaching impacts.

Thanks, this is always interesting to read. (y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
So, Defender move from 80% miss to 0% in just ~1year?
Awesome!
Ha, ha. This high jump was made fully by MRG Effitas. :)
They simply changed the Defender settings, that were already available for a long time. They discovered that testing Defender with default settings (ATP settings disabled) is kinda stupid when testing the business AVs.
 

Nagisa

Level 7
Verified
Jul 19, 2018
341
There is no dfifference in protection between those two, the Endpoint Protection "just" have a cloud console to manage clients; the core technology is the same.
Suspicious Activity Monitoring is only included in the Endpoint version AFAIK and this explains how it succeeded well in this compared to tests of its home products. %22,50 of threats are blocked by behavior.

 

James246

Level 1
Verified
Jan 19, 2018
42
There is no dfifference in protection between those two, the Endpoint Protection "just" have a cloud console to manage clients; the core technology is the same.

Suspicious Activity Monitoring is only included in the Endpoint version AFAIK and this explains how it succeeded well in this compared to tests of its home products. %22,50 of threats are blocked by behavior.

I sure as hell never saw that result coming for Malwarebytes, I wonder if the result is a once off fluke or have they made a breakthrough - I hope the latter.
 

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Ha, ha. This high jump was made fully by MRG Effitas. :)
They simply changed the Defender settings, that were already available for a long time. They discovered that testing Defender with default settings (ATP settings disabled) is kinda stupid when testing the business AVs.
But do businesses actually bother to change settings?
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There is no dfifference in protection between those two, the Endpoint Protection "just" have a cloud console to manage clients; the core technology is the same.
From the datasheet about Endpoint Protection (https://www.malwarebytes.com/pdf/datasheets/MBEPDatasheet.pdf)

  1. Web Protection
    Prevents access to malicious websites, ad networks, scammer networks, and bad neighborhoods.
  2. Application Hardening
    Reduces vulnerability exploit surface and proactively detects fingerprinting attempts used by advanced attacks.
  3. Exploit Mitigation
    Proactively detects and blocks attempts to abuse vulnerabilities and remotely execute code on the endpoint.
  4. Application Behavior Protection
    Prevents applications from being leveraged to infect the endpoint.
  5. Anomaly Detection
    Proactively identifies viruses and malware through machine learning techniques.
  6. Payload Analysis
    Identifies entire families of known and relevant malware with heuristic and behavioral rules.
  7. Ransomware Mitigation
    Detects and blocks ransomware via behavioral monitoring technology.
It seems that points 2, 4,5, and 6 are not (fully) implemented in MB.

Malwarebytes Endpoint Protection uses centralized management through the Malwarebytes Nebula platform.
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
From the datasheet about Endpoint Protection (https://www.malwarebytes.com/pdf/datasheets/MBEPDatasheet.pdf)

  1. Web Protection
    Prevents access to malicious websites, ad networks, scammer networks, and bad neighborhoods.
  2. Application Hardening
    Reduces vulnerability exploit surface and proactively detects fingerprinting attempts used by advanced attacks.
  3. Exploit Mitigation
    Proactively detects and blocks attempts to abuse vulnerabilities and remotely execute code on the endpoint.
  4. Application Behavior Protection
    Prevents applications from being leveraged to infect the endpoint.
  5. Anomaly Detection
    Proactively identifies viruses and malware through machine learning techniques.
  6. Payload Analysis
    Identifies entire families of known and relevant malware with heuristic and behavioral rules.
  7. Ransomware Mitigation
    Detects and blocks ransomware via behavioral monitoring technology.
It seems that points 2, 4,5, and 6 are not (fully) implemented in MB.

Malwarebytes Endpoint Protection uses centralized management through the Malwarebytes Nebula platform.

Actually they are; points 2, 4 are part of the anti exploit protection, 5 and 6 are part of the Katana engine.

Many of those protection mechanisms exists in the standalone Anti Exploit module since when it was developed by Pedro Bustamante in 2013 while his was the founder of Zero Vulnerability Labs.


https://www.malwarebytes.com/pdf/guides/MBAEBGuide.pdf
Malwarebytes 4.0 for Windows - build 1.0.804 released January 27, 2020 (Katana Engine)

About Nebula, thats what I mean with cloud console, Nebula is literally a kind of cloud (interstellar cloud) and it is just a marketing term here.
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Suspicious Activity Monitoring is only included in the Endpoint version AFAIK and this explains how it succeeded well in this compared to tests of its home products. %22,50 of threats are blocked by behavior.


Not really, this is a remediation module, not a protection one, thats why the name "response".

This module is to remediate infected machines, to clean infections, it needs manual input from a system administrator and that is not in the MRG test scope.

Edit: Now that I paid more attention, what MRG tested was the "normal" Endpoint Protection version, so no "Response" module there anyway.
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
I still believe that while Malwarebytes is far from perfect it actually offers more robust protection in real scenario usage than many products that score higher in tests, the reason for that is the Web Protection combined with the Anti Exploit, together they neutralize many payloads methods (malvertising, macros, exploits and so on) and that said Malwarebytes PUP detection is very agressive too, losing just to ESET in my experience.


My thoughts about MB protection in a old thread:

I will see the video later, but it seems that Malwarebytes had a nice result, anyway I have to say that it is a product that performs much better than people and AV testers give credits for.

The reason for that is because of the present malware landscape, mainly PUPs, fake extensions, ransomware, malvertising, exploits; all of those threats are handled with efficiency by Malwarebytes 4, sometimes much better than big players.

Is it worth the price or the system resources? Is it enough to be used alone? Is it better than lets say Kaspersky?

I think the answer for all those questions are a big NO, but it is still a nice product that makes my web browsing experience much more comfortable; personally I like to run it with all its modules disabled, except for Web Protection, along with Microsoft Defender.



I have been using and testing Malwarebytes since version 1.75; I actually was gifted by Pedro Bustamante with a special unlimited vitally license for it so I may give it another trial later.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Actually they are; points 2, 4 are part of the anti exploit protection, 5 and 6 are part of the Katana engine.
Could you give us the source of the above information? I still doubt that these features are fully implemented.
I also noticed that the Nebula Console has the ability to change the Malwarebytes Policies and can load several profiles. Although one test means nothing, the Malwarebytes Endpoint Protection got perfect scoring in MRG Effitas which is in clear contradiction with many other tests for MB.
As you know Defender free has got also the core technology of the full product. Simply some features cannot be configured from Security Center and some are available only via Enterprise Licences.
So using the Katana engine in MB and in Endpoint Protection can be different.

Edit.
If I correctly remember Nebula can also use cloud sandbox investigations. Does MB Premium use this feature?

1614725660062.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top