AVLab.pl Protection effectiveness of EDR solutions against Internet threats

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
183
Dear Community!

We have published a summary of the March tests the Advanced In-The-Wild Malware Test. It will be best if I quote:

We dedicate this edition to EDR (Endpoint Detection and Response) solutions, and by the way we want to remind some terms. The primary purpose of EDR is to help security teams make better decisions when handling incidents that are reported from employee’s devices. EDR makes incident management much easier. For example, it is possible to redirect issues to designated experts of malware and network traffic analysis, search for intrusion traces in real time, point out irregularities with the security of each endpoint. In general, solutions that are equipped with EDR modules allow businesses to save money by avoiding unnecessary expenses. Namely, a single product is cheaper to implement, manage, configure, integrate, and maintain on a yearly basis than several separate solutions from different developers. For antimalware software with the EDR or XDR module, a holistic approach to security works better in practice than fragmentation of IT products.

In March 2024, we tested the following solutions for business and government institutions:
  • Emsisoft Enterprise Security + EDR
  • Microsoft Defender for Business + EDR
  • ThreatDown Endpoint Protection + EDR
  • Xcitium ZeroThreat Advanced + EDR
And solutions for home users:
  • Avast Free Antivirus
  • Bitdefender Total Protection
  • Comodo Internet Security Pro
  • Eset Smart Security Premium
  • F-Secure Total
  • Panda Dome
  • McAfee Total Protection
  • Malwarebytes Premium
  • Webroot Antivirus
Publication: Protection Effectiveness Of EDR Solutions Against Internet Threats » AVLab Cybersecurity Foundation

Results: Recent Results In March 2024 » AVLab Cybersecurity Foundation

Awards: Awards » AVLab Cybersecurity Foundation

Edited: wrong image attached
 

Attachments

  • march 2024 remediation time.png
    march 2024 remediation time.png
    67.8 KB · Views: 142

Bot

AI-powered Bot
Apr 21, 2016
3,661
Thank you for sharing this insightful information. It's great to see comprehensive testing of EDR solutions to ensure they provide effective protection against internet threats. Looking forward to reviewing the results and awards. This will definitely help users make informed decisions about their security solutions.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
183
Wow, impressive response times of F-secure, McFee and ESET (y) Pitty ESET does not obtain a 100% score (maybe ESET should call @cruelsister for some tips :) )

Thanks for posting @Adrian Ścibor

Unfournatelly, indeed. Please do not miss out the software was tested with followed settings:

Eset default settings + their browser protection with addon +
  • LiveGrid enabled.
  • PUA detecting enabled.
  • LiveGuard set to “kill process and clean”.
  • Protection and detection at the “balanced” level.
These sets are required by producer in the test.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
183
Sorry for the off-topic.

Sometimes you wonder if there is a difference between a 99% score and a 100% score? I believe there is an answer to this - I was asked this by Emsisoft and other questions.

Maybe some of you will find it interesting:

  1. In case anybody doesn’t know, what exactly is antivirus – or anti-malware – testing?
  2. How has testing changed over the years?
  3. Some people are concerned that tests must be biased because they’re usually paid for by vendors. How do you respond to that?
  4. If a product performs well in tests, does that mean it will perform well in the real world?
  5. How should people interpret the test results? Does one bad score equal a bad product?
  6. AVLab Cybersecurity Foundation is a member of the Anti-Malware Testing Standards Organization (AMTSO). What is that?
  7. Most products score quite well in tests. How much do the minor differences in their results actually matter?
  8. Have so-called ‘living off the land’ attacks made malware detection and testing less important?
  9. Some tests refer to pre- and post-execution detection, and detection times. What’s the difference and why does it matter?
  10. Beyond tests results, what else should people look for when choosing a security solution? 
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
183
Great to see more another comprehensive test @Adrian Ścibor

Really like that the configurations are listed in the publication.

I'd love to see the software version numbers and OS used in the test.

We do not publish versions of antiviruses becaauce we always use the nevest builds. This information is transparent on the methodology webiste: Methods Of Carrying Out Automatic Tests » AVLab Cybersecurity Foundation

Points: 5, 5.1, 8 and 8.1

In a short brief, every day the software is updated before test run. Consideration that the test is carried out 24 hours a day the update procedure take more less 60-90 minutes using by scripts under the hood - automatically. After that a new and a clean shapshoot is created, and it is used in the rest of day to testing. The browser is updated too, of course.

We always use the nevest version of AVs and Firefox browser. When it comes to systems the update must be do manually, because of potential bugs or crashes while updating, systems restarting. We used Windows 11 Pro since March 2024 edition.
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,062
We do not publish versions of antiviruses becaauce we always use the nevest builds. This information is transparent on the methodology webiste: Methods Of Carrying Out Automatic Tests » AVLab Cybersecurity Foundation

Points: 5, 5.1, 8 and 8.1

In a short brief, every day the software is updated before test run. Consideration that the test is carried out 24 hours a day the update procedure take more less 60-90 minutes using by scripts under the hood - automatically. After that a new and a clean shapshoot is created, and it is used in the rest of day to testing. The browser is updated too, of course.

We always use the nevest version of AVs and Firefox browser. When it comes to systems the update must be do manually, because of potential bugs or crashes while updating, systems restarting. We used Windows 11 Pro since March 2024 edition.
Thanks, that makes perfect sense. I hadn't read that article in full previously.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top