AV-Comparatives Real-World Protection Test Feb-Mar 2022 – Factsheet

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 64
Thread author
Verified
Honorary Member
Top poster
Content Creator
Well-known
Apr 24, 2016
5,349
Introduction

Our Real-World Protection Test is currently one of the most comprehensive and complex tests available, using a relatively large number of test cases. Currently, we are running this test under updated Microsoft Windows 10 Pro 64 Bit with up-to-date third-party software. Due to this, finding in-the-field working exploits and running malware is much more challenging than e.g. under a non-up-to-date system with unpatched/vulnerable third-party applications.

This fact sheet is a short overview of the Real-World Protection Test results of February and March 2022. The detailed overall result consumer product reports (covering four months each) are released in June and November. Each of the overall result reports will also contain a false-alarm test and will contain the awards the products reached based on their overall scores during the respective four-month period.
Testcases

Over the year we evaluate several tens of thousands malicious URLs. Unfortunately, many of these have to be discarded for various reasons. We remove duplicates such as the same malware hosted on different domains or IP addresses, sites already tested, “grey” or non-malicious sites/files, and malware/sites disappearing during the test. Many malicious URLs carrying exploits were not able to compromise the chosen system/applications because of the patch level. This means that the vulnerabilities in the third-party applications on the system were already patched and the exploits could therefore not deliver their malicious payload. Users should be aware that by always keeping their system and third-party applications up-to-date/patched, they can dramatically decrease the risk posed by exploits.
Test Results

The results are based on the test set of 362 live test cases (malicious URLs found in the field), consisting of working exploits (i.e. drive-by downloads) and URLs pointing directly to malware. Thus, exactly the same infection vectors are used as a typical user would experience in everyday life. The test-cases used cover a wide range of current malicious sites and provide insights into the protection given by the various products (using all their protection features) while surfing the web.

Every few months we update the charts on our website showing the protection rates of the various tested products over the various months. The interactive charts can be found on our website. The chart below shows only the protection scores for the months of FEBRUARY and MARCH 2022 (362 test cases). The results of the false-positives test are also shown in the graph below.

1650017222232.png

We would like to point out that while some products may sometimes be able to reach 100% protection rates in a test, it does not mean that these products will always protect against all threats on the web. It just means that they were able to block 100% of the widespread malicious samples used in a test.
 
F

ForgottenSeer 94654

Again, same trends again. Not very useful and provide people with a false sense of protection.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,244
From the test methodology:
... we consider all the products in each results cluster to be equally effective, assuming that they have a false-positives rate below the industry average.

Avast, AVG, Avira, Bitdefender, Kaspersky, Malwarebytes, Norton, Panda, and Trend Micro are in the same cluster (cluster 1) so they are "equally effective", despite a different number of missed samples. Norton usually produce a very high number of false positives, so its efficiency can be reduced (comparable to cluster 2). We cannot say that Avira (0 missed samples) is better in any way than Kaspersky (2 missed samples) on the basis of this test.

I m not sure in which cluster will be placed Eset, Gdata, K-7, Microsoft, and Total Defense, but it is probable that in the cluster 2. So, according to the testing methodology, they have scored slightly worse on this particular test. But the AVs with a very low number of false positives can be probably as effective as some AVs from cluster 1.(y)
 
Last edited:

Nightwalker

Level 24
Verified
Honorary Member
Top poster
Content Creator
Well-known
May 26, 2014
1,314
Hi @Shadowra, me too, Malwarebytes Does not do so well in tests normaly.
I am very happy to see that Bitdefender did 100%:love:
Norton, Trend Micro & Avira also hit the Jackpot, sweet!(y);)

Malwarebytes has been doing very well for a while, top tier actually.

Example:

 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,588
F-Secure uses Avira signatures and has a pretty good Behavior Blocker, so you can draw some conclusions based on that if you wish.
Although this is the web filtering test, so maybe not in this case? I'm not sure if they source Avira's web filtering or not.

This test would probably more accurately reflect my original comment.
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,588
surprise surprise .....Trend micro 100%
haha, but Trend Micro on my router also reflects the high false positive rate of this test.

Really this test shows if you use any decent web filtering and are careful to browse you are relatively safe on the web. Malwarebytes Browser Guard is a free and fairly privacy friendly extension, too.
 
Top