You know what I don't understand about these tests? I see that VMware Carbon Black had a 100% score when 1009 malware samples were executed on the system. But how come that it failed to detect a whopping 36 samples in the Real-World test? The question is, did it only fail to detect malicious URLs, or did it actually fail to detect and block 36 malware samples? ESET and Sophos also missed 10 and 8 samples, which isn't that good either.
The difference is newer malware vs older malware (From one week to a few weeks older). In the Real-World test samples are newer, in the Malware Protection Test samples are older.
Oh yes, good point. But I wish AV-C would be more clear about this, and why not also disclose what type of malware was able to bypass these AV's? I have asked Ronny from Sophos to react to this topic, I know he's busy, but hopefully he will still give a response. I just wonder how it's possible from a technical point of view that Sophos coulnd't block the malware. Was it perhaps because of that malware was triggered by some exploit? But that should be actually one of the strenghts of HMPA/Sophos Intercept X.