AV-TEST Advanced Endpoint Protection: Ransomware Protection test

Discussion in 'other anti-virus software' started by Space Ghost, Oct 5, 2021.

  1. Space Ghost

    Space Ghost Registered Member

    Joined:
    Apr 21, 2011
    Posts:
    190
    Location:
    Poland
    https://www.av-test.org/fileadmin/pdf/reports/AV-TEST_Kaspersky_Ransomware_Test_September_2021_EN.pdf
    source
     
  2. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    617
    Location:
    Surabaya Indonesia
    Kaspersky :thumb::thumb::thumb:
     
  3. KonradPL

    KonradPL Registered Member

    Joined:
    Jan 4, 2020
    Posts:
    8
    Location:
    Poland
    the test was sponsored by Kaspersky so take it with grain of salt ;)
     
  4. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    617
    Location:
    Surabaya Indonesia
    really ?? :argh::argh:
     
  5. entropism

    entropism Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    500
    literally under the title:

    "The test was commissioned by Kaspersky and conducted by AV-TEST GmbH. All rights to the test results and the report belong to Kaspersky"
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Really!
     
  7. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    617
    Location:
    Surabaya Indonesia
  8. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    If Kaspersky sponsored this, it is the equivalent of companies paying another company to evaluate a product or service and this happens a lot in the real world. So conflicts of interests abound...
     
  9. Magic_The

    Magic_The Registered Member

    Joined:
    Jun 24, 2015
    Posts:
    40
    More money = winner.
     
  10. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Agree with you but do we have any real proof that Kaspersky paid for that test?
     
  11. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    Thats why I said "if"
     
  12. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    Personally, when I see this kind of commissioned test, I sometimes prefer to focus on the one that got second place.
     
  13. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    If one vendor got 86% in one of the tests Kaspersky getting 100% is definitly not out of "not cheated in any way" territory. Plus this is the only av-test that doesn't show all vendors with 99% protection rate, so it is actually useful. We need more tests like this. This is actually the only av-test worth looking at, av-test's normal tests are useless cuz they all say 99% or stuff like that, cruelsister been saying it for long time that they're useless cuz everyone gets high scores cuz they scan easy files or old files.

    Even if you take kaspersky's results with a grain of salt, the results of the other programs should not be modified. At the very least they should be with default settings, but i highly doubt Kasperksy went on and just used the worst settings, after all, AV-TEST is not just gonna stand there and look while the kaspersky guy is setting the worst settings for the other programs... So while Kaspersky may have inflated its score (although again if someone else got 86% kaspersky getting 100% legitimately is not unreasonable at all), at least we know the scores of the other programs are correct. Also i think avast is missing because its hardened mode would slaughter ransomware.

    Keep in mind the Enterprise version of many vendors is the same as the home version with maybe more indepth firewall scanning and ofc all the enterprise tools like cloud management remote management control panel etc. etc. but the protection stuff is usually the same as in the home version aka nothing new is added altho for some it is.

    Bitdefender getting 36% is not surprising at all if we judge by that Kaspersky vs Bitdefender video in youtube where kaspersky with just 1 component has 100% protection rate while bitdefender with ALL its components still misses 1 sample out of like 60 smth.

    I don't know about the other AVs but chances are they used default settings but ESET failing with 0% is quite disappointing if there isn't smth that isn't turned on by default that would make all the difference (like avast's hardened mode would).

    Also Microsoft with Configure Defender should definitely get higher score, i think. Pretty much the only think that bypasses it is Trusted Stuff, but it's not easy to get such trusted certificate for malware. But ofc i highly doubt they applied SRPs and all the other stuff from Configure Defender for testing Microsoft.

    @Triple Helix Webroot 0% ~ Off Topic Video Removed ~
     
    Last edited by a moderator: Oct 8, 2021
  14. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    344
    Location:
    Finland
    McAfee Endpoint is the best but it's hardest to configure. Took 2 weeks to learn to configure it for my likings. The best, effective EDR solution i've used.
     
  15. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    It literally tells you it was
     

    Attached Files:

  16. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,177
    Location:
    Canada
    Thanks @flyrfan111, couldn’t be more clear:eek: money, money…
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, I also didn't even notice that it was sponsored by Kaspersky. However, this doesn't mean that the test results are bogus.

    Good to see that almost all tools had no problems with blocking real life ransomware samples. I'm not sure what to think about the proof of concept ransomware test, I assume these were simulators.

    But the question is, why did so many tools have difficulty protecting remote shared folders? Hopefully they will be able to improve this. Especially from Sophos I expected more, because it's based on HMPA's CryptoGuard.
     
  18. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Prob because they were either very simple malware or just already marked as malware by signature

    Yeah the last one's weird. I never used remote folders so i can't comment. But on that test specifically, i'm sure kaspersky adjusted their program beforehand to block em.
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I don't think these samples were simple or anything, they probaly got caught by the cloud scanners that almost all AV's are using nowadays. And Kaspersky simply knew that it would nail this test, while others would fail, nothing wrong with that.

    Like I said, they did sponsor this test but that doesn't mean those results weren't real. Makes me think about years ago when SurfRight released a sponsored test where HitmanPro.Alert performed way better than other anti-exploit tools. But then Malwarebytes striked back with another report where MBAE performed better LOL.
     
  20. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    Yeah people are wondering if "this test is real". This is the only real test we've seen from av-test in a long time. What's the point of comparing AVs if they all say 6/6 or 5.5/6? Such a flawed useless metholodology. Turn off the cloud scanning and stuff like that and only then you can test how much it protects. Or try to calculate TTD as cruelsister said it, time to detection of a file.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes exactly, finally a test where everything is explained clearly how things are tested, similar to testing done by MRG Effitas. I hate it when they don't disclose what type of malware was tested and which samples AV's failed to block.
     
  22. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    MRG Effitas is jsut as trash

    https://www.mrg-effitas.com/wp-content/uploads/2021/08/MRG_Effitas_360_Q2_2021.pdf

    Everyone getting 99% and 100%, no conclusions at all other than Malwarebytes and Trend Micro are trash (or not configured properly, or bad default configuration)

    Also u can tell the amount of tests they used by the number. In the exploit/fileless test, they go by 12.50%, so they used exactly 8 samples. Well it's possibly th ey used any number of 8, like 16 24 32 but that's extremely unlikely because there's not even one 6.25% test. So they used 8 samples. And then on the false positives they used 1000 (again extremely likely) because of the lowest number being 0.10%. So other than Trend Micro sucking and Malwarebytes ironically cuz of MBAE with its exploit protection missing everything, there is no other conclusion u can get from their testing because just like all the other testing labs EVERYTHING IS AT 99 or 100%!!!!!!!!!!! What is this the point of this useless test!!!!!!!!
     
    Last edited: Oct 13, 2021
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I have to disagree with you on this one. To me it's not about AV's getting the same protection score, to me it's about clearly explaining how things were tested and what malware was used. They always explain things clearly, for example in this test they used 360 malware samples, 18 PUA samples, 12 financial malware samples, 51 ransomware samples and 8 exploits.

    They also used a banking trojan simulator which is based on a malicious browser extension, which is not often seen in real life, so I believe they should stop doing this. They also used a ransomware simulator, I suppose this is using new file encryption techniques, similar to the one in the Kaspersky sponsored AV-TEST. And they even clearly explain what type of exploits were used, so what's not to like about this test.
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    pff i think u'd be surprised what kind of crap people install

    https://www.aivanet.com/wp-content/uploads/2013/12/internet-explorer-toolbar-overload.jpg

    Well i don't like that all the products have perfect or near perfect score, it means the testing is weak as it cannot pressure the antiviruses to show which one is actually better. It's like u test 10 formula 1 cars but they can only go up to 60 km/h and u're like "oh wow they all get to 60 km/h in X seconds wow they're all amazing for driving highly recommended!!!! "

    But yeah i like that they say the samples. Would be nice if u could download em too, for full transparency.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    It's not surprising that most AV's get the same protection score, it's because most AV's have got no difficulty blocking 99% of all ''in the wild'' malware. So I don't see why you wouldn't trust a test that shows you these kind of results.

    Also, I don't believe that hackers are making use of malicious extensions to hijack online banking, AFAIK they still make use of banking trojans. Correction, I just did a search, and turns out that malicious extensions have been used in attacks, what the hell?

    https://threatpost.com/google-removes-chrome-extension-used-in-banking-fraud/127469/
    https://www.zscaler.fr/blogs/securi...steals-cookies-and-credentials-bank-customers
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.