foxtigerjungle 3 Posted September 26 Share Posted September 26 Hi, ESET doesn't do quite as well here. Windows Defender is surprisingly in first place. Can ESET improve the product based on these results? Greetings Quote The second group with 2 tests consisted of 8 products. These included the manufacturers G Data, McAfee, Microworld, Norton, PC Matic each with 70 out of 70 possible points. Thus, they detected and fended off all 20 attacks in the 2 tests. This group also included Avira, ESET and F-Secure. While the packages detected all the attackers, they had occasional problems in the subsequent defensive measures. https://www.av-test.org/en/news/atp-endurance-test-31-security-products-for-6-months-in-the-advanced-windows-10-test/ Quote Link to comment Share on other sites More sharing options...
sesk 23 Posted September 26 Share Posted September 26 based on the article, some products were tested for 6 months (3tests), other 4 months (2tests) and other 2 months (1test). thus you cannot compare 3tests participants to 2tests participants. Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 26 Share Posted September 26 (edited) I wouldn't be too concerned about Eset performance in this test. The commercial product scored high; Quote ATP endurance test result: 17 corporate user solutions The second group with 2 tests of company products consisted of 8 packages. In the evaluation, all solutions each detected 20 attacks on the systems. The products from ESET, HP Security, both versions from Kaspersky, Qualys, Symantec and WithSecure all received the maximum achievable 70 points for their protection score. Only Microsoft Defender Antivirus Enterprise lost a point in the test, achieving 69 points. which is applicable to ATP attacks. These threat actors are interested in high value targets; not home users. Edited September 26 by itman Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 26 Share Posted September 26 (edited) To quote an old trusism, "The devil is in the detail." Let's review in detail the individual consumer set tests. https://www.av-test.org/en/news/ransomware-and-info-stealers-17-security-solutions-in-the-atp-test/ Eset did not participate in this test set. Question is why? However, Bitdefender which is supposedly known for excellent ransomware protection, well .......... Quote It was not a good test day for Bitdefender. At first, an info stealer was not recognized and was not thwarted over the course of the test. Data was stolen accordingly and the first 4 points were lost. Moreover, in two cases, the attackers with ransomware were detected but not completely stopped. Although other defense mechanisms took effect, individual files were ultimately encrypted in 2 scenarios. https://www.av-test.org/en/news/disguise-and-deception-how-brand-new-malware-attacks-are-carried-out-on-windows-systems/ Quote While the protection package from ESET received 30 out of 35 points, in the end it was defeated by ransomware, despite detection of the attack – the data was encrypted! In an additional instance, an info stealer was able to proliferate, despite detection, but it was held up in later steps by an internal protection technique. Whereas I am not surprised by the ransomware miss, Eset needs to do more work here in their consumer products. https://www.av-test.org/en/news/cybersecurity-defense-against-the-latest-attacking-techniques-in-the-atp-test/ Perfect detection score by Eset. Edited September 27 by itman Quote Link to comment Share on other sites More sharing options...
foxtigerjungle 3 Posted September 26 Author Share Posted September 26 I hope that ESET also looks at such tests and improves the product. The question is why, for example, Bitdefender is usually always better. What do they do differently or better? Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 26 Share Posted September 26 7 minutes ago, foxtigerjungle said: The question is why, for example, Bitdefender is usually always better. What do they do differently or better? Err..... Reread what I posted above. It did not do well against either ransomware or infostealers. Quote Link to comment Share on other sites More sharing options...
rotaru 10 Posted September 26 Share Posted September 26 ESET never treated seriously this kind of tests , with feedback to the posters. ESET will just embrace the posture" use whatever you feel comfortable with" and that's it! For years ESET was/is behind Microsoft Defender and /or other free solution. Yet , they do not seem to be concerned. Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 26 Share Posted September 26 6 minutes ago, rotaru said: For years ESET was/is behind Microsoft Defender and /or other free solution. Microsoft Defender "stellar" performance on these tests is suspicious to me. I could not find out any optional configuration product allowances for these tests. However, I strongly suspect that Defender had all available ASR mitigations deployed in these tests. Quote Link to comment Share on other sites More sharing options...
rotaru 10 Posted September 26 Share Posted September 26 (edited) 20 minutes ago, itman said: Microsoft Defender "stellar" performance on these tests is suspicious to me. Sure, if you cannot deny it, make it "suspicious"..... Look at all tests in the last 2-3 years on AV Comparatives, Defender is ALWAYS ahead ESET. There is a free utility (ConfigureDefender.exe) and ANY user can enable ASR mitigations rules by the click of a button. Edited September 26 by rotaru Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted September 27 Share Posted September 27 (edited) 15 hours ago, rotaru said: There is a free utility (ConfigureDefender.exe) and ANY user can enable ASR mitigations rules by the click of a button. There have been multiple past ransomware bypasses of Microsoft Defender via; Quote Windows Defender Controlled Folder Access is its main ransomware protection feature which can be completely bypassed by ransomware pretending to be a trusted process like explorer.exe as seen in this test vs a sample created by our discord community https://www.youtube.com/watch?v=PEQ7G3XQsIA Also related is in addition to explorer.exe, many other .exe's that would be allowed access to the Controlled Folders such as notepad.exe run with User privileges. This makes .dll injection into them a trivial matter allowing for ransomware to be deployed from them. Add to this, attackers have added their malware executable's to MD's real-time scanning exclusion list. Edited September 27 by itman Quote Link to comment Share on other sites More sharing options...
rotaru 10 Posted September 27 Share Posted September 27 9 hours ago, itman said: Add to this, attackers You may be right, yet Defender scores high in both AV Comparatives and AVTest, higher that ESET. The theory is nice, practice prove to be different. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.