Advanced Endpoint Protection: Ransomware Protection test
In June-August 2021, AV-TEST carried out a test of ransomware protection offered by 11 different Endpoint Protection Platforms (EPP). In total, 113 different attacks were executed.
The three assessment scenarios were independently developed and executed by the test lab:
- Real-World ransomware attacks user files on local system
- Real-World ransomware attacks user files on remote shared folder
- Proof of Concept ransomware attacks user files on local system
During the test, the products were expected to detect ransomware activity and its files, block it, roll-back any changes to user files (the other words, to protect all user files) and eliminate the threat from the targeted system. Only these results were considered a true success and the relevant solution was given a credit in each test case.
Kaspersky Endpoint Security Cloud achieved the best results, protecting against 100% of all the ransomware attacks in the test (113 in total), without loss of a single user file.
The individual results of the three scenarios revealed a difference in the detection/protection capabilities of the products being tested.
On the one hand, all products scored very well when detecting malicious real-world samples on local systems, while 10 out of 11 products achieved a perfect result and only Webroot missed one test case, but also scored well with 98.8%. On the other hand, the test with proof-of-concept samples showed significant differences in protection when the techniques are known to the vendors but not the samples itself. Four products protected against at least 50% or more of those test cases, Kaspersky again protected against 100% of the attacks followed by the solutions from WatchGuard, Trend Micro and McAfee + Microsoft Defender.
In addition, the scenario of ransomware attack on remote shared folders of protected systems reveals a significant difference in the protection capabilities of the tested solutions. Here, the same real-world ransomware samples which have the functionality to discover and encrypt remote shares folders are used. Only three products were able to protect user data from this kind of attack. Kaspersky again scored very well with 100% of the attacks. Symantec protected against 50% and Sophos against 7 % completely (whilst partially protecting against 86% of attacks, which means some user files were encrypted).