Ransomware: 12 security packages and solutions for Win11 in the advanced ATP test
The Advanced Threat Protection (ATP) test goes considerably farther than traditional tests: It evaluates security products in 10 realistic scenarios involving ransomware and info stealers, which utilize or combine state-of-the-art attack techniques. In doing so, the ATP test analyzes whether the defensive measures hold up in each step – or where they fail. The 12 tested products for consumer users and corporate users, running on Windows 11, are required to hold their own against techniques such as COM hijacking, reflective code loading, decoupling and low entropy encoding. Many products were up to the task, but not all. In some cases, the last firewall failed, and data was encrypted, stolen, or both.
It seems there is never a final showdown in the neck-and-neck race between security manufacturers and cybercriminals. And 2025 won’t be any different. On the contrary, attackers always seek and find vulnerabilities or utilize techniques to obfuscate their attacks with malware code or to harness legitimate Windows tools for their purposes. In the latest ATP test as well, attackers – in this case, those used in the lab – deployed the state-of-the-art techniques as they are utilized in daily cyber attacks.
A total of 12 products faced off in the Advanced Threat Protection test: Antivirus programs for consumer users included the packages from Bitdefender, ESET, McAfee and NPAV. Solutions for corporate users involved a line-up of products from the following manufacturers: Bitdefender (with 2 versions), ESET, Kaspersky (with 2 versions), Microworld, Qualys and Trellix. All the data was collected and evaluated in September and October 2024 under Windows 11.
12 security solutions put to the test under Windows 11
In 10 real-life scenarios, the experts from AV-TEST examined a total of 12 security products – 4 for consumer users of Windows and 8 endpoint solutions for companies. All 10 attacks were launched in the lab with a spear phishing e-mail and a seemingly innocuous malware attachment. In the mix were Windows LNK files, MSI installers, EXE files or simply HTA files for HTML. All the files contained malware in the form of hidden code, which either carried out the malware attacks directly or opened up a door for sinister reinforcements.
The 10 realistic attacks on the Windows 11 PCs were each carried out with an installed security solution. Each attack scenario is described in a matrix according to the MITRE ATT&CK standard. All the individual steps of the attack are defined and the defensive responses are also documented there. In this way, malware can already be detected immediately or also stopped in later defense steps. The test involved 5 ransomware and 5 info stealer attacks. With ransomware, there are three key steps to recognize, with info stealers there are four actions. The lab awards a half or full point for each action that is fended off. This means that a protection product is able to earn 3 points five times for each thwarted ransomware sample, and 4 points five times for the info stealers. Thus, the highest value a product is able to achieve in the protection score is 35 points.
In the attacks, the following attack techniques were employed, either individually or also in combination. In all cases, this makes detection by a security solution more difficult.
COM hijacking: COM hijacking is a technique by which malware exploits the COM (Component Object Model) framework. It registers itself in place of legitimate COM objects, in order to launch malware code. In the process, the attacker modifies the registry entries specifying which COM object is to be called up. As a result, the dangerous malware code is loaded when certain applications or system processes call up these COM components. Thus, the malware utilizes the higher permission levels of trustworthy processes, making detection more difficult.
In our examples, COM hijacking is used to enter modified DLLs with malware code as a thumbnail cache library in the current user's registry structure and thus ensure execution by Explorer.exe.
Reflective code loading: Reflective code loading or injection is very similar to process injection, except that code is loaded into the memory of the process instead of into a separate process. In this manner, reflective loading can bypass process-based detection methods by concealing the execution of arbitrary code within a legitimate and harmless process. This type of code injection is therefore also fileless, as it only injects the code into a process.
In our examples, reflective code loading is performed by a custom DLL loader written in the Zig programming language, handling both the allocation and execution of the malware entirely in the memory, thereby bypassing file-based detection.
Decoupling: This kind of decoupling refers to splitting functions across multiple processes, making it harder for security tools to link malicious actions to a single source. By running certain functions in separate processes, the malware breaks the classic process tree, obfuscates its activity, and makes forensic analysis more difficult. This technique often uses trusted Windows system components to carry out malicious tasks.
In our examples, decoupling is achieved by scheduling a task in Windows. Afterward, PowerShell code is executed that was however previously written to the registry. As a result, the malware ensures that key functions are executed in one or more linked processes, thereby reducing the visibility of the dangerous malware component.
Low entropy encoding: Low entropy encoding is a technique used by malware to obfuscate data or payloads. This typically occurs through the use of simple coding schemes or lookup tables, which make the coded content appear harmless. Encrypted code content with high entropy would trigger detection mechanisms.
In our examples, blocks of unrelated JavaScript code are used to generate a lookup table for coding, which disguises the malicious content as low-entropy data and makes it harder for entropy-based analysis to detect it.
The 10 test scenarios
All attack scenarios are documented according to the standard of the MITRE ATT&CK database. The individual sub-techniques are listed in the MITRE database for “Techniques”, for example “T1566.001” under “Phishing: Spearphishing Attachment“. Each test step is thus defined among the experts and can be logically understood. In addition, all attack techniques are explained, along with how successful the malware is.
ATP test with products for consumer users
The four antivirus programs examined delivered quite diverse results in the test. The packages Bitdefender Total Security and McAfee Total Protection detected the attackers in all 10 test scenarios and immediately shut down their operations. Thus, both packages yielded the full 35 points for their protection score. Which means that users of these packages already have one of the best antivirus packages for Windows 11 in 2025.
The results from ESET and NPAV still need some improvement. In one case involving ransomware, ESET not only failed to detect the file, it also did not initiate any measures in subsequent steps. In the end, the data was encrypted and all 3 points were lost. In a further scenario, ESET detected the info stealer but did not take any action – it was left with only 0.5 points out of 4. Overall, ESET lost 6.5 points and ended up with a protection score of 28.5 out of 35 points.
The NPAV package had some issues in 4 scenarios. In two cases involving ransomware, it detected but not stopped. The ransomware also continued to function unhindered in further steps. Only in one case did the security product manage to stop the final encryption; in one instance, it did not. Thus, only 3 out of 6 (2 times 3) possible points remained.
Among two info stealers, the situation is similar: In both cases, the attacker initially went undetected. Further countermeasures were successful against one attacker, however, and the attack was thwarted. The second info stealer was able to collect and extract data unhindered. This resulted in only 4 out of possible 8 points (2 times 4). All in all, a valuable 7 points were lacking, resulting in a protection score of 28 out of 35 points.
All protection packages earned the "Advanced Certified" certificate from AV-TEST, as they achieved 75 percent of the maximum 35 points (26.5 points).
ATP test with solutions for corporate users
In the advanced test, 8 solutions for companies were put to the test. Compelling outcome: the endpoint products from Bitdefender (2 solutions), ESET, Kaspersky (2 solutions), Microworld and Trellix all functioned totally error-free in the test, thus all achieving the maximum 35 points for their protection score.
Only Qualys had problems with the malware in that the security package for corporate users did indeed detect all attackers, but a ransomware and an info stealer were able to wreak unhindered havoc. The info stealer was still partly held up with additional tools – in the end, however, it walked off the field as the winner, with stolen data. This resulted in a point deduction of 2.5 out of 4 points. The case involving ransomware turned out similarly: a further step was almost stopped there as well. In the end, encryption occurred in individual files, thus causing Qualys to lose another point. This left the solution with only 31.5 out of 35 points in terms of the protection score.
All corporate user products in the ATP test received “Advanced Approved Endpoint Protection” certification, as they achieved 75 percent (at least 26.5 points) out of 35 points for the protection score.
Conclusion: maximum marks and minor misses
The enhanced ATP test very capably shows how effectively most security products keep the attackers away from their targets. This cannot be praised enough, as cyber criminals are always extremely dynamic in their attacks and continue to change their techniques. It is always interesting to see in the evaluation when a product initially fails to detect, yet still manages to stop, an attacker using additional tools. Even an encryption of "individual" data can still be looked on as positive. Because a complete encryption involving several drives is a disaster of a whole different magnitude.
Among the products for consumer users, the packages from Bitdefender and McAfee demonstrated impeccable performance. Which puts them in the ranks of the best antivirus programs for Windows 11 in 2025.
Among the solutions for corporate users, achieving the top score were 7 of the 8 products examined, including Bitdefender (2 solutions), ESET, Kaspersky (2 solutions), Microworld and Trellix.