Top scoring in industry tests
Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft aims to be transparent about these test scores. This page summarizes the results and provides analysis.
Next generation protection
Windows Defender Antivirus consistently performs highly in independent tests, displaying how it is a top choice in the antivirus market. Note that these tests only provide results for antivirus and do not test for additional security protections.
Windows Defender Antivirus is the next generation protection capability in the Microsoft Defender ATP security stack which addresses the latest and most sophisticated threats today. In some cases, customers might not even know they were protected because a cyberattack is stopped milliseconds after a campaign starts. That's because Windows Defender Antivirus detects and stops malware at first sight by using machine learning, artificial intelligence, behavioral analysis, and other advanced technologies.
Download the latest transparency report: Examining industry test results, August 2019
AV-TEST: Protection score of 6.0/6.0 in the latest test
The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the Protection category which has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").
Windows Defender Antivirus achieved an overall Protection score of 6.0/6.0, detecting 100% of 2,735 malware samples used. This is the seventh consecutive cycle that Windows Defender Antivirus achieved a perfect Protection score.
AV-Comparatives: Protection rating of 99.9% in the latest test
Business Security Test consists of three main parts: the Real-World Protection Test which mimics online malware attacks, the Malware Protection Test where the malware enters the system from outside the internet (e.g. USB), and the Performance Test which looks at the impact on the system’s performance.
Windows Defender Antivirus has consistently improved in Real-World Protection Rates over the past year, with 99.9% in the latest test.
Business Security Test 2018 (August - November): Real-World Protection Rate 99.6%
Business Security Test 2018 (March - June): Real-World Protection Rate 98.7%
SE Labs: AAA award in the latest test
SE Labs tests a range of solutions used by products and services to detect and/or protect against attacks, including endpoint software, network appliances, and cloud services.
Microsoft's next-gen protection was named as one of the leading products, stopping all of the targeted attacks and all but one public threat. It also handled the legitimate applications correctly.
Enterprise Endpoint Protection July - September 2018: AAA award pdf
Endpoint detection & response
Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
MITRE: Industry-leading optics and detection capabilities
MITRE tested the ability of products to detect techniques commonly used by the targeted attack group APT3 (also known as Boron or UPS). To isolate detection capabilities, all protection and prevention features were turned off. Microsoft is happy to be one of the first EDR vendors to sign up for the MITRE evaluation based on the ATT&CK framework, widely regarded today as the most comprehensive catalog of attacker techniques and tactics.
Microsoft Defender ATP delivered comprehensive coverage of attacker techniques across the entire attack chain. Highlights included the breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring.
To what extent are tests representative of protection in the real world?
It is important to remember that Microsoft sees a wider and broader set of threats beyond what’s tested in the evaluations highlighted above. For example, in an average month, we identify over 100 million new threats. Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. In other words, the vastness of the malware landscape makes it extremely difficult to evaluate the quality of protection against real world threats.
The capabilities within Microsoft Defender ATP provide additional layers of protection that are not factored into industry antivirus tests, and address some of the latest and most sophisticated threats. Isolating AV from the rest of Microsoft Defender ATP creates a partial picture of how our security stack operates in the real world. For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. We have proven that Microsoft Defender ATP components catch samples that Windows Defender Antivirus missed in these industry tests, which is more representative of how effectively our security suite protects customers in the real world.
Using independent tests, customers can view one aspect of their security suite but can't assess the complete protection of all the security features. Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Microsoft Defender Advanced Threat Protection in their own networks by signing up for a 90-day trial of Microsoft Defender ATP, or enabling Preview features on existing tenants.