Prominent cybersecurity and anti-virus provider, Kaspersky achieved the highest score in a fileless threat protection comparison test conducted by independent IT-security institute, AV-TEST. The test pitted Kasperky’s endpoint security solution against 13 other endpoint security vendors to judge the ability of each to detect fileless threats and to protect and remediate malicious actions.
Fileless threats are malware that can only exist in temporary file storage like a computer’s RAM. Because fileless threats are not required to be installed on a computer’s hard drive to work, it is very difficult to detect and leaves very little by way of evidence that investigators could use to identify illegitimate activity.
In addition, because fileless threats exist only in a computer’s RAM, evidence of the malware disappears when a system is rebooted.
In the test, Kaspersky Endpoint Security for Business (product info here) showed a 100% detection rate and the highest prevention rate (94.12%) among the endpoint security providers tested.
The test included the following endpoint cyber-security solutions.
- Bitdefender Business Security
- Cylance Protect
- ESET Endpoint Security
- Kaspersky Endpoint Security for Business
- McAfee Endpoint Security
- McAfee Mvision + Microsoft Defender
- Microsoft Defender Antivirus
- Sophos Central Endpoint
- Symantec Endpoint Protection
- Trend Micro Endpoint Apex
Also included were solutions from Carbon Black, CrowdStrike, Palo Alto and SentinelOne but their results were listed as “Vendor A” to “Vendor D” (in random order) due to restrictions applied to the publication of their results.
The test examined products for different categories of fileless attacks, including malware execution from WMI storage or by Task Scheduler, running a PowerShell script after the execution of exploits or macros. On top of these, the test also monitored for false positives.
Of all the solutions tested, Kaspersky Endpoint Security for Business was the only one to detect all 33 attacks, while the average detection rate of all the products was 67.75%. As for protection and remediation, Kaspersky’s product prevented 48 out of 51 malicious actions, compared to an average protection level of 59.10%. The false-positive test revealed no false detection or blocks by the Kaspersky product.
According to AV-TEST, it ran this test “to discover how marketing promises of efficient fileless threat protection, claims about unbelievable advantages of some protective tools, and different ad slogans correlate with reality. This test is aimed to show what fileless malware can do and which security products are capable of detecting, blocking and remediating fileless attacks — irrespective of what is claimed by security vendors themselves”.
While the Kaspersky’s performance in the test against 13 other endpoint security solution providers is commendable, it must be noted that the tests conducted by AV-TEST were commissioned by Kaspersky.
On the same token, Kaspersky also explained that “no product results were excluded from the report to keep the security picture complete”.
The full report of the tests — “Advanced Endpoint Protection: Fileless Threats Protection Test” — can be found here.