From 3ba6e65b92bc3abb626284ad0706aae831e7aa39 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 17 Aug 2018 16:30:01 -0700 Subject: [PATCH 1/5] added av reports --- .../threat-protection/intelligence/TOC.md | 2 + .../intelligence/transparency-report.md | 90 +++++++++++++++++++ 2 files changed, 92 insertions(+) create mode 100644 windows/security/threat-protection/intelligence/transparency-report.md diff --git a/windows/security/threat-protection/intelligence/TOC.md b/windows/security/threat-protection/intelligence/TOC.md index 73449a6a2c..86d4f40296 100644 --- a/windows/security/threat-protection/intelligence/TOC.md +++ b/windows/security/threat-protection/intelligence/TOC.md @@ -34,6 +34,8 @@ ## [Safety Scanner download](safety-scanner-download.md) +## [Industry antivirus tests](transparency-report.md) + ## [Industry collaboration programs](cybersecurity-industry-partners.md) ### [Virus information alliance](virus-information-alliance-criteria.md) diff --git a/windows/security/threat-protection/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md new file mode 100644 index 0000000000..c3f5d23e0c --- /dev/null +++ b/windows/security/threat-protection/intelligence/transparency-report.md @@ -0,0 +1,90 @@ +--- +title: Industry antivirus tests +description: Industry antivirus tests landing page +keywords: security, malware +ms.prod: w10 +ms.mktglfcycl: secure +ms.sitesec: library +ms.localizationpriority: medium +ms.author: ellevin +author: levinec +ms.date: 08/17/2018 +--- + +# Top scoring in industry antivirus tests + +[Antivirus capabilities](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-blog-mmpc) in Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc)) **consistently achieve high scores** from independent tests, displaying how Windows Defender ATP is a top choice in the antivirus market. + +We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections. + +In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers might not even know they were protected. That's because Windows Defender ATP's [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other advanced technologies. + +Learn why [most enterprises use the antivirus capabilities in Windows Defender ATP](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). + +



+![Logo](./images/av-test-logo.png) + +## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test + +The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the protection category which has two scores: real world testing and the AV-TEST reference set (known as "prevalent malware"). + +**Real-World testing** as defined by AV-TEST refers to protection against zero-day malware attacks, inclusive of web and email threats. + +**Prevalent malware** as defined by AV-TEST refers to detection of widespread and prevalent malware discovered in the last four weeks. + +Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-TEST evaluation. + +The below scores are the results of AV-TEST's evaluations on **Windows Defender ATP antivirus capabilities**. + +|Month (2018)|Real-World test score| Prevalent malware test score | AV-TEST report| Microsoft analysis| +|---|---|---|---|---| +|January| 100.00%| 99.92%| [Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)| +|February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)| +March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| +April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| +May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|Analysis pending| +June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|Analysis pending| + +||| +|---|---| +|![Real-World](./images/RealWorld-67-percent.png)|![Prevalent Malware](./images/PrevalentMalware-67-percent.png)| +

+ +![Logo](./images/av-comparatives-logo-3.png) + +## AV-Comparatives: Perfect protection rating of 100% in the latest test + +AV-Comparatives is an independent organization offering systematic testing for security software such as PC/Mac-based antivirus products and mobile security solutions. + +The **Real-World Protection Test (Enterprise)** as defined by AV-Comparatives evaluates the “real-world” protection capabilities with default settings. The goal is to find out whether the security software protects the computer by either hindering the malware from changing any systems or remediating all changes if any were made. + +The **Malware Protection Test Enterprise** as defined by AV-Comparatives assesses a security program’s ability to protect a system against infection by malicious files before, during or after execution. It is only tested every *six months*. + +Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-Comparatives evaluation. + +The below scores are the results of AV-Comparatives tests on **Windows Defender ATP antivirus capabilities**. The scores are specifically for the ability to block malware. + +|Month (2018)| Real-World test score| Malware test score (every 6 months)| +|---|---|---| +|February| 100.00%| N/A| +|March| 94.40%| 99.90%| +|April| 96.40%%| N/A| +|May| 100.00%| N/A| +|June| 99.50%%| N/A| +|July| 100.00%| N/A| + +* [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) + +* [Real-World Protection Test (Enterprise) February - June 2018](https://www.av-comparatives.org/tests/real-world-protection-test-february-june-2018/) + +* [Malware Protection Test Enterprise March 2018](https://www.av-comparatives.org/tests/malware-protection-test-enterprise-march-2018-testresult/) + +## To what extent are tests representative of protection in the real world? + +It is important to remember that the capabilities within [Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-blog-mmpc) provide [additional layers of protection](https://cloudblogs.microsoft.com/microsoftsecure/2017/12/11/detonating-a-bad-rabbit-windows-defender-antivirus-and-layered-machine-learning-defenses/) that are not factored into AV tests. Using these tests, customer can view one aspect of their security suite but can't assess the complete protection of all the security features. + +There are other technologies in nearly every endpoint security suite that address some of the latest and most sophisticated threats, but are not represented in AV tests. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place. + + Customers need more comprehensive reports that demonstrate end to end protections, but until then customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc) today, or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection). + +![ATP](./images/wdatp-pillars2.png) From 92fafba25adad94eec0603a7004e7adda9117331 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Tue, 21 Aug 2018 08:51:33 -0700 Subject: [PATCH 2/5] removed percent signs --- .../threat-protection/intelligence/transparency-report.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md index c3f5d23e0c..ea3e86f3e9 100644 --- a/windows/security/threat-protection/intelligence/transparency-report.md +++ b/windows/security/threat-protection/intelligence/transparency-report.md @@ -68,9 +68,9 @@ The below scores are the results of AV-Comparatives tests on **Windows Defender |---|---|---| |February| 100.00%| N/A| |March| 94.40%| 99.90%| -|April| 96.40%%| N/A| +|April| 96.40%| N/A| |May| 100.00%| N/A| -|June| 99.50%%| N/A| +|June| 99.50%| N/A| |July| 100.00%| N/A| * [Real-World Protection Test (Enterprise) July 2018](https://www.av-comparatives.org/tests/real-world-protection-test-july-2018-factsheet/) From 21b0bd7ffbdab9e97b25839faa293a7842b8d3c9 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 22 Aug 2018 09:13:44 -0700 Subject: [PATCH 3/5] update AV language --- .../threat-protection/intelligence/transparency-report.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md index ea3e86f3e9..67003cd341 100644 --- a/windows/security/threat-protection/intelligence/transparency-report.md +++ b/windows/security/threat-protection/intelligence/transparency-report.md @@ -13,13 +13,13 @@ ms.date: 08/17/2018 # Top scoring in industry antivirus tests -[Antivirus capabilities](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-blog-mmpc) in Windows Defender Advanced Threat Protection ([Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc)) **consistently achieve high scores** from independent tests, displaying how Windows Defender ATP is a top choice in the antivirus market. +[Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10?ocid=cx-blog-mmpc) **consistently achieves high scores** from independent tests, displaying how it is a top choice in the antivirus market. We want to be transparent and have gathered top industry reports that demonstrate our enterprise antivirus capabilities. Note that these tests only provide results for antivirus and do not test for additional security protections. In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers might not even know they were protected. That's because Windows Defender ATP's [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other advanced technologies. -Learn why [most enterprises use the antivirus capabilities in Windows Defender ATP](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +Learn why [most enterprises use Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).



![Logo](./images/av-test-logo.png) @@ -34,7 +34,7 @@ The AV-TEST Product Review and Certification Report tests on three categories: p Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-TEST evaluation. -The below scores are the results of AV-TEST's evaluations on **Windows Defender ATP antivirus capabilities**. +The below scores are the results of AV-TEST's evaluations on **Windows Defender Antivirus**. |Month (2018)|Real-World test score| Prevalent malware test score | AV-TEST report| Microsoft analysis| |---|---|---|---|---| @@ -62,7 +62,7 @@ The **Malware Protection Test Enterprise** as defined by AV-Comparatives assesse Note: Microsoft sees a wider and broader set of threats beyond just what’s tested in the AV-Comparatives evaluation. -The below scores are the results of AV-Comparatives tests on **Windows Defender ATP antivirus capabilities**. The scores are specifically for the ability to block malware. +The below scores are the results of AV-Comparatives tests on **Windows Defender Antivirus**. The scores are specifically for the ability to block malware. |Month (2018)| Real-World test score| Malware test score (every 6 months)| |---|---|---| From a609a654b257c83fadc065d7eed27080f624f71c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 22 Aug 2018 11:21:18 -0700 Subject: [PATCH 4/5] added transparency report --- .../threat-protection/intelligence/transparency-report.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md index 67003cd341..d2f2dc4aec 100644 --- a/windows/security/threat-protection/intelligence/transparency-report.md +++ b/windows/security/threat-protection/intelligence/transparency-report.md @@ -26,6 +26,8 @@ Learn why [most enterprises use Windows Defender Antivirus](https://docs.microso ## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test +**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)** + The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the protection category which has two scores: real world testing and the AV-TEST reference set (known as "prevalent malware"). **Real-World testing** as defined by AV-TEST refers to protection against zero-day malware attacks, inclusive of web and email threats. @@ -42,8 +44,8 @@ The below scores are the results of AV-TEST's evaluations on **Windows Defender |February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)| March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| -May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|Analysis pending| -June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|Analysis pending| +May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| +June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| ||| |---|---| From fe72cd0dd363b7daaea008d7183863a00be43a80 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 22 Aug 2018 14:01:17 -0700 Subject: [PATCH 5/5] wording update --- .../intelligence/transparency-report.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/intelligence/transparency-report.md b/windows/security/threat-protection/intelligence/transparency-report.md index d2f2dc4aec..a89924060f 100644 --- a/windows/security/threat-protection/intelligence/transparency-report.md +++ b/windows/security/threat-protection/intelligence/transparency-report.md @@ -19,14 +19,15 @@ We want to be transparent and have gathered top industry reports that demonstrat In the real world, millions of devices are protected from cyberattacks every day, sometimes [milliseconds after a campaign starts](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/). In many cases, customers might not even know they were protected. That's because Windows Defender ATP's [next generation protection](https://www.youtube.com/watch?v=Xy3MOxkX_o4) detects and stops malware at first sight by using predictive technologies, [machine learning](https://cloudblogs.microsoft.com/microsoftsecure/2018/06/07/machine-learning-vs-social-engineering/), [artificial intelligence](https://cloudblogs.microsoft.com/microsoftsecure/2018/02/14/how-artificial-intelligence-stopped-an-emotet-outbreak/), behavioral analysis, and other advanced technologies. -Learn why [most enterprises use Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). +> [!TIP] +> Learn why [most enterprises use Windows Defender Antivirus](https://docs.microsoft.com/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10).



![Logo](./images/av-test-logo.png) ## AV-TEST: Perfect protection score of 6.0/6.0 in the latest test -**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)** +**[Analysis of the latest AV-TEST results](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)** The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. The scores listed below are for the protection category which has two scores: real world testing and the AV-TEST reference set (known as "prevalent malware"). @@ -44,12 +45,12 @@ The below scores are the results of AV-TEST's evaluations on **Windows Defender |February| 100.00% | 100.00%|[Report (Jan-Feb)](https://www.av-test.org/en/antivirus/home-windows/windows-7/february-2018/kaspersky-lab-internet-security-18.0-180557/)| [Analysis (Jan-Feb)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE27O5A?ocid=cx-blog-mmpc)| March |98.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| April|100.00%| 100.00%|[Report (Mar-Apr)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2018/microsoft-windows-defender-antivirus-4.12-181574/)|[Analysis (Mar-Apr)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2ouJA)| -May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| -June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/)|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| +May|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) **Latest**|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| +June|100.00%| 100.00%| [Report (May-Jun)](https://www.av-test.org/en/antivirus/business-windows-client/windows-10/june-2018/microsoft-windows-defender-antivirus-4.12-182374/) **Latest**|[Analysis (May-Jun)](https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2v60I)| ||| |---|---| -|![Real-World](./images/RealWorld-67-percent.png)|![Prevalent Malware](./images/PrevalentMalware-67-percent.png)| +|![Graph describing Real-World detection rate](./images/RealWorld-67-percent.png)|![Prevalent Malware](./images/PrevalentMalware-67-percent.png)|

![Logo](./images/av-comparatives-logo-3.png) @@ -87,6 +88,6 @@ It is important to remember that the capabilities within [Windows Defender ATP]( There are other technologies in nearly every endpoint security suite that address some of the latest and most sophisticated threats, but are not represented in AV tests. For example, the capabilities such as attack surface reduction and endpoint detection & response help prevent malware from getting onto devices in the first place. - Customers need more comprehensive reports that demonstrate end to end protections, but until then customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc) today, or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection). +Microsoft is highly engaged in working with several independent testers to evolve security testing to focus on the end-to-end security stack. In the meantime, customers can evaluate Windows Defender Advanced Threat Protection in their own networks by signing up for a [90-day trial of Windows Defender ATP](https://www.microsoft.com/windowsforbusiness/windows-atp?ocid=cx-blog-mmpc), or [enabling Preview features on existing tenants](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection). ![ATP](./images/wdatp-pillars2.png)