Posts: 16,194
Threads: 10,283
Thanks Received: 9,346 in 7,492 posts
Thanks Given: 10,317
Joined: 12 September 18
24 April 25, 11:41
Quote:Every year, AV-Comparatives provides certain focus pen-tests, to which vendors can apply to get certified. This year we focused again on “Defense Evasion” (Anti-Tampering). Certification reports are published only for vendors who achieved the certification. Non-certified vendors received feedback on how the products were successfully tampered in order to improve their product.
Test Focus and Methodology
Using various tests, tools and procedures, we attempt to penetrate/test the tamper resistance of each product, thus attempting to disable the main functions in the context of prevention, by attempting to influence different components of the respective product.
After compromising a system in the targeted network, attackers have often to deal with endpoint security products like a classic anti-virus or a next generation anti-virus and endpoint detection and response (EDR) product. Even if an attacker has already gained privileged user access (for example, local admin) most endpoint security products can still be very annoying to attackers. Therefore, attackers try to disable or modify tools and get rid of the main capabilities from endpoint security products to permanently avoid the risk getting prevented or detect.
The Tested Products and Certified Products
This year we subjected nine different security products to the test, of which three did not pass the test, i.e. were successfully tampered. Only products which were submitted for the Anti-Tampering Test, and which passed the test, are published. To be approved by AV-Comparatives for Anti-Tampering protection, all tampering attempts undergone during the test must be hindered. Of the tested products the following passed the test and where certified:
Continue Reading...
AV-Comparatives: Anti-Tampering Certification Test 2025
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
