AV-Comparatives: EDR-Detection-Validation Certification Test 2025

[harlan4096]

EDR-Detection-Validation Certification Test 2025

After launching the pilot earlier this year, AV-Comparatives has now completed the 2025 round of the EDR Detection Validation Test. This independent evaluation put seven enterprise cybersecurity solutions to the test under advanced threat scenarios. The goal: to assess their ability to detect and report real-world attacks with precision and visibility.
 
Unlike e.g. the EPR Test which focuses on prevention, the EDR test simulates complex attack scenarios to assess how well a product detects and logs each stage of an intrusion, providing insights into its visibility, telemetry quality, and threat detection precision. Threat visibility based on threat hunting capabilities are also considered.

We are pleased to announce that a total of five solutions have achieved certification so far — four in the recent 2025 certification test, and one in the earlier pilot phase — under our transparent and rigorous methodology.

Certified Products – EDR, XDR and MDR Solutions

The following products earned certification in the 2025 test round:

• CrowdStrike Falcon Pro
  
• ESET PROTECT Enterprise Cloud
  
• G DATA 365 MXDR (MDR solution)
  
• Kaspersky Next EDR Expert (in the pilot test)
  
• Palo Alto Networks Cortex XDR Pro
  

While the pilot test used the same core methodology, the attack scenarios, metrics, and scoring criteria were adjusted in the certification test based on analyst feedback. As a result, pilot and certification test results are not directly comparable. In general, due to the nature of this test and the evolving attack scenarios, results should be viewed standalone and not used for direct product-to-product comparison.

One Methodology – EDR, XDR, and MDR

While originally designed to evaluate EDR and XDR capabilities, the test can equally be applied to MDR (Managed Detection and Response) offerings. In this round, G DATA successfully participated with their MDR solution – demonstrating that even managed offerings can be assessed under realistic, controlled attack conditions.

A Focus on Real-World Visibility

This evaluation simulates Advanced Persistent Threat (APT) attacks, using known Tactics, Techniques, and Procedures (TTPs) from frameworks such as MITRE ATT&CK. All products were tested in monitoring mode only, meaning prevention features were disabled. The goal: to measure how well threats are detected and reported, not blocked. 

Highlights of the methodology:

• Execution of complex attack chains
  
• Validation of detections via alerts in the management console or through manual threat hunting in telemetry
  
• Transparent certification model: only products meeting the detection threshold are certified and publicly listed
  

Methodological Improvements and the Road Ahead

The 2025 test incorporated feedback from independent analysts, resulting in greater transparency, enhanced scoring, and deeper telemetry validation. Further enhancements are planned for the 2026 certification test.

Interested in Participating?

The EDR Detection Validation Test is open to EPP, EDR, XDR, and MDR vendors seeking independent validation of their detection capabilities. Certification offers vendors both industry recognition and deep technical insight into their solution’s real-world performance.

Contact us to participate in the next test cycle.