AV-Comparatives: Anti-Tampering Certification Test

[harlan4096]

AV-Comparatives has published the results of the Anti-Tampering Certification Test on its website, complete with detailed information about the methodology and criteria used in the evaluation. Each year, AV-Comparatives offers a focus test, allowing vendors to apply for certification. This year, the emphasis was on “Defense Evasion” (Anti-Tampering). Both vendors and customers are encouraged to review the results and use them to make informed decisions regarding cybersecurity solutions.

https://www.av-comparatives.org/news/ant...tion-test/
 
After compromising a system within the targeted network, attackers often must contend with endpoint security products such as traditional antivirus or next-generation antivirus and endpoint detection and response (EDR) products. EDR products can be particularly problematic for tactics, techniques, and procedures (TTPs) such as credential dumping and lateral movement. Even if an attacker has already gained privileged user access (e.g., local admin), most endpoint security products can still pose significant challenges. As a result, attackers will attempt to disable or modify tools and remove key capabilities from endpoint security products to permanently avoid the risk of prevention or detection.

The AV-Comparatives Anti-Tampering Certification Test plays a vital role in the fight against tampering, ensuring that products can be trusted by consumers and are not compromised by malicious software. This certification also allows vendors to differentiate themselves by demonstrating that their products are tamper-proof to the extent tested.

This evaluation includes techniques to disable or modify user space and/or kernel space components of a product by attempting to tamper with, disable, or modify processes, threads, services, DLLs, agents, file systems, kernel drivers, and other components such as update services.
...

Full Report