Microsoft Defender scores all points in Windows 11 LSASS credential dump test


We’ve been covering AV-Comparatives reports on Microsoft Defender’s performance for the past few months. Microsoft’s internal solution has generally done well with some setbacks here and there. The products tested are for home users.

Recently, however, the security rating agency conducted an LSASS credential dump test on enterprise-class anti-malware solutions. One of the products tested was Microsoft’s Defender for Endpoint and it scored full marks in the evaluation.

The Local Security Authority Subsystem Service (LSASS) authenticates users who log on to a Windows computer. Threat actors often use this LSASS process to steal useful credentials from domain users using dumping. These can then be used to move laterally within the target network.

15 different attack methods were used in this LSASS reference dump test, and Defender for Endpoint did well to block them all. The other products tested also performed equally well. The table below lists results for the following products (with LSASS security settings enabled): Avast Ultimate Business Security, Bitdefender GravityZone Business Security Enterprise, Kaspersky Endpoint Detection and Response Expert, and Microsoft Defender for Endpoint.


Open next page to continue reading
Back1 of 2


Leave a Comment