Microsoft Defender wins the Windows 11 LSASS certificate protection test with full marks

Microsoft Defender wins the Windows 11 LSASS certificate protection test with full marks ...

Over the past several months, we have covered AV-Comparatives reports about the performance of Microsoft Defender. Microsoft''s in-house solution has generally done well with some flaws here and there. The tested products are for home users.

The security assessment firm conducted a LSASS credential dumping protection test on enterprise-class anti-malware solutions. Among the tested products was Microsoft''s Defender for Endpoint, which scored the whole marks in the assessment.

Users who sign in on a Windows computer receive e-mail alerts from this LSASS process, often stealing helpful information from domain users using dumping. These can be then used to move laterally within the targeted network.

15 different attack methods were used in this LSASS credential dump test, and Defender for Endpoint did well to prevent them all. The following products (with LSASS protection settings enabled): Avast Ultimate Business Security, Bitdefender GravityZone Business Security Enterprise, Kaspersky Endpoint Detection and Response Expert, and Microsoft Defender for Endpoint.

Protected Process Light (PPL) and Attack Surface Reduction (ASR) hardening are successful in Microsoft Defender for Endpoint. Recently, the ASR rule for blocking credential steal was also enabled by default.