McAfee Deep Defender Scores 100% in Rootkit Protection Test

Numbers Don’t Lie

#1 in Exploit Protection
#1 in Evasion Protection
#1 in Day Zero Rootkit Protection

In January 2013, AV-TEST performed a comparative review of McAfee Deep Defender against the full security features of Microsoft System Center Endpoint Protection and Symantec Endpoint Protection suite to determine their capabilities to proactively protect against new kernel-mode and MBR rootkits (zero-day attacks).

To investigate each product’s ability to block unknown rootkits, two individual tests were performed by AV-TEST. The first was a test that used frozen updates (from October 1, 2012) to test against 48 previously unknown rootkits discovered after that date. The second test was done with disabled on-access components, so that only behavioral detection was in place against 48 rootkits.

The result of this test shows that the proactive approach of McAfee Deep Defender is capable of providing excellent protection against kernel-mode and MBR rootkits. It detected and successfully blocked all 48 tested rootkits. Microsoft System Center Endpoint Protection and Symantec Endpoint Protection suite were not able to match this result.

While the prior test showed detection of rootkits, it’s still possible that a rootkit can be detected but not disabled. This means a rootkit still may be operational and further remediation is required.

Testing clearly shows the need for proactive protection measures, as static, signature-based protection is not good enough to protect against all threats. This protection is especially important for rootkits, since it is much harder to detect them once they are successfully installed on the system. McAfee Deep Defender has proven to protect against such an advanced stealthy attack using McAfee DeepSAFE technology.


“McAfee Deep Defender was able to successfully block/remediate all rootkits that it detected. For McAfee, several detections took place during the installation of the rootkit, which is more difficult to deal with, but Deep Defender still managed to block/remediate all tested rootkits. In case of Symantec, two detected rootkits were not successfully disabled. The behavioral detection took place during or after installation where the rootkit already has control over the system, making it more difficult to deal with the threats.”

— AV-TEST Report