It is probably fair to say that the performance of Microsoft Defender in the latest anti-virus assessment tests has not been the best. While AV-Comparatives saw no improvement in Defender in its latest test, AV-TEST found that Defender actually regressed in relative performance.
However, all is not bad for Microsoft though as the latter found that Defender did exceptionally well in the Advanced Threat Protection Test Against Ransomware for February 2022. In both the tests for home users as well as for enterprise, Microsoft Defender was one of the best performers in terms of ransomware detection and blocking.
Here's how AV-TEST describes its advanced ransomware test:
The Advanced Threat Protection tests provide vendors and users with substantial findings as to how securely a product can protect against ransomware in real-life scenarios.
[..] All the products have to successfully defend against ransomware in 10 real-life scenarios under Windows 10. The test involves threats such as files containing hidden malware in archives, PowerPoint files with scripts or HTML files with malicious content.
The following 12 products tested in the home user or consumer category:
- G DATA
- K7 Computing
- PC Matic
- VIPRE Security
And here are the 14 products tested in the business category:
- Bitdefender (two versions)
- G DATA
- Kaspersky (two versions)
- Trellix (McAfee)
The following images show the performance of Defender for home users in the 10 tested scenarios. Defender was able to detect the infection in the very first initial access phase in all but one case.
Meanwhile, Microsoft Defender's performance is even more impressive in the test for business users as it detected the infection in the initial access phase in all the 10 tested scenarios.
In the test for business users, McAfee or Trellix did quite poorly as it wasn't able to fully block the attack in multiple scenarios:
Here are the final scores obtained by the anti-malware products given in the image below. The left image shows scores in the home user category while the right one shows the same for business users. In this test, the scores really don't mean much as the real observation via this test was to see how quickly the product can detect and successfully block the ransomware.
You can find the full report on AV-TEST's official website at this link.