Skip to main content

AV-Comparatives is a world-renowned independent organization performing research and regular tests of security software. In the recent report, the test lab analyzed hardening capabilities of four security solutions to protect the LSASS process and prevent credential dumping. Abusing the LSASS on a Windows machine, attackers can get domain user credentials to further propagate the attack locally or move laterally within the targeted network.

To evaluate the capabilities of tested products, AV-Comparatives engineers used a variety of tools and methods, including Reflective DLL, Native APIs DLL, Invoke-PPL Dump and others, while attempting to gain access to the infrastructure in a range of 15 complex attacks. Security solutions were expected to prevent the attempt of LSASS process memory dumping.

The test confirmed that Kaspersky Endpoint Detection and Response Expert includes efficient hardening measures against credential dumping activated by default and demonstrated 100% protection rate from all LSASS attack methods tested.

“We are thrilled to participate in the research by AV-Comparatives and to receive the real-world testing scenario results. Benchmarking our security products against specific attacks is key to confirming the quality of Kaspersky technologies. Our goal is to constantly deliver the highest level of protection capabilities for our customers, and such achievements validate our efforts,” comments Alexander Liskin, Head of Threat Research at Kaspersky.

Kaspersky EDR Expert in default configuration has demonstrated 100% protection against the LSASS credential dumping attacks used in our dedicated research,” said Andreas Clementi, CEO, AV-Comparatives.

Kaspersky Endpoint Detection and Response Expert provides visibility across all endpoints on corporate networks and delivers superior defense, enabling automation of routine tasks to discover, prioritize, investigate and neutralize complex threats and APT-grade attacks. For more information about Kaspersky Endpoint Detection and Response Expert, visit our website.

The full report, detailing the performance of Kaspersky EDR Expert during the AV-Comparatives test, is available via this link.


About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Kaspersky EDR Expert confirms 100% protection from LSASS attacks in AV-Comparatives research

Kaspersky Endpoint Detection and Response Expert has demonstrated 100% protection from attacks exploiting Windows’ Local Security Authority Subsystem Service (LSASS) in a recent AV-Comparatives test. Kaspersky EDR Expert successfully protected the LSASS process from credential dumping during 15 different attacks.
Kaspersky Logo