For HomeFor BusinessFor Partners
Enterprise Security Endpoint Detection and Response
6 min read

Bitdefender Achieves AV-Comparatives Anti-Tampering Certification

Richard De La Torre
Richard De La Torre

May 06, 2025

Bitdefender Achieves AV-Comparatives Anti-Tampering Certification


Bitdefender is one of just six vendors to pass the AV-Comparatives Anti-Tampering Certification Test for 2025. Bitdefender earned the coveted Anti-Tampering Certification by demonstrating it consistently thwarted key defense-evasion techniques used by cybercriminals and spoiled an attacker’s ability to bypass security controls. This certification reflects our ongoing commitment to keep organizations protected against evolving cyberattack techniques. 

Why Anti-Tampering Matters 

Modern cybercriminal playbooks include gaining access to your environment and then disabling security controls on your systems, so their attacks have a greater chance of succeeding.

These defense-evasion techniques help threat actors extend the dwell time of their presence on your network and impede remediation attempts. The longer an attacker remains undetected on systems, the higher the potential damage from an attack.   

One of the most common defense evasion techniques threat actors use is targeting security products themselves. To accomplish this, the threat actor typically obtains privileged access in a system. 

They achieve this level of access through a variety of techniques including credential stuffing or harvesting, authentication keys exploits or supply-chain attacks. Even with elevated privileges, most endpoint security solutions are an annoyance so attackers attempt to disrupt and disable the processes of the security products, so their tactics can bypass detection. There are a few customary ways that attackers achieve this: 

  • Attackers might try to stop the security software by changing its settings files, Windows registry entries, or by turning off its running programs and core system parts.
  • Threat actors often delete important files like images, DLLs, or drivers. They can also stop the security software from starting up properly in both regular programs and the core Windows system after a computer restart.
  • Attackers sometimes uninstall the security software altogether or change its core settings.
  • In some cases, they turn off the security software completely, using the software's own features if possible.
  • Another tactic is to change the security software's rules so it ignores malicious activity or in some cases, specifically allows it. 

If your security software can be tampered with, it opens the door for the attacker to move laterally across networks, infecting other systems while remaining undetected. This allows threat actors to plant ransomware, exfiltrate sensitive data, and more. This is why it is crucial to ensure your security vendors achieve the AV-Comparatives Anti-Tampering Certification.  

The AV-Comparatives Evaluation 

AV-Comparatives performed its evaluations on systems running Windows 11 with the imaginary threat actors elevated to “a high integrity or system integrity privileged user.”  This is important as privileged-user access is common in modern security breaches. The purpose of the AV-Comparatives test was to evaluate the anti-tampering properties of various AV/EPP/EDR solutions. The testing process involved two simple steps: 

  • Step 1: Log into a system using RDP (remote desktop protocol) under a privileged user account. 
  • Step 2: Perform a series of actions to disable the core functionality of the security solution as described by MITRE ATT&CK® technique T1562.  This includes things like process termination, Windows registry key modification, DLL manipulation, and more. 

AV Comparatives tested numerous security solutions, each from different vendors, during its Anti-Tampering Certification Test. 

The evaluation included Bitdefender GravityZone Business Security Enterprise, with mostly default settings, and with the “uninstall password” feature enabled.  

The Test Results 

One-in-three security solutions failed the certification test. However, Bitdefender GravityZone passed all of the anti-tampering tests and achieved the certification of “AV-Comparatives Approved.” Bitdefender GravityZone successfully resisted eight different approaches to disrupt or disable it:

  1. Efforts to terminate or suspend any processes associated with the solution 
  2. Attempts to pause, stop, disable, or uninstall the product 
  3. Deletion or modification of any registry keys associated with the product
  4. Manipulation, hijacking, or modifications of any DLLs associated with the solution 
  5. Any attempt to disable, modify, or uninstall the agent 
  6. All attempts to modify or manipulate the file system of the product
  7. Any attempt to interfere with the kernel drivers of the solution
  8. All attempts to interfere with the operations of any of the components or functions of the solutions (such as the ability to download updates, perform scans, etc.) 

Conclusion 

If you are a Bitdefender customer, then the 2025 AV-Comparatives Anti-Tampering Certification means you can expect steadfast security even when directly targeted by cybercriminal tactics. Our ability to prevent defense evasion tactics is an assurance that our solution will stand its ground when others may falter. 

Read the complete 2025 AV- Comparatives Anti-Tampering Report 

tags

Enterprise Security Endpoint Detection and Response

Author

Richard De La Torre

Richard De La Torre

My name is Richard De La Torre. I’m a Technical Marketing Manager with Bitdefender. I’ve worked in IT for over 30 years and Cybersecurity for almost a decade. As an avid fan of history I’m fascinated by the impact technology has had and will continue to have on the progress of the human race. I’m a former martial arts instructor and continue to be a huge fan of NBA basketball. I love to travel and have a passion for experiencing new places and cultures.

View all posts

Right now Top posts

Why Alert Volume Matters: Cutting Through the Noise
Endpoint Protection & Management

Why Alert Volume Matters: Cutting Through the Noise

February 27, 2025

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Meow, Meow Leaks, and the Chaos of Ransomware Attribution
Enterprise Security Ransomware Threat Research Threat Intelligence

Meow, Meow Leaks, and the Chaos of Ransomware Attribution

September 29, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Bitdefender Achieves AV-Comparatives Anti-Tampering Certification
Enterprise Security Endpoint Detection and Response

Bitdefender Achieves AV-Comparatives Anti-Tampering Certification
Richard De La Torre
Richard De La Torre

May 06, 2025

Inside the Ransomware Supply Chain: The Role of Initial Access Brokers in Modern Attacks
SMB Security Enterprise Security Ransomware Threat Intelligence

Inside the Ransomware Supply Chain: The Role of Initial Access Brokers in Modern Attacks
Bogdan Botezatu
Bogdan Botezatu

May 05, 2025

Introducing Proactive Hardening and Attack Surface Reduction (PHASR) 
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Introducing Proactive Hardening and Attack Surface Reduction (PHASR) 
Grzegorz Nocoń
Grzegorz Nocoń

April 29, 2025

Bookmarks

loader