Stop a threat before it executes, and you maintain business continuity. Respond after it runs, and you increase the odds of business disruption and costly remediation. Security solutions vary significantly in their ability to block threats pre-execution, and the latest AV-Comparatives Enterprise Advanced Threat Protection test quantifies this gap in stark terms: Bitdefender blocked 87% of threats at the pre-execution stage, while other vendors blocked just 36% of attacks pre-execution, on average. This 51-percentage-point advantage reveals more than superior detection rates—it demonstrates a fundamental architectural difference in how security solutions approach protection.   

Pre-execution blocking eliminates threats before they can establish persistence, exfiltrate data, or move laterally through networks. It’s like stopping a thief at the door instead of chasing them once they are already inside.  

Stopping an attack at the pre-execution stage also removes the window of vulnerability that exists between initial file execution and behavioral detection, a window that modern attackers exploit with increasing sophistication. For security teams, this prevention-first approach translates directly into reduced incident response costs, minimized downtime, and fewer emergency escalations.  Bitdefender’s outstanding results are not new; we’ve demonstrated the highest pre-execution protection of any vendor for the last several years, as AV-Comparatives has conducted these tests.  

Focusing on Advanced Persistent Threats 

Among the most dangerous methods used by cybercriminals is the use of Advanced Persistent Threat techniques. By gaining access to an organization’s networks, threat actors can create accounts with elevated privileges, move laterally across networks, plant ransomware, exfiltrate sensitive data, and compromise partner organizations through supply-chain attacks. The longer a threat actor remains within an organization, the more damage they can do. Understanding the threat posed by APTs, AV-Comparatives focuses the Enterprise Advanced Threat Protection tests on the Tactics, Techniques, and Procedures (TTPs) associated with these attacks.  

AV-Comparatives' Enterprise ATP Test represents one of the most rigorous evaluations in cybersecurity testing. The 2025 test was performed on fully-patched Windows 11 systems using 15 distinct attack scenarios incorporating: 

• Fileless attacks that operate solely in memory to evade traditional detection
• Multiple delivery vectors including spear-phishing, trusted relationships, and removable media
• Advanced evasion techniques such as user-mode unhooking, event tracing manipulation, and shellcode obfuscation
• Commercial attack frameworks like Metasploit and PowerShell Empire
• Diverse payload types including .EXE, .VBS, .JS, .CPL, .SCR, .CHM, .HTA, .LNK, .PIF, and .DLL files

Each test case attempted to establish a Command-and-Control (C2) channel, simulating a successful breach. If the security product allowed this connection, the system was considered compromised – representing a genuine business risk.  The tests also included an evaluation of false positives.  When dealing with threat persistence, it’s important that security teams focus on genuine alerts rather than chasing ghosts. Maintaining a low rate of false positives is important in reducing the overall threat dwell time and decreasing alert fatigue for security teams. 

Exploring the Results of the Tests 

Only six vendors participated in this year’s test. Among them were Bitdefender, Avast, CrowdStrike, ESET, Kaspersky, and NetSecurity. Each vendor provided a copy of their enterprise product, and these were configured according to the vendor’s specifications for the test.  

Figure 1: Bitdefender achieved perfect scores across all 15 tests 

Bitdefender was one of three vendors to completely block the attack and prevent any C2 connection from being established. Stopping a cyber-attack at the initial access phase is critical because it immediately nullifies the attacker's foothold, preventing resource expenditure on deeper defenses and preserving the integrity of the entire operational environment.  While those results are admirable on their own, in AV-Comparative's own words, “The intention of the test is to focus on early detection and prevention”, and so they further analyzed at what stage in the attack the threat was blocked.  

Bitdefender Stops More Attacks at Pre-Execution 

While achieving a perfect score is impressive, how Bitdefender achieved this protection reveals an even more significant security advantage. The test measured not just whether threats were blocked, but when they were intercepted: 

• Pre-execution (PRE): Threat detected before running (static analysis)
• On-execution (ON): Threat detected immediately after running (dynamic analysis)
• Post-execution (POST): Threat detected after actions were recognized (in-memory detection)

Bitdefender's Detection Timeline: 

• 13 of 15 threats (87%) blocked at pre-execution
• 2 of 15 threats (13%) blocked at on-execution
• 0 threats required post-execution detection

This pre-execution dominance represents the strongest proactive defense posture among all tested vendors: 

Figure 2: Bitdefender stopped more attacks at pre-execution than any vendor... again 

This achievement isn’t new for Bitdefender. Since AV-Comparatives began this test in 2021, Bitdefender has consistently led all vendors in stopping attacks at pre-execution. That includes test results from 2021, 2022, 2023, 2024, and the present.  

Why Pre-Execution Protection Matters 

As AV-Comparatives notes in its report: "In our opinion, the goal of every AV/EPP/EDR system should be to detect and prevent attacks or other malware as soon as possible... A good burglar alarm should go off as soon as someone breaks into your home. It should not wait until they start stealing." 

When threats are blocked before execution, no malicious code ever runs on the endpoint. This means: 

• No opportunity for memory manipulation or process injection
• No potential for data exfiltration, even momentarily
• No system resources consumed by malicious processes
• No possibility of persistence mechanisms being established
• No possibility of files being encrypted or destroyed by ransomware 

By stopping the attack before it reaches the initial stage, the threat actor’s playbook is rendered unserviceable, leaving them to look for a victim elsewhere.  

Bitdefender’s Strong Commitment to Proactive Protection 

Bitdefender's exceptional pre-execution performance stems from a multi-layered approach.  It includes deep file inspection using machine learning models trained on millions of malware samples. Adversarial AI is trained to identify obfuscated payloads, analyze execution chains before processes launch, recognize anomalous behavior, and identify malicious intent without relying on known indicators. It all happens within nanoseconds to protect and alert security teams of the potential danger without bogging them down with false alarms.   

Pre-execution protection against malicious payloads is only part of the story. Threat actors are increasingly exploiting Living-off-the-Land (LOTL) techniques that use an organization's own tools against itself. A Bitdefender analysis of 700,000 major security incidents found that 84% of high-severity attacks utilized LOTL techniques.

This type of proactive security becomes paramount in the effort to keep threat actors at bay. This is why Bitdefender released revolutionary attack surface reduction in the form of GravityZone PHASR (Proactive Hardening and Attack Surface Reduction). Using unique machine-learning models created on each individual endpoint, PHASR learns each user and application’s behavior and proactively restricts access to admin tools or specific operations within them when deemed unnecessary. This technology deprives threat actors of the very utilities they need to perform their malicious attacks. Available as both a part of the unified GravityZone platform and as a stand-alone product to complement existing security solutions, PHASR dynamically reduces the attack surface of your organization. 

Conclusion 

The multi-billion dollar cyber-crime industry targets organizations of all sizes. Organizations need security solutions that don't just react to attacks – they need platforms that prevent breaches before they happen. For leaner security teams, it’s even more critical that threats are blocked early to reduce the need for remediation efforts. Bitdefender's perfect 15/15 score in the 2025 ATP Test, combined with the industry-leading 87% pre-execution detection, validates this proactive approach. A proactive strategy transforms security from a necessary expense into a sustainable competitive advantage that outpaces evolving adversary tactics. This prevention-first strategy also contributed to Bitdefender achieving the highest protection rate while having the lowest cost of ownership in the latest AV-Comparatives Endpoint Prevention & Response test.  

To learn more about Bitdefender’s proactive approach to security, request a demo with one of our qualified engineers, or explore our solutions and services at your own pace to see how Bitdefender can help secure your organization.