Published 2026-04-30. Each row is the vendor's protection rate as factsheeted, alongside the same number recast as the miss rate — the share of samples that got through.
| Vendor | Protection | Miss | Compromised | False alarms |
|---|---|---|---|---|
| Bitdefender | 100.0% | 0.0% | 0 / 200 | 2 |
| Elastic | 100.0% | 0.0% | 0 / 200 | 6 |
| Avast | 99.5% | 0.5% | 1 / 200 | 2 |
| ESET | 99.5% | 0.5% | 1 / 200 | 2 |
| Kaspersky | 99.5% | 0.5% | 1 / 200 | 3 |
| Norton | 99.5% | 0.5% | 1 / 200 | 2 |
| Microsoft | 99.0% | 1.0% | 2 / 200 | 0 |
| VIPRE | 99.0% | 1.0% | 2 / 200 | 0 |
| Cisco | 98.5% | 1.5% | 3 / 200 | 0 |
| CrowdStrike | 98.5% | 1.5% | 3 / 200 | 2 |
| G Data | 98.5% | 1.5% | 3 / 200 | 1 |
| K7 | 98.5% | 1.5% | 3 / 200 | 3 |
| ManageEngine | 98.0% | 2.0% | 4 / 200 | 16 |
| Sophos | 98.0% | 2.0% | 3 / 200 | 1 |
| Trellix | 98.0% | 2.0% | 4 / 200 | 6 |
| SenseOn | 95.5% | 4.5% | 9 / 200 | 1 |
Industry-standard endpoint tests run against a few hundred samples. A 99% protection rate sounds airtight on a slide; in an enterprise endpoint fleet seeing tens of thousands of executions per day, the residual percentage is dozens of unblocked items. The miss rate is not a quality flaw — it is intrinsic to detection-based security, which must decide whether each sample is malicious before letting it run.
ColdRecon publishes these figures unedited and cited to their factsheets. We do not rank, score, or editorialize the vendors — readers can. The figures are presented to make the gap explicit, not to argue any single vendor's case.
ColdRecon ties every disclosed security event back to the vendor whose product was in the path — and delivers it as one short daily brief from the seller's seat. Request clearance and the first lands tomorrow at 0600.
Request Clearance →