// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE LAB-16DTG 0600Z
ColdRecon / Detection Gap
Independent Lab Results

The Detection
Gap, Quantified

16 VENDORS · 1 TEST ROUND ON FILE · AV-Comparatives

Independent labs publish endpoint-protection results every cycle. The protection rate they print is the upper bound. The other side of that number — the miss rate — is what defends a network when a real attack arrives. Below: the most recent shared round, every figure cited to its factsheet.

Most recent shared round

AV-Comparatives · Business Security Test (Mar–Apr 2026)

Published 2026-04-30. Each row is the vendor's protection rate as factsheeted, alongside the same number recast as the miss rate — the share of samples that got through.

VendorProtectionMissCompromisedFalse alarms
Bitdefender 100.0% 0.0% 0 / 200 2
Elastic 100.0% 0.0% 0 / 200 6
Avast 99.5% 0.5% 1 / 200 2
ESET 99.5% 0.5% 1 / 200 2
Kaspersky 99.5% 0.5% 1 / 200 3
Norton 99.5% 0.5% 1 / 200 2
Microsoft 99.0% 1.0% 2 / 200 0
VIPRE 99.0% 1.0% 2 / 200 0
Cisco 98.5% 1.5% 3 / 200 0
CrowdStrike 98.5% 1.5% 3 / 200 2
G Data 98.5% 1.5% 3 / 200 1
K7 98.5% 1.5% 3 / 200 3
ManageEngine 98.0% 2.0% 4 / 200 16
Sophos 98.0% 2.0% 3 / 200 1
Trellix 98.0% 2.0% 4 / 200 6
SenseOn 95.5% 4.5% 9 / 200 1
Reading the gap

Why a sub-2% miss matters

Industry-standard endpoint tests run against a few hundred samples. A 99% protection rate sounds airtight on a slide; in an enterprise endpoint fleet seeing tens of thousands of executions per day, the residual percentage is dozens of unblocked items. The miss rate is not a quality flaw — it is intrinsic to detection-based security, which must decide whether each sample is malicious before letting it run.

ColdRecon publishes these figures unedited and cited to their factsheets. We do not rank, score, or editorialize the vendors — readers can. The figures are presented to make the gap explicit, not to argue any single vendor's case.

Your competitor's miss rate is on their factsheet. Their next breach is in tomorrow's brief.

ColdRecon ties every disclosed security event back to the vendor whose product was in the path — and delivers it as one short daily brief from the seller's seat. Request clearance and the first lands tomorrow at 0600.

Request Clearance →