Author: Alexander Ivanyuk — Senior Director, Technology
Modern cyberattacks rarely arrive in a simple, obvious form. Attackers hide malicious code inside files that look legitimate, chain multiple tactics together and use techniques designed to bypass traditional endpoint defenses. For businesses, that makes independent security testing especially valuable.
In the latest AV-TEST Advanced Threat Protection test, published on April 28, 2026, Acronis Cyber Protect Cloud was evaluated as part of the corporate endpoint protection segment under Windows 10. The result was clear: Acronis earned a perfect 35 out of 35 protection score, identifying attackers without fail across all 10 test scenarios. That result qualified the product for an official “Advanced Approved Endpoint Protection” badge for Windows.
This serves as an important proof point for organizations choosing cyber protection for business-critical systems. It shows that Acronis Cyber Protect Cloud performed at the highest level in a test focused on two of today’s most damaging threat types: ransomware and infostealers.
How AV-TEST measured protection
AV-TEST designed this Advanced Threat Protection evaluation around realistic attack behavior, not simple file scanning. In the corporate endpoint protection segment, AV-TEST evaluated nine business security solutions under Windows 10, including Acronis Cyber Protect Cloud.
Each product faced five attack scenarios using ransomware and infostealers. AV-TEST then scored the results based on how well each solution defended against those attacks. A product could earn up to three points for stopping ransomware and up to four points for stopping infostealers, for a maximum possible protection score of 35 points. Partial defenses could receive half points.
The methodology also matters because AV-TEST mapped the attack scenarios to the MITRE ATT&CK framework. The individual sub-techniques were listed using MITRE technique IDs, which makes the test steps easier for security experts to understand, compare and validate.
In other words, this was not a simple “malware detected or not detected” exercise. The test looked at whether endpoint protection could handle attack chains that reflect how real attackers operate.
Why this test reflects today’s threat landscape
One of the techniques highlighted in the test involved the use of PyInstaller. Attackers can use PyInstaller to bundle dangerous Python scripts with a small Python runtime environment, creating executable files that run directly on Windows. This technique can be difficult to spot because PyInstaller-generated files are widely used by developers to distribute legitimate software.
That detail is important for business security teams. In everyday environments, not every suspicious-looking file is clearly malicious, and not every legitimate-looking file is safe. Attackers know this and often try to hide inside normal software behavior.
For the test, AV-TEST used PyInstaller-packaged Python applications that later loaded dangerous shellcode or manipulated DLL files. This allowed the lab to simulate ransomware and infostealer behavior on the target system.
This is exactly the kind of scenario where businesses need more than basic detection. They need protection that can recognize malicious behavior before data is encrypted, stolen or used to expand an attack.
Acronis achieved the maximum protection score
Acronis Cyber Protect Cloud was one of the corporate endpoint solutions that earned full points in the AV-TEST evaluation. Six of the nine corporate solutions achieved the maximum score, identifying attackers without fail in all 10 scenarios. Acronis was listed among the products that earned 35 points in the protection category.
For Acronis customers, the significance is straightforward. The test focused on attacks that can directly affect business continuity, data integrity and operational resilience. Ransomware can encrypt systems and interrupt work. Infostealers can capture credentials and sensitive information, creating risk long after the first infection. AV-TEST’s testing scenarios were built around those threat categories, which makes the result highly relevant for organizations evaluating endpoint protection.
The score also supports Acronis’ broader approach to cyber protection. Businesses do not only need to detect threats. They need to prevent attacks, protect data and reduce the chance that a security incident becomes downtime, data loss or customer disruption.
For customers, a perfect AV-TEST score gives independent validation that Acronis Cyber Protect Cloud can defend against advanced ransomware and infostealer scenarios in a business endpoint environment. This matters when security decisions must be justified with measurable, third-party evidence rather than marketing claims.
For service providers, the result is equally useful. MSPs need solutions they can confidently recommend, deploy and manage across customer environments. Acronis achieving a 35/35 score in this ATP test gives partners a clear proof point when discussing protection against ransomware, credential theft and advanced malware delivery techniques.
AV-TEST also stated that corporate products needed at least 75% of the 35-point protection score, or 26.5 points, to pass certification testing, and that they also had to participate regularly in AV-TEST’s bimonthly Windows tests. Acronis Cyber Protect Cloud met the requirements and received the “Advanced Approved Endpoint Protection” certification.
Read the full AV-TEST report here.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 60+ countries. Acronis Cyber Platform is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses.
