In January 2026, the AV-TEST Institute published results from a rigorous advanced threat protection (ATP) test that examined how effectively current security products defend Windows systems against sophisticated malware attacks. As attackers increasingly leverage legitimate features and subtle techniques to penetrate defenses, this test provides insight into which solutions can truly recognize and mitigate these threats. In this evaluation, Acronis Cyber Protect Cloud demonstrated full protection across all tested attack scenarios, achieving the maximum possible score in the ATP assessment. The solution successfully blocked all 10 advanced attack chains, including both ransomware and infostealer techniques, earning a total of 35 out of 35 protection points in the AV-TEST methodology.
The ATP test and why it matters
The ATP test is an independent evaluation developed by the AV-TEST Institute to assess how well security products anticipate and interrupt advanced malware techniques — not just basic signature detection. It supplements traditional malware tests by simulating realistic attack chains that exploit the behavior of Windows components, rather than relying on straightforward delivery methods.
Windows itself can inadvertently facilitate attacks. For example, the operating system might attempt to load a dynamic link library (DLL) even if it does not exist, and attackers exploit this behavior to insert malicious code and trigger ransomware or data theft processes. By mimicking such creative misuses of Windows behavior, the ATP focuses on defense against “living-off-the-land” attacks that blend into legitimate system activity.
The latest ATP test took place in November and December 2025 on Windows 11 systems. Each participating security solution was evaluated across 10 distinct real-world attack scenarios involving both ransomware and infostealer malware.
How the test measures protection
To provide a nuanced assessment, the ATP test follows a structured scoring methodology: Each product had to confront 10 live attack sequences crafted to represent advanced techniques attackers use in the wild. These include phantom DLL hijacking and DLL sideloading, which try to trick Windows into launching malicious code under the guise of benign system processes. Each scenario involved either a ransomware or an infostealer sample. Products could earn up to three points for fully defending against a ransomware sample and up to four points for an infostealer. Partial defenses earned half points where appropriate. In total, a maximum of 35 protection points could be achieved, reflecting complete prevention across all evaluated threats.
The test measures more than simple detection. It documents whether a product not only recognizes the threat but also prevents execution, halts lateral activity and stops data theft or encryption. This aligns with real attacker behavior, in which detection alone often isn’t sufficient to protect systems.
Acronis in the ATP test
Among the corporate endpoint solutions evaluated, Acronis Cyber Protect Cloud demonstrated a perfect performance. In fact, the Acronis solution successfully defended against all 10 of the advanced attack scenarios included in the test, achieving the maximum possible protection score of 35 out of 35 points. This places it among the top performers in the corporate segment alongside other major vendors.
Although Acronis met the protection score requirement with an excellent result, the specific product tested was not part of AV-TEST’s regular public certification series. For this reason, Acronis did not receive the formal certification designation in this ATP evaluation.
What this means for IT professionals
The ATP test underscores that advanced malware tactics continue to evolve, and defending systems effectively requires more than baseline threat detection. Scores from this test are a practical indicator of how well endpoint solutions can anticipate malicious behavior and protect users from real-world attack techniques.
For corporate defenders, the strong performance by Acronis in the ATP scenario tests confirms that its detection and mitigation capabilities are robust — even against complex attack chains. The absence of formal certification in this particular test reflects specific procedural criteria, not a deficiency in security quality.
The AV-TEST ATP evaluation offers a rigorous and realistic assessment of endpoint protection against advanced threats. Across 10 real attack scenarios featuring evolving malware techniques, Acronis demonstrated top performance. While it did not receive a certification solely because it was not part of the regular public certification lineup, the test results themselves validate the strength of its capabilities.
Read full report here.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses.
