Objective Information for Informed Decisions

We participate in testing to collaborate with the industry at large and share information that ultimately allows us to improve our products. We want to give our customers confidence in the capabilities of our products by providing objective information around our capabilities in order for them to make the most informed decisions.

Public Testing

We participate in a diverse set of public, unbiased tests because it shows our commitment to ensuring our products are equipped to handle a wide variety of real-world attack scenarios.

Test Date: May, 2020


AV-Comparatives is an independent organization offering systematic testing for security software. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. VMware Carbon Black is a new entrant to AV-Comparatives testing and very proud to have received a 100% on malware, and 99.8% on the real-world protection tests, during the initial testing period (March-April 2020), and scoring better than most of our direct competitors.



Test Date: April, 2020


VMware Carbon Black is proud to be a two-time participant in the MITRE ATT&CK EDR evaluation. This test is built to exercise how well an EDR tool supplies its operators with the visibility and features they need to detect threats. Unlike other tests that measure automated prevention, this test reflects how threat hunters operate in the real world, pitting skilled professionals against a common set of threats.


Test Date: June, 2020


Although primarily malware focused, we believe participation in AV-Test is important because it provides a well-rounded sample and includes a robust false-positive test that paints a realistic picture of what running AV is like in production. Carbon Black has consistently achieved 100% blocking rate of prevalent malware set and 100% detection rate of all attacks in these tests.


Test Date: June-July, 2018


The OPSWAT program abides by all industry standards and procedures, making the badge an industry-wide stamp of approval. This certification verifies that endpoint security products are supported by the OESIS Framework and therefore compatible with the many solutions that employ OESIS. It is for these reasons that we believe this program is an important one, which we are committed to participating in.


Test Date: June, 2018


As a security vendor, it’s important to regularly check how your product is performing in the market. For this reason, Carbon Black participates in the monthly ICSA Labs Anti-Malware test, where our product is evaluated against the most current known malware. We’ve consistently received a 100% prevention rating, validating that our detection capabilities.


Not all tests are built the same.

When evaluating third-party test results, watch out for:

  • Vendors who only participate in sponsored testing, where they control the test
  • Vendors who opt out of rigorous prevention tests such as NSS Labs AEP
  • Vendors who don’t adopt diversity in their testing strategy
  • Tests that only exercise a limited portion of the attacker techniques across the entire killchain


We think it is important tests are reflective of the reality of the current threat landscape, so we take an active role in evolving testing standards and methodologies that improve objectivity and relevance in testing.


Anti-malware testing isn’t easy, and it can be biased or easily rigged. AMTSO’s charter has been set to address the global need for improvement in the objectivity, quality, and relevance of anti-malware testing methodologies. We believe in AMTSO’s mission of defining a set of standards that all vendors and testers should adhere to, so that we can have truly unbiased, objective independent testing.


Product Attestations

Coalfire Report: Endpoint Standard PCI DSS Attestation

Coalfire Systems, a respected QSA company, found that VMware Carbon Black Endpoint Standard, passed AV-efficacy and directly meets the PCI DSS anti-malware security control requirement.

Coalfire Report: App Control PCI DSS Attestation

App Control provides coverage across eight of the 12 requirements of the PCI DSS and supports critical security goals.

HIPAA Compliance Attestation

Coalfire Systems, Inc. describes how the VMware Carbon Black Cloud and Workspace ONE platforms can help organizations comply with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, based on the sample testing and evidence gathered during Coalfire’s assessment.

Ready to Get Started?

See how VMware Carbon Black can help simplify and fortify your security stack today and tomorrow.