AV-Comparatives, an independent cybersecurity software testing organization, has released the results of two key evaluations of enterprise security solutions. The CrowdStrike Falcon® cybersecurity platform achieved the EDR Detection Certification in AV-Comparatives’ inaugural 2025 EDR Detection Validation Test and the AV-Comparatives 2025 Mac Approved Security Award.
This independent validation confirms the Falcon platform’s ability to stop breaches across the modern enterprise. The Falcon platform’s innovative approach of combining advanced AI behavioral analysis, threat intelligence, and comprehensive detection to identify and stop attacks provides the defense organizations need to protect both Windows and Mac devices.
Falcon Platform Certified for EDR Detection
AV-Comparatives’ EDR Detection Validation Test is a comprehensive suite of tests including a full attack scenario with 12 steps and multiple sub-steps. Cybersecurity solutions are evaluated in “detection only” mode so testers can assess their ability to detect and identify each technique.
Rather than duplicate tradecraft specific to a known adversary, testers used a broad approach, emphasizing tactics, techniques, and procedures (TTPs) that are often encountered or were seen in past attacks. This allowed them to evaluate EDR detection performance against a wide range of techniques.
The attack began with initial access to a system through malware delivered via spear-phishing email. It progressed to persistence, privilege escalation, lateral movement, and data exfiltration.
The Falcon platform “[d]emonstrated solid detection capabilities throughout multiple stages of the simulated attack chain,” testers report. “While not every action triggered real-time high-severity alerts, the platform consistently recorded and surfaced relevant telemetry, enabling meaningful post-event investigation. The solution particularly excelled in identifying early-stage activities such as execution of malicious payloads, scheduled task persistence, and credential access attempts, while offering visibility into command-and-control (C2) operations via behavioural analysis.”
The assessment also included signal-to-noise tests to validate products’ ability to weed out legitimate tasks that could lead to overalerting and false positives. The Falcon platform correctly handled all five validation tests, showing how analysts can reduce time investigating false positives.
AV-Comparatives described CrowdStrike’s strong performance: “CrowdStrike Falcon remains a top-tier detection platform, particularly when integrated into threat hunting-oriented environments. Its high-quality telemetry, strong detection during early-stage compromise, and mature investigation capabilities offer considerable value to skilled analysts.”
This performance earned CrowdStrike the AV-Comparatives 2025 EDR Detection certification. Read the full AV-Comparatives EDR testing report here.
99.8% Protection in macOS Security Testing
The AV-Comparatives macOS evaluation assessed security products’ effectiveness in defending a macOS system against malicious apps.
Testing took place in May 2025. AV-Comparatives tested 899 malicious samples that had appeared in preceding months and verified products’ ability to detect 750 prevalent potentially unwanted applications (PUAs) on macOS.
CrowdStrike detected and protected against 99.8% of the 899 malware samples and detected 98% of the PUA samples while returning zero false positives, earning the AV-Comparatives 2025 Mac Approved Security certification.
This marks the eighth consecutive year that CrowdStrike has achieved this AV-Comparatives certification. These consistent results show the Falcon platform’s use of advanced AI and ML technology — instead of relying on signature-based detection — is effective at stopping attacks targeting macOS.
Read the full AV-Comparatives Mac Security test report here.
Why Independent Testing Matters
CrowdStrike is a strong supporter of independent testing by organizations like AV-Comparatives. These tests provide unbiased validation of our security capabilities through respected third-party verification. They benchmark the Falcon platform’s performance against the threat landscape, providing customers with a valuable resource for evaluating cybersecurity solutions.
The real-world assessments conducted by respected testing authorities such as AV-Comparatives help ensure the Falcon platform maintains its position as the industry’s premier solution for stopping breaches. Public testing helps drive continuous product improvement to meet evolving security challenges, benefiting the entire cybersecurity industry.
For CrowdStrike, these awards aren’t just validation. They’re proof that the Falcon platform delivers on its promise: stopping breaches across all environments.
Additional Resources
