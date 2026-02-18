AV-Comparatives Operational Technology Protection Certification 2026

AV-Comparatives Releases New Certification Test for Operational Technology Protection 2026, Raising the Bar for Critical Infrastructure Security

INNSBRUCK, AUSTRIA, February 18, 2026 /EINPresswire.com/ -- AV-Comparatives has awarded its Operational Technology (OT) Protection Certification 2026. The certification tests were conducted in January 2026. Kaspersky Industrial CyberSecurity for Nodes 4.5 and Trellix Endpoint Security 10.7 managed to fulfill all criteria to receive certification.

The OT Certification evaluates whether security products can effectively prevent execution-based attacks in fully offline, air-gapped environments typical of Operational Technology deployments. Such environments are common in critical infrastructure sectors including manufacturing, energy, transportation, utilities, and healthcare, where systems frequently operate without internet connectivity and must rely solely on locally enforced protection mechanisms.
Not all vendors met the certification requirements. Certification reports are published only for products that satisfy all defined technical and environmental criteria. In the 2026 test cycle, only Kaspersky and Trellix successfully fulfilled these.

Test Scope and Methodology
The certification focuses on post-breach scenarios in which an attacker has already obtained local system access with standard privileges. Under these conditions, products must prevent the execution of untrusted binary code without relying on cloud connectivity, online reputation services, or external intelligence systems.

Testing was conducted on Windows 10 systems configured in a fully offline, air-gapped state. All malicious and legitimate components were delivered via removable media to reflect realistic OT workflows.

Five execution-based attack scenarios were evaluated:
• Binary impersonation using legitimate metadata
• Binary with legitimate metadata and an invalid certificate
• Binary with legitimate metadata and a leaked certificate
• DLL sideloading via trusted executables
• Execution of a modified (backdoored) legitimate binary

In addition, a legitimate offline application update delivered via USB media was tested. This scenario assesses whether a product can distinguish malicious execution attempts from valid administrative processes, ensuring operational continuity in air-gapped environments.
To achieve certification, a product must successfully prevent all defined malicious execution attempts at execution time and correctly handle the legitimate offline update without disrupting the system.

Test Results
Under the tested configurations:
• Kaspersky Industrial CyberSecurity for Nodes successfully prevented all defined offline post-breach execution scenarios and correctly handled the legitimate offline update.
• Trellix Endpoint Security successfully prevented all defined offline post-breach execution scenarios and correctly handled the legitimate offline update.

Prevention occurred at execution time in accordance with the certification requirements.
Certification results are valid exclusively for the specific product versions and configurations tested. Different configurations may lead to different outcomes.

About the OT Certification
AV-Comparatives’ OT Certification is distinct from its Zero-Trust (ZT) Certification. While both programmes assess execution-based protection in post-breach scenarios, the OT track specifically requires effective protection in fully offline, air-gapped environments. Products that depend on active cloud connectivity for enforcement decisions are not eligible for OT Certification.

Further details on the certification methodology and results are available in the full report, which is available for free at https://www.av-comparatives.org/av-comparatives-operational-technology-protection-certification-2026/

