AVLab.pl - May 2022: Advanced In The Wild Malware Test

[harlan4096]

Dear Readers!

Last edition of Advanced In The Wild Malware Test we had a lot discuss about methodology. The primary changes we added are MOTW (mark of the web) feature and change wording (Level 1, Level 2, Level 3 to Post-Launch and Pre-Launch).

In May 2022, we completed the 18th edition of the Advanced In the Wild Malware Test. We carry out this analysis for our readers systematically in order to show the effectiveness of security from various developers in the long run. This time we used 1925 samples of malware.

Tested softwares (always the latest version – our testing system updates antiviruses and signatures once a day):

• Avast Free Antivirus
  
• Avira Antivirus Pro
  
• Bitdefender Total Security
  
• Comodo Advanced Endpoint Protection (for businesses)
  
• Comodo Internet Security
  
• Emsisoft Business Security (for businesses)
  
• Malwarebytes Premium
  
• Mks_vir Endpoint Security (for businesses)
  
• Microsoft Defender (Windows 10 with SmartScreen disabled – explanation in article)
  
• CatchPulse (formerly known as SecureAPlus Pro)
  
• Webroot Antivirus
  

Please note!

​In May we experimented with Microsoft Defender. We disabled SmartScreen in order to verify the true effectiveness of protection against malware without the use of technology that is not part of the antivirus, but the operating system. Microsoft’s results were not satisfactory, because 98,6%.

In July 2022, in the next edition the SmartScreen technology for Microsoft Defender will be enabled in order to compare results. Experience on the example will tell whether the level of protection is significantly higher. We will present the conclusions in the next summary.

New! Level 1 + Level 2 = Pre-launch

​Start from May 2022 we change Level 1 and Level 2 are combined into single level: Pre-launch (previously Level 1 or Level 2)

Level 3 remains the same level with new name: Post-launch (previously Level 3)

Reclassification of levels is for marketing to simplify the methodology and make it easier to understand the tests that users have suggested. Thank you!

So the new classification concerns detecting malware samples:

• Before they are launched in the system (Pre-launch)
  
• and samples which are blocked after launch (Post-launch). This is the most dangerous situation but experience shows that such cases require tests in the field.
  

Please read full comment: Advanced In The Wild Malware Test: We Check How Malware Is Blocked Before And After Being Launched - AVLab Cybersecurity Foundation

Recent Results: Recent Results - AVLab Cybersecurity Foundation