This may be due to switching from Firefox to Opera each version has its own description in the article, so you should look for it in the details.
Additionally, in May 2026, we’re using Block Mode for Microsoft EDR, which I suppose is the default setting.
As for the rest of the calculations. OK though without concrete data like ours, we can’t say with 100% certainty what quality of samples AV-T and AV-C are using.
In our tests, results are often worse at first, before publication, but later, after contacting the vendor, it turns out that some samples have to be removed because they don’t work. So a result of, say, 98% becomes 99.8%, but that’s better than pretending that the 10 samples that didn’t work are still included in the test. That’s why I mention that other lab don’t share details with vendors, so they can’t respond to them and influence a change in the result.
I’ve been in this industry for a while now, and sometimes what’s written in a PDF doesn’t match reality. On the other hand, a lack of evidence also means there’s no way to prove something isn’t true. Of course, this is just a theory.
From what I know, samples from the RTTL database are still being used, but not by us, because there’s nothing interesting there except for Linux samples: scripts and binaries. It’s not a database focused on Windows samples.
I think this is important:
On the other hand, due to the lack of good samples in the wild, we have already started working on a project in March 2026 in collaboration with the global community. We want to provide them with a project that, on the one hand, will enhance their online security, and on the other, will allow us to collect samples for testing. Details will be available once the MVP project for the community and business is released publicly. We may invite someone from the MT forum to test it and provide feedback before the release.
