AVLab.pl Advanced In-The-Wild Malware Test results for March 2025

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
Andy Ful said:
That is my opinion too.(y)
Click to expand...
The rollback as well is poorly documented, there is no official documentation that explains it. Of course we can dive into the patents and find out even the mathematical formulas behind the clustering but that’s not the point.

My question is, if untrusted process cuteGirl.exe spawns PowerShell and through that destroys or exfiltrates data, would the actions of the not-monitored and trusted PowerShell be undone?
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,926
Trident said:
My question is, if untrusted process cuteGirl.exe spawns PowerShell and through that destroys or exfiltrates data, would the actions of the not-monitored and trusted PowerShell be undone?
Click to expand...

Probably not, but adding CMD, PowerShell, MSHTA (and maybe some more LOLBins) to monitored processes can improve the detection.
Anyway, Webroot can be easily tweaked to block unknown executables, which works as a slightly more comprehensive brother of Windows SmartScreen.
Fileless attacks are not so common at home, but they can also be mainly covered by blocking CMD, PowerShell, MSHTA, etc. (the simplest&fast method is via Windows Exploit Protection "Disable Win32k system calls"). Webroot mentioned this alternative in the documentation:

If one likes Webroot, the above setup at home is probably as good as tweaked top AVs. Of course, similar improvements can also be done with other solutions by tweaking the settings (which is slightly more convenient).
 
Last edited:
  • +Reputation
  • Hundred Points
Reactions: Trident and simmerskool

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • Love
AVLab.pl Advanced In-The-Wild Malware Test – January 2025
Replies
3
Views
1,495
Security Statistics and Reports
oldschool
oldschool
Adrian Ścibor
    • Like
    • Thanks
    • +Reputation
AVLab.pl Product Of The Year 2025 – Summary of Advanced In-The-Wild Malware Test
Replies
16
Views
1,969
Security Statistics and Reports
mlnevese
mlnevese
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
AVLab.pl Advanced In-The-Wild Malware Test – November 2024
Replies
37
Views
3,727
Security Statistics and Reports
mlnevese
mlnevese

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top