AVLab.pl Advanced In-The-Wild Malware Test results for March 2025

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,375
Andy Ful said:
That is my opinion too.(y)
Click to expand...
The rollback as well is poorly documented, there is no official documentation that explains it. Of course we can dive into the patents and find out even the mathematical formulas behind the clustering but that’s not the point.

My question is, if untrusted process cuteGirl.exe spawns PowerShell and through that destroys or exfiltrates data, would the actions of the not-monitored and trusted PowerShell be undone?
 
Last edited:
  • Like
  • +Reputation
Reactions: roger_m, simmerskool and Andy Ful
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,947
Trident said:
My question is, if untrusted process cuteGirl.exe spawns PowerShell and through that destroys or exfiltrates data, would the actions of the not-monitored and trusted PowerShell be undone?
Click to expand...

Probably not, but adding CMD, PowerShell, MSHTA (and maybe some more LOLBins) to monitored processes can improve the detection.
Anyway, Webroot can be easily tweaked to block unknown executables, which works as a slightly more comprehensive brother of Windows SmartScreen.
Fileless attacks are not so common at home, but they can also be mainly covered by blocking CMD, PowerShell, MSHTA, etc. (the simplest&fast method is via Windows Exploit Protection "Disable Win32k system calls"). Webroot mentioned this alternative in the documentation:

If one likes Webroot, the above setup at home is probably as good as tweaked top AVs. Of course, similar improvements can also be done with other solutions by tweaking the settings (which is slightly more convenient).
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: roger_m, Trident and simmerskool
G

gabriellm

New Member
Apr 11, 2025
7
Adrian Ścibor said:
Dear Community!

We have published on our site for the month of March 2025. Among the appointments are added information on the malware families used (RATs, ransomware, stealers, etc.), and we have also added a breakdown of Enterprise and Home/Small Office products.

Details are available on the Recent Results webpage: Recent Results » AVLab Cybersecurity Foundation

And article: Advanced In-The-Wild Malware Test Results For March 2025 » AVLab Cybersecurity Foundation

If you have any wishes about what to include in the test in May, let us know in the comments.

We are also finishing work on the annual review of EDR-XDR solutions and publication is planned for May too.
Click to expand...
Hello, Adrian!
Is there any reason for not including Kaspersky on the tests? I would like to see it to compare with other solutions! Last AV Comparatives, it got good results.
 
  • Like
Reactions: simmerskool
Adrian Ścibor

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
229
gabriellm said:
Hello, Adrian!
Is there any reason for not including Kaspersky on the tests? I would like to see it to compare with other solutions! Last AV Comparatives, it got good results.
Click to expand...
Hi.

As I have explained many times before, we are not obliged to test every software if we do not receive compensation for the hardware resources and work involved due to sanctions imposed by Poland on Russia and, more generally, on Kaspersky worldwide.

The problem with Kaspersky at the moment is that the licence we bought in another country does not work in the place where we have our test server, although it is the same version.

I think Kaspersky may appear in our test this year.

An additional problem with Kaspersky is that their extended logs, which must be enabled to provide additional visibility into system information and malware behavior, often contain as much as 1-2GB for each malware sample!!!

We have to copy this data, which is done automatically, of course, but it slows down testing and means we can only use a smaller number of samples per month.

Now imagine 700 malware samples x 1-2GB each, how much space that takes up.
 
  • +Reputation
  • Like
Reactions: Jonny Quest, SeriousHoax, ErzCrz and 3 others

Similar threads

Gandalf_The_Grey
    • Like
    • Hundred Points
    • Love
AVLab.pl Advanced In-The-Wild Malware Test – January 2025
Replies
3
Views
1,511
Security Statistics and Reports
oldschool
oldschool
Adrian Ścibor
    • Like
    • Thanks
    • +Reputation
AVLab.pl Product Of The Year 2025 – Summary of Advanced In-The-Wild Malware Test
Replies
16
Views
1,992
Security Statistics and Reports
mlnevese
mlnevese
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
AVLab.pl Advanced In-The-Wild Malware Test – November 2024
Replies
37
Views
3,781
Security Statistics and Reports
mlnevese
mlnevese

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top