AVLab.pl Advanced In-The-Wild Malware Test - September 2025

[Jonny Quest]

F-Secure will hardly prioritise anything because they've got near zero control over the SDKs. There is the option for Avira to tailor it to the F-Secure needs and specifications but this is gonna come with fees, from consultation to building to ongoing support.

Avira in terms of scripts detection is not a disaster, it can certainly compete with the rest of the industry, however it is not known what set-up F-Secure has chosen for the Avira engines.

There is certainly some detection of fileless malware and more advanced attacks.

And I have not seen it totally fall on its face, it does respectively well regarding AV-Comparatives and Adrian's testing. I have not seen any, as far as I can recall, "I got this malware" posts on their forum even with the Avira SDK. I saw that more on Bitdefender's forum, but they have a greater consumer user base, w/o a rebranded ISP version.

Shadowra did not recommend v25.2, but where does a person have to go to get some of this intentionally sought out malware used for testing? Yet, who knows what the majority of ISP vendors may be going through since that is F-Secure major base of income, as far as malware issues?

 

[Trident]

And I have not seen it totally fall on its face, it does respectively well regarding AV-Comparatives and Adrian's testing. I have not seen any, as far as I can recall, "I got this malware" posts on their forum even with the Avira SDK. I saw that more on Bitdefender's forum, but they have a greater consumer user base, w/o a rebranded ISP version.

Shadowra did not recommend v25.2, but where does a person have to go to get some of this intentionally sought out malware used for testing? Yet, who knows what the majority of ISP vendors may be going through since that is F-Secure major base of income, as far as malware issues?

F-Secure (and Eset too) I feel is a more "different" choice than Norton and McAfee which everyone installs by default. The user base going for F-Secure is less likely to turn off the protections and execute helloHamoraAndMoradora.exe downloaded from goldenpaginasonlinetodays.xyz.

The audiences of Bitdefender, Norton, McAfee and as we've seen here Kaspersky are just very wide. So it is normal for these complaints to exist, how many of them are failure of the techology and how many of them are behind-the-keyboard problem requires very deep investigation.

F-Secure is generally doing ok because Avira is in no way abandoned.
The engines and definitions receive a lot of updates and there are quite a few OEMs using Avira.

 

[Jonny Quest]

F-Secure (and Eset too) I feel is a more "different" choice than Norton and McAfee which everyone installs by default. The user base going for F-Secure is less likely to turn off the protections and execute helloHamoraAndMoradora.exe downloaded from goldenpaginasonlinetodays.xyz.

The audiences of Bitdefender, Norton, McAfee and as we've seen here Kaspersky are just very wide. So it is normal for these complaints to exist, how many of them are failure of the techology and how many of them are behind-the-keyboard problem requires very deep investigation.

F-Secure is generally doing ok because Avira is in no way abandoned.
The engines and definitions receive a lot of updates and there are quite a few OEMs using Avira.

I "loved" the first paragraph, the rest gets a Great observations

 

[annaegorov]

Now see that's a proper indirect attack on others, demeaning in every sense. Just enough to say something without truly stating hey I was a part of that too.

I'm trying to learn to be diplomatic, being a teen from the 70's I haven't quit acclimated to the softer, more sensitive agenda of the last 45 years.

 

[ForgottenSeer 123960]

I'm trying to learn to be diplomatic, being a teen from the 70's I haven't quit acclimated to the softer, more sensitive agenda of the last 45 years.

Being diplomatic involves not taking sides and in this scenario just contributing to the thread and side stepping the issues. Ironically though posting what you did made you no better than those you were making fun of maybe even putting you in the same class you designated.

 

[annaegorov]

Being diplomatic involves not taking sides and in this scenario just contributing to the thread and side stepping the issues. Ironically though posting what you did made you no better than those you were making fun of maybe even putting you in the same class you designated.

It seems that you are offended, that was not my intent. I extend my apologies...

I come from a time where people called each other Reta-d and sometime they meant it, because you were, at other times in jest as we laughed at each other. That seems to be gone now, and I think that makes for a softer, weaker, society.

People no longer climb trees, run and play, instead they wear helmets when they skateboard.

First hate speech was for the single group of peoples, called black, but I knew it wouldn't be long before everything was labeled hate speech...

Imagine our current population having to face WW2 even for the last 50 years, just not possible.

We stumble over each other to virtue signal, all the while staring at a small object in our hands, called a smart phone, leaving the user of such phone to be what? I guess stupid.

 

[ForgottenSeer 123960]

It seems that you are offended, that was not my intent. I extend my apologies...

I come from a time where people called each other Reta-d and sometime they meant it, because you were, at other times in jest as we laughed at each other. That seems to be gone now, and I think that makes for a softer, weaker, society.

People no longer climb trees, run and play, instead they wear helmets when they skateboard.

First hate speech was for the single group of peoples, called black, but I knew it wouldn't be long before everything was labeled hate speech...

Imagine our current population having to face WW2 even for the last 50 years, just not possible.

We stumble over each other to virtue signal, all the while staring at a small object in our hands, called a smart phone, leaving the user of such phone to be what? I guess stupid.

No apologies necessary, although I have respect for that.

I'm not offended just pointing out the difference. I'm over 50 , ex military, my skin is pretty tough actually.

Does not mean I won't feed back to others what they do to me though, as common courtesy of course.

 

[Zero Knowledge]

Shadowra did not recommend v25.2, but where does a person have to go to get some of this intentionally sought out malware used for testing? Yet, who knows what the majority of ISP vendors may be going through since that is F-Secure major base of income, as far as malware issues?

There are two types of users 95%, 1st group of users are basic home users where basic signatures and databases + phishing are needed.

Then the last 5% (which are most of users on here) are paranoid as hell, want APT & zero day protection, script & anti-exe, behavior blocking, heuristics, deception tech.

For most people simple protection works, not all this exotic crap! And if you are in the last 5% you have probably locked down your PC and can't even access the internet

 

[Parkinsond]

There are two types of users 95%, 1st group of users are basic home users where basic signatures and databases + phishing are needed.

and the target of marketing team of security vendors is to make the 95% think they are the 5%.

 

[Zero Knowledge]

and the target of marketing team of security vendors is to make the 95% think they are the 5%.

And this is the major problem, you need to create more revenue and more profits so you pump people full of fear and scare tactics.

Unless you go looking for trouble (torrents, warez, crackz or hacker forums) your probably going to be fine in regards to malware infections.

And in the cases where your targeted or what not even governments get hacked so you have little hope, but home users have been pretty safe for at least 10 years.

 

[Parkinsond]

Unless you go looking for trouble (torrents, warez, crackz or hacker forums) your probably going to be fine in regards to malware infections.

and that what makes me wonder why most of members declare they do not do that, use updated OS and browsers, while seeking large arsenal of security products!

 

[Zero Knowledge]

and that what makes me wonder why most of members declare they do not do that, use updated OS and browsers, while seeking large arsenal of security products!

Boredom, learning & curiosity. Learning and studying cybersec fills in time. It's also a good life skill to practice good cyber security hygiene and transfers into other life skills.

And it's pretty boring sticking to one security solution, we all like to tinker with software and try new things. But really these days for home users it's set and forget and change passwords when there is a breach. It's pretty boring otherwise these days for home users!

 

[Parkinsond]

Boredom

When I get bored, I reinstall W.

learning & curiosity

I was curious at the beginning, trying several tools, one by one; after a while, I estimated the risk according to exposure, based on behavior and surface area, then I have found extra tools will impair usability more than extra protection it might offer.

 

[simmerskool]

There are two types of users 95%, 1st group of users are basic home users where basic signatures and databases + phishing are needed.

Then the last 5% (which are most of users on here) are paranoid as hell, want APT & zero day protection, script & anti-exe, behavior blocking, heuristics, deception tech.

For most people simple protection works, not all this exotic crap! And if you are in the last 5% you have probably locked down your PC and can't even access the internet

maybe simple protection... but then how do you explain hundreds of $million paid annually (2024) to undo ransomware. I saw another cost estimate into the $billions. (corporations / businesses are mostly just people using computers at their desks. ) I feel @bazang chiming in here

 

[Jonny Quest]

maybe simple protection... but then how do you explain hundreds of $million paid annually (2024) to undo ransomware. I saw another cost estimate into the $billions. (corporations / businesses are mostly just people using computers at their desks. ) I feel @bazang chiming in here

LOL...let me chime in for him, "it's people, it's always people"
From this article:

Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain

Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.

www.bitdefender.com

• The attack is directed at novices who don't often download pirated content or understand the dangers of torrents.

 

[Wrecker4923]

Then the last 5% (which are most of users on here) are paranoid as hell, want APT & zero day protection, script & anti-exe, behavior blocking, heuristics, deception tech.

For most people simple protection works, not all this exotic crap! And if you are in the last 5% you have probably locked down your PC and can't even access the internet

I must say I am in the 95% on the paranoid side, and I don't get APT & zero day protection, script & anti-exe, and behavior blocking , although MT definitely keeps me entertained .

 

[Parkinsond]

LOL...let me chime in for him, "it's people, it's always people"
From this article:

Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain

Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.

www.bitdefender.com

They are not only naive regarding piracy, but also for cybersecurity.
Next time they should pick movies with embedded subtitle, and avoid the one with external subtitle.
Lesson two, deselect "hide know file extensions" in W explorer to avoid clicking any lnk file you have not created yourself (in such a case, we do not even need to apply SRP; you are the policy).

 

[stonjean633]

LOL...let me chime in for him, "it's people, it's always people"
From this article:

Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain

Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.

www.bitdefender.com

People are part of the problem, it's hooooman nature. Hehe

 

[Parkinsond]

People are part of the problem, it's hooooman nature. Hehe

Just blame hoomans, provide no applicable solutions to help, and order them to do research.

 

[Adrian Ścibor]

AV labs .....Webroot 100% . anyone care to comment on that result ?

Yes, why?

Would you like us to provide evidence for each sample? Do you really think the results are made up on the fly?

We are required to provide evidence for each sample, and we do so in several ways:

• antivirus logs
• Sysmon logs (rules to detect Webroot's response to malware)
• a screenshot of each PRE or POST_Launch detection
• extracting words from an image as OCR (image-to-text conversion)
• Sysmon logs for malicious actions of each sample

CSV extract for the Webroot (a piece):

Additionally, see how many requirements we have to meet to comply with AMTSO: https://avlab.pl/en/wp-content/uploads/2025/09/AMTSO-Compliance-Confirmation-AVLab-July-2025.pdf

We, as a Lab, are evaluated by each software developers for each edition of the test.

Example of a screen for stopping malware at the PRE stage while downloading in Opera:

And another:

Example at the POST level:

An another example:

A piece of Sysmon tree: