AV-Comparatives Do you understand Malware Protection tests?

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Level 70
Content Creator
Dec 23, 2014
Although we probably cannot use the anomalous tests to reflect the AV protection in the wild, such tests strongly suggest what should be done to strengthen the Trend Micro protection while using cracks, pirated software, game mods, and other shady stuff. Such executables could be used earlier in the web/mail originated attacks where there is a greater chance that the user of another AV was infected (while Trend Micro users were protected). So, although there will not be the malware signature in the Trend Micro base, there will be the signature in the base of another AV. The user can manually check the file against something like HitmanPro to increase the protection.:)(y)

Using shady stuff is not recommended and sooner or later will end with the virus infection. Anyway, in some countries, the conversion to US $ makes the price unacceptable, and poor people often use (even buy) pirated software.:(
Last edited:


Level 7
Jul 19, 2018
If you exclude the low prevalence file default-deny popup (not something that should be done), some of the files are catched and terminated because of attempt to do an unauthorized change. The remaining runs on the system and AEGIS with it's behavioral detection kicks in sometimes but it's either not as aggressive or the samples downloaded from abuse.ch are not that serious ones. To be honest I would expect post-execution Predictive Machine Learning detections to be happen more often, because what it does is catching unknown malware. Maybe, the samples are not doing anything malicious right now in the system.




This of course is the worst case scenario. However I have positive thoughts about its continuous update of threat signatures. When I scan the remainings in the folder, more and more files gets detected throughout the same day.
Last edited by a moderator: