AVLab.pl November 2021 - The Advanced In The Wild Malware Test

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
114
Dear Readers!

As you know in November we start with next edition of Advanced In The Wild Malware Test. This time we have used more than 1700 malware samples from CERT Poland database as Malware Bazar as well (except our honeypots). The results of protection are different as always. You have to know that we reported a noticed problems to the vendors and their protection should be updated. In the meantime, we can already start summarizing the tests from all of 2021.

Full report: Results of protection against threats from the list of CERT Poland - AVLab Cybersecurity Foundation

Details: The November 2021 Results - Advanced In The Wild Malware Test

Updated Methodology (Yara rules added): Methods of carrying out automatic tests - AVLab
 

JasonUK

Level 5
Apr 14, 2020
207
So F-Secure killed an impressive 99% at the first hurdle which, if I'm reading the testing notes correctly, means it has strong signature protection but those which blocked mainly at Level 3 showed potentially stronger protection against possible 0-day threats. I wonder how well F-Secure's Level 3 protection would have dealt with the samples if Level 1 protection had been disabled? If it was just as effectively that would be a very strong result and a standout winner.
 

Adrian Ścibor

From AVLab.pl
Thread author
Verified
Well-known
Apr 9, 2018
114
So F-Secure killed an impressive 99% at the first hurdle which, if I'm reading the testing notes correctly, means it has strong signature protection but those which blocked mainly at Level 3 showed potentially stronger protection against possible 0-day threats. I wonder how well F-Secure's Level 3 protection would have dealt with the samples if Level 1 protection had been disabled? If it was just as effectively that would be a very strong result and a standout winner.
In theory, signature protection can block up to 95% of malware on the Internet, which is why it is still used by many vendors. It's difficult to say how the product would fare if you turned off the browser protection -> probably the Level 1 will be switched to Level 2. Such a test is feasible and without significant changes to the backend in our test system.
 

ErzCrz

Level 12
Verified
Top poster
Well-known
Aug 19, 2019
593
Interesting seeing Comodo detection only 9% at Level 1 and then 91% at level 3. Shows that mainly reliant on containment these days but it did still block everything. Compared to 40% and 60% in July. Avast has a similar separation of 25% and 75%. It would be good to see MD back in these tests but good to see another report come out :D