Recent Results in March 2026
Latest DATA FROM the advanced in-the-wild malware test
Summary of March 2026
tested
solutions
unique
SAMPLES
malware hosted over HTTP
malware hosted over HTTPS
average malicious changes [1]
WEB-LAYER PROTECTION
RUNTIME DEFENSE
average blocked malware [2]
Potential data breaches
Average Industry
Remediation Time
* based on data telemetry
The quickest average remediation time
[2] Average blocking of malware by all tested solutions, regardless of level of prevention or protection.
- Remember! HTTPS protocol can be used to host malware! SSL certificate and the so-called padlock at the web address does not certify safety of the website.
TOP 3
HIJACKED SERVERS LOCATION
TOP 3
TLD COMPROMISED DOMAINS
.com
.de
.net
Examples illustrating the blocking of malware in the test
LOLBins in statistical terms
Legitimate and trusted software and built-in components in Windows are often used by cybercriminals to hide malicious activity. The so-called “Living off the Land Binaries” (LOLBin) are necessary for the proper functioning of the operating system. During a cyberattack, it can be difficult or impossible to block them, making them a very attractive method for malware developers. Below we present the most commonly used LOLBin in this edition of the test.
Malware Comparison Table in March 2026
The following summary shows a comparison of tested solutions to protect workstations against malware. We encourage you to become familiar with a detailed description and read our testing methodology in order to understand the results.
WEB-LAYER PROTECTION: The classification concerns detecting malware samples before they are launched in the system.
RUNTIME DEFENSE: The analysis level, i.e. a virus has been run and blocked by a tested product.
SYSTEM COMPROMISE: The failure, i.e. a virus hasn’t been blocked and it has infected a system.
Sandbox Column: Number of indicators, i.e. malicious changes made to the system without the anti-virus installed.
Automatic Average Remediation Time (RT): The time expressed in seconds counted from the introduction of malware into the system by the browser, through the launch to the detecting and resolving a security incident.
Remediation Time (RT) Legend
The time expressed in seconds from the introduction of malware into the system by a browser, through the launch, to detection and reaction by product on a security incident. The Remediation Time may depend on the real activity of the malware, which may increase calculated time.
EXCELLENT Certificate
Awarded to security solutions that demonstrate a high level of protection, achieving a minimum 99.6% malware blocking rate through effective Web-Layer and Runtime Defense, including automated remediation.
Recent Results in March2026
enterprise products
Elastic Defend
Blocked: 421/421
Total: 100%
RT: 3.05 seconds
Emsisoft Enterprise Security + EDR
Blocked: 421/421
Total: 100%
RT: 4.67 seconds
Microsoft Defender Business + EDR
Blocked: 421/421
Total: 100%
RT: 0.12 seconds
mks_vir Endpoint Security + EDR
Blocked: 421/421
Total: 100%
RT: 0 second
ThreatDown Endpoint Protection + EDR
Blocked: 421/421
Total: 100%
RT: 1.46 seconds
home products
Avast Free Antivirus
Blocked: 420/421
Total: 99.76%
RT: 0 second
FAIL: 1
CatchPulse Pro
Blocked: 421/421
Total: 100%
RT: 26 seconds
Bitdefender Total Security
Blocked: 421/421
Total: 100%
RT: 0 seconds
Eset Smart Security
Blocked: 421/421
Total: 100%
RT: 0 seconds
F-Secure Total
Blocked: 421/421
Total: 100%
RT: 7.6 seconds
K7 Total Security
Blocked: 421/421
Total: 100%
RT: 0.415 second
Kaspersky Plus
Blocked: 421/421
Total: 100%
RT: 0.28 second
Malwarebytes Premium
Blocked: 421/421
Total: 100%
RT: 0.508 seconds
Norton Antivirus Plus
Blocked: 421/421
Total: 100%
RT: 0.969 second
Surfshark One
Blocked: 419/421
Total: 99.52%
RT: 14.9 second
FAIL: 2
Trend Micro Internet Security
Blocked: 420/421
Total: 99.76%
RT: 0.192 seconds
FAIL: 1
Webroot Antivirus
Blocked: 421/421
Total: 100%
RT: 0.308 second
Related Publication in Details
Dive into our latest publication, dedicated to security test against malware. Uncover analyses, methodology, and results that provide invaluable insights into the latest edition of the Advanced In-The-Wild Malware Test.
The Advanced In-The-Wild Malware Test is conducted in accordance with AMTSO testing guidelines and complies with Microsoft Virus Initiative requirements.
See the previous results
You can always go back in time and check how each individual security product performed during previous editions of the test. We make the results from all previous tests available to you to verify if your favorite developer has improved protection against latest malware in his security software.