Recent Results in May 2024

Latest DATA FROM the advanced in-the-wild malware test

Summary of May 2024

tested
solutions
10
unique
SAMPLES
500
malware hosted over HTTP
480
malware hosted over HTTPS
30
average malicious changes [1]
30

PRE-LAUNCH level prevention

67 %

POST-LAUNCH level protection

38 %

average blocked malware [2]

99 %

Potential data breaches

1
50 s

Average Industry
Remediation Time

* based on data telemetry

0.58 s

The quickest average remediation time

mcafee logo
[1] The number of harmful changes made to Windows during dynamic analysis of the malware sample.
[2] Average blocking of malware by all tested solutions, regardless of level of prevention or protection.

TOP 3

HIJACKED SERVERS LOCATION

170
76
75

TOP 3

TLD COMPROMISED DOMAINS​

.com

150

.org

9

.st

8

TOP 10

FASCINATING SIGNATURES

Generic.AsyncRAT.Marte.B.6010B1E7
Trojan.Ransom.CryptConsole.20
Trojan.Ransom.BlackSuit.7
Trojan.UserStartup.EDDFCF
Trojan.Metasploit.A
DeepScan:Generic.Malware.SFL.4084ED09
Trojan.Ransom.Loki.D4C47
HEUR.RoundKick.W
Backdoor.IRCBot.ADEQ
HEUR.VBA.Trojan.d

* data based on the mks_vir engine

LOLBins in statistical terms

Legitimate and trusted software and built-in components in Windows are often used by cybercriminals to hide malicious activity. The so-called “Living off the Land Binaries” (LOLBin) are necessary for the proper functioning of the operating system. During a cyberattack, it can be difficult or impossible to block them, making them a very attractive method for malware developers. Below we present the most commonly used LOLBin in this edition of the test.

svchost.exe
5959
cmd.exe
4001
sc.exe
2368
schtasks.exe
1334
rundll32.exe
1076
consent.exe
814
tor.exe
417

Malware Comparison Table in May 2024

The following summary shows a comparison of tested solutions to protect workstations against malware. We encourage you to become familiar with a detailed description and read our testing methodology in order to understand the results.

PRE-LAUNCH: The classification concerns detecting malware samples before they are launched in the system.
POST-LAUNCH: The analysis level, i.e. a virus has been run and blocked by a tested product.
FAIL: The failure, i.e. a virus hasn’t been blocked and it has infected a system.
Sandbox Column: Number of indicators, i.e. malicious changes made to the system without the anti-virus installed.

Automatic Average Remediation Time (RT): The time expressed in seconds counted from the introduction of malware into the system by the browser, through the launch to the detecting and resolving a security incident.

Certificates are granted to solutions that are characterized by a high level of security, with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.

Our tests comply with the guidelines of the Anti-Malware Testing Standards Organization.
Details about the test are available at this website as well as in our methodology.

Recent Results in May 2024

Avast Free Antivirus
excellent
PRE-LAUNCH:
60.06%
POST-LAUNCH:
39.94%

Blocked: 521/521
Total: 100%
RT: 8.2 seconds

Bitdefender Total Security
excellent
PRE-LAUNCH:
97.98%
POST-LAUNCH:
2.02%

Blocked: 521/521
Total: 100%
RT: 0.851 second

Comodo-logo.svg
Comodo Internet Security Pro (2024)
excellent
PRE-LAUNCH:
28.39%
POST-LAUNCH:
71.61%

Blocked: 521/521
Total: 100%
RT: 138 seconds

Emsisoft Enterprise Security + EDR
excellent
PRE-LAUNCH:
35.61%
POST-LAUNCH:
64.39%

Blocked: 521/521
Total: 100%
RT: 114 seconds

Eset Smart Security Premium
excellent
PRE-LAUNCH:
54.88%
POST-LAUNCH:
34.93%
FAIL:
0.19%

Blocked: 520/521
Total: 99.81%
RT: 1.936 seconds
FAIL: 1

F-Secure Total
excellent
PRE-LAUNCH:
68.63%
POST-LAUNCH:
31.13%
FAIL:
0.19%

Blocked: 520/521
Total: 99.81%
RT: 1.532 second
FAIL: 1

Malwarebytes Premium
excellent
PRE-LAUNCH:
78.32%
POST-LAUNCH:
21.38%

Blocked: 521/521
Total: 100%
RT: 44 seconds

mcafee logo
McAfee Total Protection
excellent
PRE-LAUNCH:
99.3%
POST-LAUNCH:
0.7%

Blocked: 521/521
Total: 100%
RT: 0.592 second

Panda-Security-logo
Panda Dome Advanced
PRE-LAUNCH:
77.83%
POST-LAUNCH:
21.05%
FAIL:
1.12%

Blocked: 514/521
Total: 98.88%
RT: 40 seconds
FAIL: 7

Quick Heal Total Security
excellent
PRE-LAUNCH:
80.52%
POST-LAUNCH:
19.48%

Blocked: 521/521
Total: 100%
RT: 11.3 seconds

ThreatDown Endpoint Protection + EDR
excellent
PRE-LAUNCH:
80.22%
POST-LAUNCH:
19.78%

Blocked: 521/521
Total: 100%
RT: 36 seconds

Webroot Antivirus
excellent
PRE-LAUNCH:
41.99%
POST-LAUNCH:
58.01%

Blocked: 521/521
Total: 100%
RT: 95 seconds

Xcitium ZeroThreat Advanced + EDR
excellent
PRE-LAUNCH:
18.18%
POST-LAUNCH:
81.82%

Blocked: 521/521
Total: 100%
RT: 39 seconds

Related Publication in Details

Dive into our latest publication, dedicated to security test against malware. Uncover analyses, methodology, and results that provide invaluable insights into the latest edition of the Advanced In-The-Wild Malware Test.

See the previous results

You can always go back in time and check how each individual security product performed during previous editions of the test. We make the results from all previous tests available to you to verify if your favorite developer has improved protection against latest malware in his security software.