What is the certificate?

The AVLab’s certificate issued since 2019 confirms suitability of tested solution in protection against malicious software and cyberattacks.

Why is it worth having the certificate?

  • Join the developers certificated by the independent organization.
  • Use the certificate for marketing purposes, e.g. place it on your website, promote your company in a magazine, allow potential customers to see that you own a reputable solution.
  • Safely test out your solution in a controlled environment.
  • Receive feedback and improve the effectiveness of security product.

Does the certificate cost anything?

The certificate is granted free of charge. The only fee you have to pay is for carrying out tests.

A fee for tests is not strictly equivalent to granting the certificate.

A very small fee treated by both parties as a compensation for work and improvement of users safety. Without a financial help, it would not be possible to maintain the infrastructure, continuously improve procedures and necessary tools that are needed for carrying out tests.

How to get the certificate?

All you need to do is send us the so-called indicators that will help to establish the reaction of tested solution to malicious software or cyberattacks. We will do the rest.

How we test?

After the tests you will get access to:

  • Malware samples used.
  • Logs of tested solution saved.
  • Report on recorded indicators.
  • Report containing the activity of malicious software.
  • Report on other modifications in the operation system.

Obtaining the certificate

In order to obtain the AVLab’s certificate, tested solution must be extraordinarily effective at blocking cyberattacks and malicious software.
Recommendations are granted on the basis of the predefined threshold:

The Certificate EXCELLENT
for the result of 100%.

The Certificate SUPERIOR
for the result of at least 95%.

The Certificate VALUABLE
for the result of at least 90%.

If you are interested in our offer or want to get more information...

Example indicators


We can completely automate security tests carried out. For instance, we are able to record events of blocking an attack by a specific technology implemented in a product. If a product reacts to a malicious modification of the system, this kind of information is saved in the Windows event log or the local logs of the protection solution. We can capture such modification using the Windows API. For example, the activity of moving a virus to quarantine or running malware in a sandbox will cause the reading of a relevant key from the Windows registry or executing an action by a process. Then, we can mark recorded indicators as a detected attack, a blocked network connection, or an infected file removal. Here are some example indicators:

 ESET Internet Security:

C:\ProgramData\ESET\ESET Security\Logs\virlog.dat Malware was removed or cured
*AppData\Local\ESET\ESET Security\Quarantine Malware was quarantined
C:\ProgramData\ESET\ESET Security\epfwlog.dat Blocking of traffic by a firewall
C:\ProgramData\ESET\ESET Security\Logs\urllog.dat Blocking of malware on a website

Sophos Endpoint Protection:

C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTEDInformation on a quarantine
HKLM\SOFTWARE\WOW6432Node\Sophos\SAVService\ThreatLifetime\ThreatsMessage about a threat found
C:\ProgramData\Sophos\Health\Event Store\Incoming\SAV-{67E677B9-A7CC-4136-B97E-B901C48655DC}.jsonThreat found
HKLM\SOFTWARE\WOW6432Node\Sophos\Health\ThreatNotification\SeverityThreat notification
HKLM\SOFTWARE\WOW6432Node\Sophos\SAVService\Status\Infected\*Elevated security status
C:\ProgramData\Sophos\Sophos Anti-Virus\Temp\*Information on a threat

Comodo Internet Security:

C:\ProgramData\Comodo\Cis\Quarantine\*Malware was quarantined
C:\VTRoot\*Virus was run in a sandbox
C:\ProgramData\Comodo\Firewall Pro\cislogs.sdbInformation on an event in a firewall
HKLM\SYSTEM\VritualRoot\*Information on running in a sandbox