PL
PL

Recent Results in January 2025

Latest DATA FROM the advanced in-the-wild malware test

Summary of January 2025

tested
solutions
11
unique
SAMPLES
701
malware hosted over HTTP
661
malware hosted over HTTPS
0
average malicious changes [1]
11

PRE-LAUNCH level prevention

51 %

POST-LAUNCH level protection

23 %

average blocked malware [2]

94 %

Potential data breaches

0
74 s

Average Industry
Remediation Time

* based on data telemetry

0.054 s

The quickest average remediation time

[1] The number of harmful changes made to Windows during dynamic analysis of the malware sample.
[2] Average blocking of malware by all tested solutions, regardless of level of prevention or protection.
  • Remember! HTTPS protocol can be used to host malware! SSL certificate and the so-called padlock at the web address does not certify safety of the website.

TOP 3

HIJACKED SERVERS LOCATION

0
0
0

TOP 3

TLD COMPROMISED DOMAINS​

.com

0

.net

0

.ru

0

Examples illustrate blocking of malware in the test

LOLBins in statistical terms

Legitimate and trusted software and built-in components in Windows are often used by cybercriminals to hide malicious activity. The so-called “Living off the Land Binaries” (LOLBin) are necessary for the proper functioning of the operating system. During a cyberattack, it can be difficult or impossible to block them, making them a very attractive method for malware developers. Below we present the most commonly used LOLBin in this edition of the test.

Download LOLBins overview
certutil.exe
2517
schtasks.exe
1667
consent.exe
1432
rundll.32
742
powershell.exe
366
wscript.exe
237

Malware Comparison Table in January 2025

The following summary shows a comparison of tested solutions to protect workstations against malware. We encourage you to become familiar with a detailed description and read our testing methodology in order to understand the results.

PRE-LAUNCH: The classification concerns detecting malware samples before they are launched in the system.
POST-LAUNCH: The analysis level, i.e. a virus has been run and blocked by a tested product.
FAIL: The failure, i.e. a virus hasn’t been blocked and it has infected a system.
Sandbox Column: Number of indicators, i.e. malicious changes made to the system without the anti-virus installed.

Automatic Average Remediation Time (RT): The time expressed in seconds counted from the introduction of malware into the system by the browser, through the launch to the detecting and resolving a security incident.

Certificates are granted to solutions that are characterized by a high level of security, with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.

Our tests comply with the guidelines of the Anti-Malware Testing Standards Organization.
Details about the test are available at this website as well as in our methodology.

DOWNLOAD COMPARISON TABLE

Recent Results in January 2025

Acronis Cyber Protect
excellent
PRE-LAUNCH:
55.47%
POST-LAUNCH:
44.53%

Blocked: 759/759
Total: 100%
RT: 14.7 seconds

Avast Free Antivirus
excellent
PRE-LAUNCH:
55.99%
POST-LAUNCH:
44.01%

Blocked: 759/759
Total: 100%
RT: 17.9 seconds

Bitdefender Total Protection
excellent
PRE-LAUNCH:
97.23%
POST-LAUNCH:
2.77%

Blocked: 759/759
Total: 100%
RT: 1.8 seconds

Cisco Secure Endpoint Advantage
excellent
PRE-LAUNCH:
94.33%
POST-LAUNCH:
5.14%
FAIL:
0.53%

Blocked: 755/759
Total: 99.47%
RT: 3.9 seconds
FAIL: 4

Comodo-logo.svg
Comodo Internet Security 2025
excellent
PRE-LAUNCH:
34.26%
POST-LAUNCH:
65.74%

Blocked: 759/759
Total: 100%
RT: 165 seconds

Emsisoft Enterprise Security + EDR
excellent
PRE-LAUNCH:
27.27%
POST-LAUNCH:
72.73%

Blocked: 759/759
Total: 100%
RT: 180 seconds

F-Secure Total
excellent
PRE-LAUNCH:
73.12%
POST-LAUNCH:
26.88%

Blocked: 759/759
Total: 100%
RT: 1.05 seconds

K7 Total Security
excellent
PRE-LAUNCH:
59.03%
POST-LAUNCH:
40.97%

Blocked: 759/759
Total: 100%
RT: 11.8 seconds

Malwarebytes Premium
excellent
PRE-LAUNCH:
62.98%
POST-LAUNCH:
38.02%

Blocked: 759/759
Total: 100%
RT: 83 seconds

ThreatDown Endpoint Protection + EDR
excellent
PRE-LAUNCH:
64.56%
POST-LAUNCH:
35.44%

Blocked: 759/759
Total: 100%
RT: 79 seconds

WatchGuard Endpoint Protection + Detection and Response
excellent
PRE-LAUNCH:
87.37%
POST-LAUNCH:
12.65%

Blocked: 759/759
Total: 100%
RT: 0.013 seconds

Webroot Antivirus
excellent
PRE-LAUNCH:
42.42%
POST-LAUNCH:
57.58%

Blocked: 759/759
Total: 100%
RT: 112 seconds

Xcitium ZeroThreat Advanced + EDR
excellent
PRE-LAUNCH:
5.8%
POST-LAUNCH:
94.2%

Blocked: 759/759
Total: 100%
RT: 139 seconds

ZoneAlarm Extreme Security NextGen
excellent
PRE-LAUNCH:
66.53%
POST-LAUNCH:
33.33%
FAIL:
0.13%

Blocked: 758/759
Total: 99.87%
RT: 31 seconds
FAIL: 1

Related Publication in Details

Dive into our latest publication, dedicated to security test against malware. Uncover analyses, methodology, and results that provide invaluable insights into the latest edition of the Advanced In-The-Wild Malware Test.

read more

Additional Files

See the previous results

You can always go back in time and check how each individual security product performed during previous editions of the test. We make the results from all previous tests available to you to verify if your favorite developer has improved protection against latest malware in his security software.

recent results
November 2024
September 2024
July 2024
May 2024
March 2024
January 2024
November 2023
September 2023
July 2023
May 2023
March 2023
January 2023
november 2022
SEPTEMBER 2022
JULY 2022
May 2022
March 2022
January 2022
November 2021
September 2021
July 2021
May 2021
March 2021
january 2021
NOVEMBER 2020
september 2020
JULY 2020
MAY 2020
MARCH 2020
JANUARY 2020
NOVEMBER 2019
september 2019
JULY 2019

The contents of the website is legally protected © 2025 | AVLab Cybersecurity Foundation | Privacy policy

Menu

Tests

AWARDS