The September ranking of security software for small, medium, and large enterprises was prepared by analyzing malware on Windows 10 with protection products installed. This was already the 20th edition of the Advanced In the Wild Malware Test, designed to test applications from different developers in the long term. In September 2022 we used 2081 malware samples obtained from the wild.
The names of tested software in September are listed below. We intentionally do not provide version number because the testing system updates them once a day:
- Avast Free Antivirus
- Avira Antivirus Pro
- CatchPulse (formerly SecureAPlus Pro, check out why)
- Emsisoft Business Security (for enterprises)
- Malwarebytes Premium
- Malwarebytes Endpoint Protection (for enterprises)
- Mks_vir Endpoint Security (for enterprises)
- Microsoft Defender (Windows 10 with SmartScreen enabled)
- Webroot Antivirus
- Xcitium ZeroThreat Advanced (former name after rebranding: Comodo Advanced Endpoint Protection)
- Xcitium Internet Security (formerly Comodo Internet Security)
Unlike other testing laboratories, we try to make our tests fully transparent, so we provide a complete list of virus samples and never share unnecessary technical information.
Key information and all test results are available on the page with RECENT RESULTS. A complete list of malware samples with the results for each individual developer is available in MALWARE COMPARISON TABLE.
Additional configuration
We usually use the default settings. If you want to learn more about capturing malware, analysis on Windows, and the entire algorithm of actions, please check out our methodology.
Results – September 2022
In the summary of each analyzed malware sample, we consider the stage at which it has been detected and blocked.
PRE-LAUNCH: the situation before malware is launched in the system. This may be the moment when a downloaded file through a browser fails to run because of antivirus protection, and also when a file is moved to quarantine just after being saved on the disk.
POST-LAUNCH: the situation in which harmful actions are detected and stopped after malware is run. This is the most dangerous situation – our tests reflect daily behavior of a user, so the purpose of a security product is to protect against threats even in such circumstances.
In September, almost developers have proven the superiority of their solutions over the set of malware samples. Except for Trend Micro because for three test cases we have not found any response to running malware in Windows 10.
Security solutions often come with machine learning for detecting threats without using signatures (Post-Launch level), artificial intelligence that correlates events from the entire system, scanners, and sandboxes in the cloud, etc.
In software for enterprises that we also test, we have the EDR modules. In general, Endpoint Detection and Response is designed to facilitate decision-making based on threat indicators logged in the console. This functionality allows better management of incidents, search for trace of intrusion and attacks at every endpoint.
The leaders in malware blocking at the Pre-Launch level are mks_vir Endpoint Protection (99.86%) and Trend Micro Maximum Security (99.85%). We mean the stage when a threat is blocked by available security technologies before it is run.
For other solutions, the final result is very similar, but the devil is in the details because there are many cases where threats are blocked immediately after being run after a deep analysis.
In conclusion, in September 2022 nearly all tested products achieved the maximum score of 100% threats blocked (except Trend Micro). Based on the logs that we share with developers, our system summarized tens of thousands of test data: 11 products multiplied by 2185 threats gives 22 891 test cases that has been performed by the AVLab testing system.
The differences are marginal, so we encourage you to perform own analysis when choosing software. The effectives of protection is very important, but also other aspects such as warranty, technical support, user-friendly interface, performance, online banking protection, management console, EDR module, etc.