How we test antivirus? The making of CheckLab, a website dedicated to security tests

1 września 2019

Why did we appoint a new organization with the website?

A mysterious CheckLab logo occupies prominent place in the footer for a long time. It is not without reason, because it is a graphical announcement of a professional services of security tests. This dedicated website is entirely devoted to one area exclusively that is precisely oriented towards technical aspects of testing solutions for protecting workstations and personal computers.

The CheckLab organization was founded in July 2019 by the company operating since 2012 in the industry of informatics security. The primary objective of the CheckLab organization is to test security usefulness, and issuing certificates confirming the protection effectiveness against malware, and also provide results to public information while ensuring the maximum transparency of the tests. There is so much additional information related to tests so we have decided to prepare a supporting website.

To explain how complicated the procedure of test automation is, we must describe a few problems with which we have been struggling while monitoring activity of antivirus products and malicious software in real time. In fact, here we describe what needs to be done to interest big international corporations which provide their security solutions and services for business in such small company that is AVLab. In addition, in this article we want to share our knowledge, and at the same time make readers aware of the fact how many issues have turned out to be complex, and how much time we had to spend on apparently insignificant problems. It is our first big project that is why engineering  approach has revealed extent of problems.

All instructions regarding the methodology and tools used in tests were published on the website

We have been working on the CheckLab project for over two years. In that time, we have been able to program scripts in NodeJS and Python programming languages which manage the whole procedure of testing. The CheckLab website is also very important. It visualizes interesting test data, and everything that happens in the invisible layer which is a backend.

Testing environment: VMware, Citrix or VirtualBox?

The beginnings were difficult. We had to start with selecting a hypervisor for a machine management. For licensing reasons, we have chosen free VirtualBox Initially it has met our requirements – it has got all we need which is an access to snapshots and management from the command line. In addition, VirtualBox is free for commercial purposes. Either way, after a few weeks of testing, we have registered too many unexpected errors. The virtualizer has been hanging up at random moments. It could not handle managing multiple machines at the same time. The VirtualBox technology was rough around the edges and highly inefficient. We believe that VirtualBox is good solution, but designed for smaller projects or for home use. Then we tried VMware Workstation Pro and Citrix XenServer. We have decided on VMware, because it was easier to use, has greater community support, and fit in better with our demands.

Dobór systemu operacyjnego jest ważny. Zdecydowaliśmy się na Windows 10 Pro, ponieważ jest najbardziej przyszłościowy.

The application which is launched in the terminal you see on the left side of the screenshot, has been written in NodeJS and Python programming languages. Its task is to, among others, optimize available resources, e.g. to prevent hanging up systems or other unplanned downtime.

Our testing system can be launched on any Linux distribution. Even on a home computer that can handle at least one virtual system. In the current version, the application is scalable that is why it can use the available resources on a traditional dedicated server or the cloud server. High computing power is necessary if there are dozens of machines operating at the same time. From experience we already know that very high-speed drives are the most important. Hard drives such as SAS Enterprise don’t have enough processing speed. Same with SSD SATA III. The best suited are commercial NVMe drives which are available, for example, in the offer of OVH, Hetzner, or Oktawave. A CPU and RAM play a big role. The more resources the more efficiently a guest system can work. At the moment, we have a server with dozens of CPU cores, very high-speed drives, and enough amount of RAM to run multiple machines at the same time.

The testing system consists of several components

The whole testing application is like one organism composed of individual elements in which each operates separately and at the same time cooperates with other. Actually, we have created application that does exactly the same thing as a man, but incomparably faster and more efficiently, because at the same time it can manage an unlimited number of virtual machines — it performs large number of operations as it is not limited by human biomechanics.

The elements of which our applications for tests is composed:


The local DNS and HTTP/S server

The local DNS and HTTP/S server is responsible for “exposing” malware samples to random URL address that is transferred to a component that manages tests. From this URL address virus is downloaded to the operating system through the Chrome browser.

Dzięki własnemu serwerowi DNS i HTTP/S mamy kontrolę nad ruchem sieciowym.


Honeypot network

Samples used in our tests come from attacks on honeypots. Honeypots are traps whose task is to simulate target vulnerable to attacks and capture malicious software. We use low and high interactive honeypots. All of them emulate services such as: SSH, HTTP, HTTPS, SMB, FTP, TFTP, real Windows systems, and email servers.

Mapa wskazuje na lokalizacje serwerów, które pełnią rolę honeypotów.Sumy kontrolne szkodliwego oprogramowania na jednym z honeypotów.



It is this element of the application that logs into the honeypots once a day, and downloads captured malicious software. Then it calculates the checksum of every file and compares it against those in the database. Recipients of our tests are sure that we will never analyze two identical viruses.

Najpierw aplikacja loguje się do honeypota i pobiera przechwycone złośliwe oprogramowanie.



It is the most important element of the application. It automates the whole test procedure:

  • Manages the honeypot network.
  • Manages downloading malicious software.
  • Analyses malicious software in Windows 10 to see if every virus is suitable for tests (i.e. if it is able to infect Windows 10).
  • Manages virtual machines.
  • Performs automatic operations of testing virus samples on all security products in every machine.
  • Analyses logs passing them from guest to host systems.
  • Manages logs of tested security solutions.
  • Sends diagnostic information to the database after analysis of each virus sample is completed.

Próbka szkodliwego oprogramowania jest pobierana do systemu przez prawdziwą przeglądarkę Chrome.

The manager uses the VMware API to ensure that the machines are run at the same time. It responds to errors in analysis, and if necessary, it repeats operations (e.g. if the system freezes for some reason). That way, malicious software is set in the queue, so we know for sure that all protection solutions will be tested at the same time on the same virus sample.



It is a very important element of the testing system that firstly logs events performed in Windows 10 by malicious software, and secondly picks up information on reaction of a security product to malicious software.

Logi ze systemu Windows zawierają informacje o tym, czy testowane rozwiązanie wykryło zagrożenie. W tym konkretnym przykładzie analizator „widzi”, że oprogramowanie Bitdefender przeniosło wirusa do kwarantanny.



On the basis of implemented guideline, it decides whether malicious software has infected a system, and whether a security product has reacted to a virus. The script searches logs for a virus activity, and reaction of a security product on a malicious activity. Indicators got that way are transmitted to the database.

Przykładowa aktywność jednej z próbek ransomware. Parser wykrył 796 potencjalnych wskaźników złośliwego oprogramowania.


Thanks to the website, we don’t have to manually filter the database. At this level, we have an access to details from the backend. Diagnostic data allow to visualize results in the form of charts and tables.

The CheckLab website.

Detailed methodology

This is an article describing the genesis of the CheckLab project. We do not want it to be crammed with technical information, because there is just a lot of it. Detailed methodology can be found at the website in the section:

These problems have given us a hard time

It was hard. Sometimes very difficult. Not once we have hit a dead end. We have not given up. This required dozens hours of testing, checking many settings in the system, and improving scripts for automation.

Problems that have given us really a hard time are described below. Please consider that probably not all events occur when using computer on a regular basis. They have caught us a little by surprise only if we wanted to automate all operations using VMware API:

  • Disabling UAC in the control panel haven’t been respected under some file-virus extensions. The solution to the problem was disabling UAC in the Windows registry. Otherwise, we have not been able to skip confirmation of UAC through VMware API.
  • Downloading malicious software via the Chrome browser was one of the challenging procedures to automate. Why? If a file contains any extension, in new versions of Chrome (also in Firefox) it is not possible to disable the pop-up informing of a file harmfulness – even when the chrome://settings flag is disabled that is responsible for security.
  • The machines are managed by API of the VMware software. The problem is that we do notreally know when the network service is up and running after logging into the system. Consequently, it was not possible to automate steps from running a browser to downloading a virus with the „chrome.exe hxxp://IP/malware_sampledoc” parameter. This method has not worked, because the network service was not ready for operation within the first few seconds after logging.
  • Disabling the Windows Defender antivirus was effective only after changing options in Group Edit.  Antivirus would interfere with analyzing malicious software, and send files to the Microsoft cloud. We did not want that. One of the machines act as a sandbox-system without any security product. We analyze malware for malicious activity, that is why the Microsoft’s native protection would interfere with the tests.
  • Running viruses through API has not been optimal method of representing the real situation. Instead, we have improved procedure, and we are currently doing this as if a user runs any programs in a system, clicking on folders and applications.
  • Logging certain event was not possible when actions were performed with the ring(-1) privileges at the VMware API level. The hypervisor works “below” the Windows system, that’s why some events cannot be recorded in Windows. We have moved away from doing anything using this method. Instead, we have focused on processes and services in Windows that natively run malicious software and analyze logs.
  • Using free solution to analyze logs has appeared to be too complicated or impossible, bearing in mind our requirements. We needed a tool which will be doing particular things – not just analyzing events of malware, but above all detecting product reaction to a malicious file (i.e. whether antivirus has displayed a warning pop-up or moved a file to a quarantine).
  • Tests with a number security products have required a dedicated server, which unfortunately significantly increased the project costs. At this moment, our testing application manages available resources, and runs the optimal number of machines at one time — just in case to avoid an unplanned freeze of the system or the hypervisor. — the results of over 1000 working hours

The results of our work can be seen on the website The English version is also available at

We attach a few screenshots from the backend. We can’t show everything, because programming some components cost a lot of money, so it is covered by the trade secret.

Wynik działania ransomware jest przekazywany z Windows do hosta w celu parsowania logów.Prawidłowa reakcja antywirusa Avast na zagrożenie. Kopiujemy logi systemowe oraz logi antywirusa do hosta w celu parsowania.W hoście mamy zapisane szczegółowe logi dla pełnej transparentności oraz uzyskania dokładnych wyników.

Below, we include exemplary output of the testing system. With such details, every developer will be able to analyze all inconsistencies of each tested malware samples. In the following example is the results of Avast Free Antivirus.

[2019-07-23 17:09:57.120] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Fetching snapshots for machine
[2019-07-23 17:09:57.617] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Does snapshot przed exists? Answer: true
[2019-07-23 17:09:57.618] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Snapshot przed found
[2019-07-23 17:09:58.034] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Does snapshot przed_2019-07-22 exists? Answer: false
[2019-07-23 17:09:58.442] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Does snapshot przed_2019-07-23 exists? Answer: true
[2019-07-23 17:09:58.443] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Prepare to restore snapshot: przed_2019-07-23
[2019-07-23 17:09:58.864] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Snapshot has been restored
[2019-07-23 17:09:58.865] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Start tests!
[2019-07-23 17:09:58.866] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Prepare to restore snapshot: przed_2019-07-23
[2019-07-23 17:09:59.300] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Snapshot has been restored
[2019-07-23 17:09:59.301] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Going to start VM
[2019-07-23 17:10:08.093] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - VM has been started
[2019-07-23 17:10:08.095] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for it, next copyWhiteList function call in: in 2 minutes, countdown...
[2019-07-23 17:10:38.101] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next copyWhiteList function call for: in 2 minutes
[2019-07-23 17:11:08.099] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next copyWhiteList function call for: in a minute
[2019-07-23 17:11:38.102] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next copyWhiteList function call for: in a few seconds
[2019-07-23 17:12:08.098] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Starting copy whitelist files from /home/test/BackEnd-develop/src/vmwarerunner/whitelist to C:UsersperunDocumentsavobserwator
[2019-07-23 17:12:08.107] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Found 1 files to copy
[2019-07-23 17:12:08.950] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Starting download gFY6J_2019-07-23_exe from to C:UsersperunDownloads
[2019-07-23 17:12:20.845] [WARN] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Chrome killed, file should be downloaded and saved
[2019-07-23 17:12:20.847] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Start checking if file: gFY6J_2019-07-23_exe exists in C:UsersperunDownloadsgFY6J_2019-07-23_exe
[2019-07-23 17:12:21.390] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File gFY6J_2019-07-23_exe has been checked and it's in path C:UsersperunDownloadsgFY6J_2019-07-23_exe
[2019-07-23 17:12:21.391] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Starting move gFY6J_2019-07-23_exe from C:UsersperunDocumentsavsrc to C:UsersperunDocumentsavdst
[2019-07-23 17:12:22.872] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File gFY6J_2019-07-23_exe moved to C:UsersperunDocumentsavdst as gFY6J_2019-07-23_exe.exe
[2019-07-23 17:12:22.873] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Start checking if file: gFY6J_2019-07-23_exe exists in C:UsersperunDocumentsavdstgFY6J_2019-07-23_exe.exe
[2019-07-23 17:12:23.470] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File gFY6J_2019-07-23_exe has been checked and it's in path C:UsersperunDocumentsavdstgFY6J_2019-07-23_exe.exe
[2019-07-23 17:12:23.471] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Start runObserver, timeout: 5 minutes
[2019-07-23 17:12:24.143] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for it, next runSample function call in: in a few seconds, countdown...
[2019-07-23 17:12:36.152] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Starting sample: gFY6J_2019-07-23_exe.exe
[2019-07-23 17:12:38.029] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Sample executed
[2019-07-23 17:12:38.029] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for it, next finishObserver function call in: in 5 minutes, countdown...
[2019-07-23 17:13:08.032] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 5 minutes
[2019-07-23 17:13:38.034] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 4 minutes
[2019-07-23 17:14:08.036] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 4 minutes
[2019-07-23 17:14:38.037] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 3 minutes
[2019-07-23 17:15:08.038] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 3 minutes
[2019-07-23 17:15:38.039] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 2 minutes
[2019-07-23 17:16:08.041] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in 2 minutes
[2019-07-23 17:16:38.043] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in a minute
[2019-07-23 17:17:08.044] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Wait for next finishObserver function call for: in a few seconds
[2019-07-23 17:17:41.965] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Observer terminated
[2019-07-23 17:17:47.638] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Report converted
[2019-07-23 17:17:48.208] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] We are going to copy raport_timeline.csv file to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/
[2019-07-23 17:17:50.969] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File copied as /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/
[2019-07-23 17:17:50.970] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Moving sample file from /home/test/BackEnd-develop/src/../malware/sandbox/2019-07-23/gFY6J_2019-07-23_exe to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/gFY6J_2019-07-23_exe
[2019-07-23 17:17:50.972] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File gFY6J_2019-07-23_exe successfully moved from pre_sandbox to sandbox
[2019-07-23 17:17:50.973] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Starting to parse report /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/
[2019-07-23 17:17:52.435] [DEBUG] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Report parsed, and have 228 indicators
[2019-07-23 17:17:53.647] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogAmsi.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogAmsi.log
[2019-07-23 17:17:54.408] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastloganen.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastloganen.log
[2019-07-23 17:17:55.050] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogarpot.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogarpot.log
[2019-07-23 17:17:55.708] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogaswAr.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogaswAr.log
[2019-07-23 17:17:56.876] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogAvastSvc.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogAvastSvc.log
[2019-07-23 17:17:57.751] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogAvastUI.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogAvastUI.log
[2019-07-23 17:17:58.380] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogBCUEngine-trace.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogBCUEngine-trace.log
[2019-07-23 17:17:59.021] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogBrowser-Cleanup.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogBrowser-Cleanup.log
[2019-07-23 17:17:59.658] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogBugReport.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogBugReport.log
[2019-07-23 17:18:00.285] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogBugReport.status copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogBugReport.status
[2019-07-23 17:18:00.910] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogccr.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogccr.log
[2019-07-23 17:18:01.550] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogCommChannel.Protocol.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogCommChannel.Protocol.log
[2019-07-23 17:18:02.176] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogcommonpriv.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogcommonpriv.log
[2019-07-23 17:18:02.819] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogcommonpriv.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogcommonpriv.log.lock
[2019-07-23 17:18:03.456] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogdetections.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogdetections.log
[2019-07-23 17:18:05.019] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogevent_manager.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogevent_manager.log
[2019-07-23 17:18:05.753] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogFilterEngine.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogFilterEngine.log
[2019-07-23 17:18:06.377] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogFwServ.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogFwServ.log
[2019-07-23 17:18:07.033] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogHns.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogHns.log
[2019-07-23 17:18:07.798] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogHtmlRemoteContent.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogHtmlRemoteContent.log
[2019-07-23 17:18:08.532] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidp-removal.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidp-removal.log
[2019-07-23 17:18:09.218] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidp2.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidp2.log
[2019-07-23 17:18:09.892] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagent.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagent.log
[2019-07-23 17:18:10.827] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagent.log.1 copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagent.log.1
[2019-07-23 17:18:11.880] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagent.log.2 copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagent.log.2
[2019-07-23 17:18:12.613] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagent.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagent.log.lock
[2019-07-23 17:18:13.426] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagentdetection.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagentdetection.log
[2019-07-23 17:18:14.160] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagentdetection.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagentdetection.log.lock
[2019-07-23 17:18:14.788] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagentmonitor.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagentmonitor.log
[2019-07-23 17:18:15.520] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpagentmonitor.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpagentmonitor.log.lock
[2019-07-23 17:18:16.143] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpluascript.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpluascript.log
[2019-07-23 17:18:16.801] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpluascript.log.1 copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpluascript.log.1
[2019-07-23 17:18:17.424] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogidpluascript.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogidpluascript.log.lock
[2019-07-23 17:18:18.115] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogjs_console.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogjs_console.log
[2019-07-23 17:18:18.831] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastloglim.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastloglim.log
[2019-07-23 17:18:19.457] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogmywin.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogmywin.log
[2019-07-23 17:18:20.116] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogopm.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogopm.log
[2019-07-23 17:18:20.739] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogprod_lis.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogprod_lis.log
[2019-07-23 17:18:21.364] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogpsi.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogpsi.log
[2019-07-23 17:18:21.987] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogpsi.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogpsi.log.lock
[2019-07-23 17:18:22.616] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogremoval.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogremoval.log
[2019-07-23 17:18:23.348] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogremoval.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogremoval.log.lock
[2019-07-23 17:18:23.974] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogRep.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogRep.log
[2019-07-23 17:18:24.598] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogscans.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogscans.log
[2019-07-23 17:18:25.239] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogsecapi.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogsecapi.log
[2019-07-23 17:18:25.974] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogsecapi.log.lock copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogsecapi.log.lock
[2019-07-23 17:18:26.595] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogselfdef.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogselfdef.log
[2019-07-23 17:18:27.223] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogStreamFilter.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogStreamFilter.log
[2019-07-23 17:18:27.865] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogStreamingUpdate.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogStreamingUpdate.log
[2019-07-23 17:18:28.489] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogszb.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogszb.log
[2019-07-23 17:18:29.111] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogUITracking.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogUITracking.log
[2019-07-23 17:18:29.739] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogUrlInfoQuery.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogUrlInfoQuery.log
[2019-07-23 17:18:30.363] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogvps.1.etl copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogvps.1.etl
[2019-07-23 17:18:31.004] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogvps.2.etl copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogvps.2.etl
[2019-07-23 17:18:31.628] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogvps.3.etl copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogvps.3.etl
[2019-07-23 17:18:32.253] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogvps.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogvps.log
[2019-07-23 17:18:32.943] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] File c:ProgramDataAVAST SoftwareAvastlogwsc.log copied to /home/test/BackEnd-develop/src/../malware/testing/Avast Free Antivirus/2019-07-23/8b124559bc26103c2a45f32af4d292567f8f0d63f2aa5ff439f8eb516199039f_gFY6J_2019-07-23_exe/17-09-57/c:ProgramDataAVAST SoftwareAvastlogwsc.log
[2019-07-23 17:18:32.944] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Indicators extracted, saving them into db
[2019-07-23 17:18:39.463] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Indicators saved in database
[2019-07-23 17:18:39.464] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Saving summary of indicators into db for Avast Free Antivirus
[2019-07-23 17:18:39.535] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Summary saved in database
[2019-07-23 17:18:39.536] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - [ID:16] Finished test
[2019-07-23 17:18:39.536] [INFO] [TESTING] [fc14cba4-aa85-4369-bceb-c7e907154bd3] [Avast Free Antivirus] - Going to shutdown VM

Functioning of our testing system in practice

First stage – sample verification. Testing application launches the analyzer: Sandbox. It is a normal operation system lacking in protection in which we check whether malware samples can move to the next stage (must be able to infect a system).


Second stage – antivirus testing. Testing application launches the analyzer: Testing. If a sample was malicious, it shall be subject to security testing with solutions for workstation protection installed.

Special thanks

Przemysław Czekaj from

We would like to express our special thanks to Przemysław Czekaj from ProCode company for programming the whole backend on the basis of guidelines as well as for additional know-how. A professional approach to the project from the planning phase to the testing and implementation, an active aid, and consulting services in the field of functioning and improving the application. It is to be commended! Przemysław’s commitment in the creation and development of the project lets us continue to cooperate. We highly recommend  Przemysław for a very good knowledge of the Linux system – as an expert in the field of designing application, programming, and using third party API.

Rafał Pogroszewski from

We thank Rafał Pogroszewski for graphic design of the Checklab’s website, logo, and certificates. We actively work with Rafał at AVLab. We recommend his company CreLab for very good approach to the customer – his examination of requirements before and during implementation of the project is thorough.

Robert Grzegorzak from

We thank Robert Grzegorzak for assist with configuration of the website. We have been working with Grzegorz at AVLab for few years. company

We thank company which has linked the website with the backend. On the basis of an entity from the database they have implemented visualization of charts, tables, and other details. Through their work it is possible to view the results on charts and tables which are now understandable to any person.

Bartłomiej Hawrot from

We thank Bartłomiej Hawrot for preparing a dedicated server with different configuration many times and continuous technical support. For few years already. His knowledge is invaluable, and his experience gained in managing and configuration of government websites turns into security and performance of our servers.

Mateusz Kurlit from

Our special thanks goes to Mateusz Kurlit for preparation of the CheckLab website in English version. We have been working with Mateusz for several years with translation of almost everything when it comes to articles and tests.

Regards also go to others people who have shared their knowledge, and wanted to remain anonymous.

What are our plans for future?

The plans are ambitious, but they require time and money. First of all, we want to provide companies with additional services. In the tests we want to complete vector of sending malware with additional protocols. It will certainly complicate an automation therefore we need time and additional budget. We want to improve the functionality of the virus analyzer and logging events in Windows using a public software Sysmon. We would like to provide users with an interface to transfer files. Such files could be added to our tests. But most of all, we do not want to create a second VirusTotal.

VirusTotal is not suitable for giving an opinion on whether or not antivirus detects anything. We will try our best to prove this below.

At the occasion of various campaigns with spam on many technical websites, we can read that “only a few antivirus applications detect a threat”. It is a half-truth, because VirusTotal should not be used to give such opinions. Therefore, a non-technical person who read such information can conclude that it is not worth investing in security.

We will prove that the results from scanning on VirusTotal does not have any relation with an actual reaction to running a threat on a real operating system. We conducted a similar research in April 2019. It came in handy when we presented facts regarding fair testing. At the conference Check Point Experience 2019 w Łodzi, we proved that VirusTotal is helpful in analyzing malicious software, but it is totally not suitable for carrying out even amateur tests, because:

Stworzyliśmy cztery zagrożenia. Trzy z nich nie były wykrywane przez silnik Check Point zastosowany na VirusTotal. W prawdziwym scenariuszu rozwiązanie Check Point wykryło wszystkie zagrożenia.

Antivirus engines implemented on VirusTotal operate from the command line. In this connection, they may not be able to access the functionality which form part of real security suites. It proves a practical approach to testing. For example, malware which will be blocked by a firewall module, it will not be blocked by an antivirus engine on VirusTotal in a realistic scenario.

As we read in the official document, antivirus engines on VirusTotal are binary versions, operating from the command line. They will not behave exactly the same as versions which we install on computers. In other words, engines implemented on VirusTotal usually do not have a firewall, scanning in the cloud, sandbox, HIPS, DLP, blocking script viruses, and other modules.

We are tired of repeating that VirusTotal was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by sending them the malware they have failed to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology.

– source:


For this reason, we are joining the VirusTotal request and reminding not to issue a false opinion on security products.

This is the first real reason which shows why not to follow the opinion from the VirusTotal scanning. The second reason probably is more relevant, but it is not documented:

Malware which is uploaded using online panel into the VirusTotal service IS NOT LAUNCHED in certain cases. It performs a static analysis of a file, i.e. checksums are calculated, DLLs are extracted, Windows API functions are disclosed, and links with other malicious campaigns are revealed. Every file is scanned by antivirus engine, however, a dynamic analysis is performed only for binary files. Consequently, analyzed EXE files will show a virus activity, but for instance VBS scripts, malicious invoices, PDF file, or macro viruses in DOCX files not always.

In our security tests we launch every malicious file and use genuine versions of antivirus software, so those which are installed by users on their computers. Next, we collect logs from the whole Windows system: from the activity of malware and the response of tested product to a threat. This way, our tests are popular, and enjoy a good reputation among the community and developers of protection solutions themselves.

Just one more thing…

The total cost of the project slightly exceeded 100 000 PLN. It is hard to tell if it is a lot or too little. It depends on the level of the budget. On our micro scale, it is a lot of money. The investment has been funded from private money (without any subsidies). Now we are just waiting for implementation of tests to the benefit of users, developers, and our small business.

We encourage you to visit the website that is entirely dedicated to security tests. And do not forget about that continuously plays an important educational role since 2012.


Share on facebook
Share on twitter
Share on linkedin
Share on email
AUTOR: Adrian Ścibor
Redaktor prowadzący i
0 komentarzy
Inline Feedbacks
View all comments




zapisz się

Bitdefender GravityZone Webinarium

Dowiedz się, co eksperci mówią o GravityZone



Klucze zabezpieczające

100% ochrony przed phishingiem




zapisz się




zapisz się



Klucze zabezpieczające


Bitdefender GravityZone Webinarium

Dowiedz się, co eksperci mówią o GravityZone