AVLab Cybersecurity Foundation’s September 2025 Advanced In-The-Wild Malware Test introduced significant methodological advances. The testing framework now tracks “living off the cloud” techniques, monitoring binaries like az.exe (Azure CLI), aws.exe, gh.exe (GitHub CLI), and python.exe.
These tools are increasingly weaponized to fetch and execute malicious payloads directly from cloud services. Against 443 sophisticated threats, Emsisoft Enterprise Security + EDR achieved a perfect 100% detection rate.
The changing threat landscape and AVLab’s methodological evolution
Attack methodology continues to advance. Beyond traditional Living off the Land Binaries (LOLBins) like schtasks.exe and certutil.exe, attackers now abuse cloud-native developer tools. The test also began monitoring Windows Sandbox components (WindowsSandboxClient.exe, WindowsSandbox.exe), often used for anti-VM detection. Telemetry coverage expanded to over 50 processes and scripts.
AVLab enhanced its testing infrastructure for greater isolation. This prevents cross-contamination between malware samples. Browser components and plugins were updated in real-time during testing cycles. The lab is preparing for a transition to Windows 11 25H2 later this year.
The test utilized 443 active malware samples. 416 were delivered via HTTP, 27 through encrypted HTTPS connections. Extended forensic logging captured complete event trees. This included process relationships, network connections, DNS queries, and file system modifications. The simulation replicates a full attack chain from initial download to final execution.
Emsisoft’s performance breakdown
Emsisoft blocked every one of the 443 malware samples.
The breakdown shows a strong emphasis on early prevention. 87.36% of threats were neutralized pre-execution, stopping them at the delivery or download stage. The remaining 12.64% were caught by behavioral analysis after execution began. The average remediation time was 1.3 seconds from threat introduction to complete neutralization.
For full results, click here.
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free TrialConclusion
AVLab’s increasingly sophisticated testing methodology provides a rigorous assessment of real-world security effectiveness. The September 2025 results demonstrate Emsisoft’s capability against evolving attack methodologies, including emerging “living off the cloud” techniques. Enterprises benefit from verified protection that maintains both detection accuracy and rapid response. The 100% detection rate against 443 sophisticated threats confirms the solution’s enterprise readiness for modern security challenges.