Criteria

Anti-malware products and services tested and certified by ICSA Labs are able to prevent end users from becoming infected by in-the-wild and other malware known to exist. To attain or retain certification, ICSA Labs tests products against its Anti-Malware Certification Testing Criteria.  The requirements are geared toward products and services that can detect  malware prior to causing an infection. Though it has had various forms over the years and while there have been a number of iterations, ICSA Labs' industry-vetted anti-malware certification testing criteria documents are testing standards that have been in place for over a quarter of a century!

Endpoint Anti-Malware Detection

The set of testing requirements in the ICSA Labs Endpoint Anti-Malware Certification Testing Criteria is applicable to both business and home user endpoint anti-malware products used in defending desktops, laptops, and servers from malicious code infection.

Network-Based Anti-Malware Detection

The set of testing requirements in the ICSA Labs Network Anti-Malware Certification Testing Criteria is applicable to network-based products and families of related network-based products designed to defend a business or home against malware at a network edge.  Such network-based products are designed to detect in-transit malware typically delivered via threat vectors that often lead to breaches including but are not limited to web drive-by’s and web downloads. 

Optional Testing:

• Anti-Malware Cleaning

In this optional testing, ICSA Labs tests how well endpoint anti-malware products remove known malware from infected files on an endpoint  (when such removal is possible). Such anti-malware products and service offerings are able to remove the malicious components without adversely affecting the data or functionality that existed prior to becoming infected.

• Malicious URL Testing

In this optional testing, ICSA Labs tests how well anti-malware products detect and prevent infection from malicious URLs or drive-by download.  Such product and service offerings are able to block malicious code being delivered via a malicious URL.