MRG Effitas 360 Assessment & Certification Q4 2016

Pity they don't say, in the breakdown of types of malware samples used (page 7), what type(s) "Other" was. More particularly, did they include PUPs (and if so, how many)? Any enlightenment from Webroot personnel would be appreciated (I believe, after the tests are completed, all AV participants receive a complete list of malwares that were used).

MRG Effitas Online Banking / Browser Security Certification Project – Q4 2016
https://www.mrg-effitas.com/wp-content/uploads/2017/02/MRG-Effitas-Online-Banking-Certification-Q4-2016-Level-1_wm.pdf
https://www.mrg-effitas.com/wp-content/uploads/2017/02/MRG-Effitas-Online-Banking-Certification-Q4-2016-Level-2_wm.pdf

Regarding the latter MRG test:

7. A test is deemed to have been failed based on the following criterion:a. The security application fails to detect the sample under condition 6a, 6b, 6c, 6d or 6e, and the malware is able to steal passwords from the browser. (underscoring mine)https://www.mrg-effitas.com/wp-content/uploads/2017/02/MRG-Effitas-Online-Banking-Certification-Q4-2016-Level-2_wm.pdf (page14)

Does this mean that, in the 2 Webroot fails out of the 78 ITW financial malware samples, passwords were able to be stolen from the browser, i.e Identity Shield failed??? Again, clarification from Webroot personnel would be appreciated 😃.

Regarding the 360 Q4 Assessment & Certification test, whilst Webroot may not have been perfect in all tests, I think we can take a lot of satisfaction from the fact that it had a 100%  success rate against the ransomware nasties.