MRG Effitas Q2 2018 360 Degree Assessment and Certification

Avira did not receive any information about Test Subject, notification of the Test Plan and test timing schedule. We did not receive any email which was subjected with “Call for Participant Commentary on MRG-Effitas Q2”. In conclusion, Avira could not made a decision on whether or not to adopt Participant status in the test.

AMTSO RESPONSE: “AMTSO confirms that notification information was provided by the test lab and duly forwarded to all participants in the AMTSO Contact List system; AMTSO acknowledges and confirms that some the notification messages did not reach some CL participants. This situation has been investigated and addressed. In light of this finding, AMTSO extended the commentary period for this test, including the option to adopt Participant status, to ensure all Test Subject Vendors had time to review the Test Plan and decide on their engagement with the test lab.”

“Symantec did not receive notification of this test or a test plan for this test. There has been no communication pertaining to this test from MRG-Effitas. We are providing feedback, based on a prior version of the test plan that was available on AMTSO website, titled – “MRG Effitas Test Plan for Q1 2018 360 Degree Assessment and Certification” from January 22, 2018. We are providing this feedback as a courtesy. We can no longer locate this test plan on the AMTSO member site. 1) Under section 3, methodology details, 6a – Microsoft Edge is not the most widely used browser in the windows OS. Moreover, it is also the most restrictive browser, resulting in a number of Symantec’s protection technologies being unavailable. Based on market share, Chrome would be the most appropriate choice. 2) Under section 3, methodology details, 6d – The tester should ensure that malicious actions occurred on the system and refrain from simply checking if the application “ran” as an indicator of protection. 3) Under section 3, methodology details, 7 – same feedback as #2 above. 4) Under section 3, methodology details, 8 – same feedback as #2 above. The tester is advised to verify that malicious actions occurred. 5) Under section 5, how does the tester validate that a sample carries out malicious actions? For e.g. A downloader that does not download any payload should not be a sample used in the test.”

AMTSO RESPONSE: “AMTSO confirms that notification information was provided by the test lab and duly forwarded to all participants in the AMTSO Contact List system; AMTSO acknowledges and confirms that some the notification messages did not reach some CL participants. This situation has been investigated and addressed. In light of this finding, AMTSO extended the commentary period for this test, including the option to adopt Participant status, to ensure all Test Subject Vendors had time to review the Test Plan and decide on their engagement with the test lab.”