You dont need to create anything, a lot of malware can be found in MDL pe, you can use VM so you will not risk your personal data, but you are a security expert so you already knew that. Because you are an expert you already know that the test that MRG are doing basically consists in a tool that hijack services.exe and capture the information when is being sent. So if you run the MGR tool with Comodo: Inside the sandbox nothing happens the app is blocked silently. Outside the sandbox the app will be blocked by D+ Anyway The MGR app still will need to connect to internet to send the information so the firewall will block it also. All this taking into account that the behaviour isnt detected by the AV. The banking protection is not nothing special. Is not a new science. In order to steal you bank account details your computer have to be infected by a malware that will hijack your broswer, it will steal the information and it will send it to internet.