There are two common perspectives to testing Portable Executable (PE) files:
One at a time
Test each malware sample individually, reviewing the testing machine's state after it has been executed, and then validating whether it was blocked or let through.
This approach is precise, but is time consuming.
Many at a time
A bulk of malicious files are dropped onto the testing machine at the same time to test the real-time anti-malware scanner's ability to detect and cleanup the samples.
This is less precise, but it takes much less time to perform.