This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.
In the past I was using Sophos UTM Home, their turn your PC into an enterprise firewall solution, and that came with a number of free Sophos endpoint protection licenses that are centrally managed by the Sophos firewall. I was fairly impressed with their protection and central management. Only problem was they switched since then to the XG Firewall and that product is a usability nightmare.Sophos Home Premium doing really well
In the past I was using Sophos UTM Home, their turn your PC into an enterprise firewall solution, and that came with a number of free Sophos endpoint protection licenses that are centrally managed by the Sophos firewall. I was fairly impressed with their protection and central management. Only problem was they switched since then to the XG Firewall and that product is a usability nightmare.
SE Labs correctly awarded most of the tested AVs, because this test cannot differentiate between them due to statistical errors and small scoring differences.
Like in other such tests, only the average of several such tests can be meaningful, especially when the AV has consistently high scores.
They sorta do but the 50 IP address limit is not ideal these days, between the explosion in IOT devices and with IPv6 how every device requests at least 4 different IPs for itself.
The problem with SE Labs tests (and generally with all real-wold tests) is that any popular AV (including Webroot) + Edge Chromium on Windows 10 will get very good scoring. Additionally, Webroot has an advantage of the rollback feature, even if it works on 50%. It is not stupid security for average users, until they can respect SmartScreen (anti-phishing and application reputation) in Edge Chromium.
You will be satisfied when looking at many tests on Malware Hub.Someone who's not ignoring SmartScreen, has good habits, uses mostly AppContainer'd apps & keeps their software up to date, barely needs an AV anyhow.
That said, I'd want testing to push suites to their limits, if a lot get 99%, the tester is not trying hard enough, also I'd want more granularity, on this test, what was signature block, what was behavioural, how was an exploit stopped/by which module and at what stage etc. - other labs do provide more details.
You will be satisfied when looking at many tests on Malware Hub.
If I correctly understood the information from their website, Webroot does not use cloud signatures, so the detection for fresh malware cannot be very good. The rollback feature can be an alternative solution to keep good protection. Furthermore, the vendor sells the Webroot SecureAnywhere Web Security Service in the business sector. As can be seen from the below list, Webroot has got a perfect score against targeted attacks and a poor score for web-downloads. The second can be simply covered by adding a web browser extension or using Chromium Edge.What is happnng with Webroot??? Their going down the tube in a hand basket!!!! Its sad to view these poor statics
You probably see that you have somewhat contradictory wishes. If you will respect SmartScreen then you will not see behavior (and many exploit) blocks.I'm not too familiar with the hub, I watch results from time to time, my understanding is that it evaluations suites vs raw samples which do not have motw so while the hub would put most modules of a suite to a harder test, it's not a real world scenario ( which the testing labs claim to do ), as it's already bypassing web filtering and cloud reputation (ie smartscreen).
Of course this means the other modules of a suite need to prove their worth at the hub, which may not necessarily happen during a lab's real world tests and this is very interesting, as these are the last line of defense and it's up to them to protect when the user manually bypasses smartscreen or when the malware delivery is done eg via exploit.
I've also seen custom configuration tested ( ie H_C ) in the hub which may not be what a testing lab is testing and those who do harden their OS's may find a testing lab's results irrelevant.
Are the hub top scorers different from testing labs top scorers?
You probably see that you have somewhat contradictory wishes. If you will respect SmartScreen then you will not see behavior (and many exploit) blocks.