[SE Labs] Endpoint Security: Home, Small Business, and Enterprise (Q1 2022)

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

ExecutiveOrder

Level 2
Thread author
Sep 21, 2021
47

Endpoint Security (EPS): Home 2022 Q1:

1649895316039.png


Endpoint Security (EPS): Small Business 2022 Q1:

1649895475326.png


Endpoint Security (EPS): Enterprise 2022 Q1:

1649895654624.png

Source linked in every title above, or: 2022 - SE Labs
 

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
im pretty sure Sophos must of payed for that result, I was trialling sophos home for a month, and in testing 5 or 6 times in a vm, it missed so much, and in each test ended up in the VHDX being destroyed/wiped, out of any recent security software ive tested, sophos was the only one that missed it consistently (test ran over 2 weeks to be sure signatures updated etc) also liaised with their support (who were dreadull)
 

ExecutiveOrder

Level 2
Thread author
Sep 21, 2021
47
Why is there a difference between Avast and AVG in terms of Total Accuracy Rating?
Because it shows a single notification of "click to block (default block)", that's it.
It causes 4 fewer points in "Legitimate Software Ratings".
Not sure if during the testing period, AVG rolled out an update for the app to configure its certain behavior (not the signature) at the exact same time as Avast. This slight difference or inconsistency is not uncommon even in other testing labs. Both scored 100% protection (399 out of 400 points due to how SE Labs scores the result, refer to 3rd part: "Protection Rating").
im pretty sure Sophos must of payed for that result, I was trialling sophos home for a month, and in testing 5 or 6 times in a vm, it missed so much, and in each test ended up in the VHDX being destroyed/wiped, out of any recent security software ive tested, sophos was the only one that missed it consistently (test ran over 2 weeks to be sure signatures updated etc) also liaised with their support (who were dreadull)
Sophos 100%? Try to download a malware and see how infected you are. Sophos is terrible.
Different times, different samples and methodology, different tester, and of course different results.
"The test was conducted between 17th January and 14th March 2022" and "only" employs verified 75 "general attack" and 25 "targeted attack" scenarios.
This so-called 100% protection is limited to the test conducted by the SE Labs, reviewing their methodology (AMTSO compliant) will enlighten the concern a little bit.
Sophos' results in the last 2 quarters are not that impressive, Q3 2021 95% (ranked last), Q4 2021 97% (8th out of 12).
By looking at multiple independent testing labs, readers can get a deeper insight into a certain product, SE Labs is just one of 'em.
 
  • Like
Reactions: roger_m and kC77

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,119
Sophos 100%? Try to download a malware and see how infected you are. Sophos is terrible.

Unfortunately, one cannot prove anything by doing this, even after downloading a thousand samples.
The results are pretty much random. This is similar to guessing what is displayed on the screen which can display only 0.01% pixels (99.99% faulty pixels). You could probably recognize the picture of a woman on the screen. You could also guess if she is pretty, but your guess would be in fact only an illusion.

That is why in the SE Labs test all tested AVs except Webroot were awarded AAA. SE Labs knows that this particular test cannot show more than that.
The results in the tables included in OP have nothing to do with protection/detection in the wild. They can be used to show something interesting only with similar results from many other tests. The average result (calculated correctly) can sometimes show something related to the protection/detection in the wild.(y)
 
Last edited:

kC77

Level 5
Verified
Well-known
Aug 16, 2021
230
Different times, different samples and methodology, different tester, and of course different results.
ne of 'em.

Unfortunately, one cannot prove anything by doing this, even after downloading a thousand samples.
The results are pretty much random. This is similar to guessing what is displayed on the screen which can display only 0.01% pixels (99.99% faulty pixels). You could probably recognize the picture of a woman on the screen. You could also guess if she is pretty, but your guess would be in fact only an illusion.

That is why in the SE Labs test all tested AVs except Webroot were awarded AAA. SE Labs knows that this particular test cannot show more than that.
The results in the tables included in OP have nothing to do with protection/detection in the wild. They can be used to show something interesting only with similar results from many other tests. The average result (calculated correctly) can sometimes show something related to the protection/detection in the wild.(y)
except sophos in this case isnt a "random" "0.01% chance" .... it consistently failed over a 1 month trial with 1 sample that was submitted to them & and I attempted to deal with support.
I would imagine if my trial was still active it would fail that same test.

If i ran an AV company and a drive wiper malware hit it & a customer submitted it.... would be pretty important............ would be fixed or a signature done quickly
Sophos are just not on the same planet. (this malware was detected by every other provider tested... most of the common players)

No disrespect but its really .1 bad support & 2. terrible protection.

I had so much hope for sophos, I wanted a UK based AV provider.... I wanted them to win, I wanted them to be reliable........... They came out bottom of the pile (by a long way)
**im serious about wanting a UK based AV provider, no one even close and here i am with defender and voodooshield (both US based)
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,119
except sophos in this case isnt a "random" "0.01% chance" .... it consistently failed over a 1 month trial with 1 sample that was submitted to them & and I attempted to deal with support.
...
No disrespect but its really .1 bad support & 2. terrible protection.

We talk about different things.
In my post, I did write that a relatively poor result in one test does not necessarily indicate that the protection in the wild during the time period of testing, must be poor. But, It does not mean that it cannot be poor. Simply, the results of a single test (missed samples) are usually a kind of illusion. By an accident, the illusion can be close to the truth.

The example with faulty pixels can give some insight into this issue. When you see a bunch of pixels that can resemble a woman without a nose, then you get it as not pretty. The woman in the wild can still have a nose and be pretty, or she can have a very little nose and look unattractive.

If you take as an example the tests from AVLab, then I am not sure if 20 000 samples in one test could be sufficient to see if one AV is "prettier" than another one. The AVLab tests are far more comprehensive than any test made by one person, and when we gather the results from the years 2019-2021 (over 17000 samples), we still cannot be sure if Defender is better than F-Secure (we know from other tests that probably not):
https://malwaretips.com/threads/web...-2-vs-1000-sample-exe-test.113168/post-983155
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top