Technology: Endpoint Security (EPS)
All reports
01/2026 - 03/2026
Security Evaluation Test Report: Enterprise Endpoint Security (Protection)
Protection Under Realistic Attack
Security products are often judged by what they claim to do. This report examines how they actually
behave when subjected to realistic attack conditions. SE Labs’ approach is to replicate credible adversary
behaviour and observe how products respond to it, across the full attack chain.
Loading…
Reload document 
Open in new tab 
Measured Protection Against Realistic Cyber Attacks
That attack process includes the initial compromise and could potentially involve lateral movement, persistence, and data exfiltration or ransomware. Our objective is to measure protection as it is experienced in practice, not as it is defined by feature lists or controlled demonstrations.
Each product is exposed to the same threats, under the same conditions, with outcomes recorded and verified. This allows for direct comparison, and we can share the technical details to help improve the products afterwards.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Protection Under Realistic Attack
Security products are often judged by what they claim to do. This report examines how they actually
behave when subjected to realistic attack conditions. SE Labs’ approach is to replicate credible adversary
behaviour and observe how products respond to it, across the full attack chain.
Loading…
Measured Protection Against Realistic Cyber Attacks
That attack process includes the initial compromise and could potentially involve lateral movement, persistence, and data exfiltration or ransomware. Our objective is to measure protection as it is experienced in practice, not as it is defined by feature lists or controlled demonstrations.
Each product is exposed to the same threats, under the same conditions, with outcomes recorded and verified. This allows for direct comparison, and we can share the technical details to help improve the products afterwards.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Protection Under Realistic Attack
Security products are often judged by what they claim to do. This report examines how they actually
behave when subjected to realistic attack conditions. SE Labs’ approach is to replicate credible adversary
behaviour and observe how products respond to it, across the full attack chain.
Loading…
Measured Protection Against Realistic Cyber Attacks
That attack process includes the initial compromise and could potentially involve lateral movement, persistence, and data exfiltration or ransomware. Our objective is to measure protection as it is experienced in practice, not as it is defined by feature lists or controlled demonstrations.
Each product is exposed to the same threats, under the same conditions, with outcomes recorded and verified. This allows for direct comparison, and we can share the technical details to help improve the products afterwards.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. Don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
What’s the difference and why should you care?
This cyber security test includes a mixture of threats. Most are the sort of attack that individuals and businesses face daily. Others are much more targeted and focused on taking control of victims with
greater precision. A targeted attack is rarely created for a single individual. Instead, it is designed
for a defined group of potential victims.
Loading…
A targeted attack is rarely created for a single individual
In practice, attackers rarely focus on one individual. Instead, they target defined groups such as employees of a particular organisation or users of a specific service. From there, they personalised to appear more relevant, timely, or trustworthy. Effective protection against general threats requires strong baseline controls, accurate detection of known malicious behaviour, and the ability to stop threats quickly and consistently
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. Don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
What’s the difference and why should you care?
This cyber security test includes a mixture of threats. Most are the sort of attack that individuals and businesses face daily. Others are much more targeted and focused on taking control of victims with
greater precision. A targeted attack is rarely created for a single individual. Instead, it is designed
for a defined group of potential victims.
Loading…
A targeted attack is designed for a defined group of potential victims
In practice, attackers rarely focus on one individual. Instead, they target defined groups such as employees of a particular organisation or users of a specific service. From there, they personalised to appear more relevant, timely, or trustworthy.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
All reports
09/2025 - 11/2025
Security Evaluation Test Report: Enterprise Endpoint Security (Protection)
What’s the difference and why should you care?
This cyber security test includes a mixture of threats. Most are the sort of attack that individuals and businesses face daily. Others are much more targeted and focused on taking control of victims with
greater precision. A targeted attack is rarely created for a single individual. Instead, it is designed
for a defined group of potential victims.
Loading…
A targeted attack is designed for a defined group of potential victims
In practice, attackers rarely focus on one individual. Instead, they target defined groups such as employees of a particular organisation or users of a specific service. From there, they personalised to appear more relevant, timely, or trustworthy.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Is This Home Report Too Complicated?
Security testing can be easy to explain but hard to execute. Testing can simplify life for organisations needing to buy cyber security products. It helps to create shortlists of competent products worth considering. It can also help explain why security is needed. A good test can demonstrate the sorts of threats real targets face and then show a solution.
Loading…
This is Simple?!
But apparent simplicity is often the product of massive complexity. Security products and attacks are very complicated.
This report simplifies an extremely thorough test to make life easier for businesses and individuals that need to buy cyber security protection but without the need to fully understand the nuts and bolts of it.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. Don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Is This SMB Report Too Complicated?
Security testing can be easy to explain but hard to execute. Testing can simplify life for organisations needing to buy cyber security products. It helps to create shortlists of competent products worth considering. It can also help explain why security is needed. A good test can demonstrate the sorts of threats real targets face and then show a solution.
Loading…
Security testing can be easy to explain but hard to execute
But apparent simplicity is often the product of massive complexity. Security products and attacks are very complicated.
This report simplifies an extremely thorough test to make life easier for businesses and individuals
that need to buy cyber security protection but without the need to fully understand the nuts and bolts of it.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
All reports
06/2025 - 08/2025
Security Evaluation Test Report: Enterprise Endpoint Security (Protection)
Is This Enterprise Report Too Complicated?
Security testing can be easy to explain but hard to execute. Testing can simplify life for organisations needing to buy cyber security products. It helps to create shortlists of competent products worth considering. It can also help explain why security is needed. A good test can demonstrate the sorts of threats real targets face and then show a solution.
Loading…
Security testing can be easy to explain but hard to execute
But apparent simplicity is often the product of massive complexity. Security products and attacks are very complicated.
This report simplifies an extremely thorough test to make life easier for businesses and individuals
that need to buy cyber security protection but without the need to fully understand the nuts and bolts of it.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Marketing vs. Reality
This report focuses on how well popular security products protect home users against real threats. We ran each product through a series of tests designed to reflect the kinds of threats real users face every day.
These include widespread malware attacks and more sophisticated intrusions that do not rely on obvious warning signs. The way we test remains transparent, consistent and publicly documented. We explore anti-malware marketing vs. reality
Loading…
Some of the products offered strong protection with minimal disruption
In this report we included two products that frequently appear at the top of online recommendations for ‘best anti-virus’ and similar. We’ve never tested them before.
Choosing the right security software
Should be evidence-based and not driven by advertising. Independent testing helps cut through the marketing hype and offers a clearer view of which products truly provide effective protection. We explore anti-malware marketing vs. reality.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. Don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
