Best endpoint protection for business: quick menu
The best endpoint protection software for business provides a simple way to safeguard your business desktops, laptops, and mobile devices. Note that we’re not referring to them as business Antivirus as we believe this notion is obsolete.
Additionally, endpoint protection services should bring together all cyber security and privacy controls for business PCs into a single management dashboard. This means everything from a standard firewall to antivirus software with malware removal and ransomware protection for multiple devices.
The advantage here is that business endpoint security saves on having to individually install software on every single computing device in the office, so it immediately comes with management benefits from an IT and productivity perspective. However, it also means there’s a single place from which you can update company security policy across your IT network, as well as set up filters, options, and features customized to required needs.
The result is the ability to protect desktops and laptops, inclusive of Windows and Macs, as well as mobile devices such as smartphones. Some providers may also offer a rescue disk feature to rollback any existing attack, or encryption software. Additional features might include a data shredder, credential storage although you may want to consider using the best password manager for this purpose or a business VPN.
Here then are then best endpoint protection for business currently available.
If you’re looking for extra protection, we’ve also featured the best identity management software.
Quick list
Load the next 3 products ↓
7. Bitdefender GravityZone Business Security
If you’re looking for supreme detection rates, then Bitdefender’s offering is worth your attention. There are also many features here at a good price, and we welcomed the granular control over policy settings. Unfortunately, there is no mobile device coverage.
Read more
8. WatchGuard Endpoint Security
WatchGuard offers a number of endpoint protection services, and again it adopts a modular model, allowing users to pick and choose what they want. The EPP is compatible with more platforms than any other rival we’ve reviewed, but our installation on a basic machine wasn’t plain sailing.
Read more
With a featureset that’s very impressive, Threatlocker is a generous service. The Ringfencing feature, for instance, allows you to set boundaries for how apps interact, and Network Control can open ports automatically based on an endpoint’s location. The interface is very basic, though.
Read more
The best endpoint protection for business of 2024 in full:
Why you can trust
We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.
Best endpoint protection for business overall
buy if
✅ You want ease of use: Avast was easy and quick to setup according to our tests, and the central dashboard is user friendly, making it a breeze to navigate your way around.
✅ You want good email protection: Avast’s offering comes with a feature called ‘Mail Shield’, which is compatible with popular clients like Microsoft’s Outlook. It scans for threats and has a sandbox to safely run apps you’re not sure about.
don’t buy if
❌ You want mobile protection: Perhaps the most glaring omission from Avast Business Security is the lack of mobile protection, so if your firm has company devices, you might want to opt for another service.
For over 35 years Avast has been researching and developing security software, so when they say they have a solution for endpoint protection we should all pay attention.
The software also incorporates a ‘Mail Shield’ which works with email clients like Microsoft Outlook to scan for threats. The integrated ‘Sandbox’ also allows users to run applications safely.
During our tests we were very impressed to see the Avast agent aborted the download of our test computer virus. When we introduced a real trojan virus to the test machine, it was also immediately detected and quarantined. The Avast Business Hub also generated reports to confirm the suspect files had been sanitized.
Read our full Avast Premium Business Security Review.
Our EXCLUSIVE Avast business antivirus deal
Best flexible EPP
buy if
✅ You want strong security: Cisco Secure Endpoint neutralized out test threats very quickly. It also offers a sandbox for indepth analysis of threats, and it uses AI to spot threats based on their behavior, not just relying on signature detection.
✅ You want good platform support: Cisco Secure Endpoint is one of the few solutions that covers multiple platforms, supporting as it does Windows, Mac, and Linux systems, as well as Android and iOS devices.
don’t buy if
❌ You want clear pricing: The main downside of Cisco’s solution is that the pricing isn’t made all that clear, with no plans listed on its website, so you will need to get a quote. This is fairly common in the endpoint space, though.
the bottom line
🔒 Cisco Secure Endpoint is another very competent and complete package, with intelligent threat detection that offers brilliant security across a wide variety of platforms. You’ll have to get a quote for the cost, though. ★★★★½
For the past 40 years Cisco has been wowing consumers with its dazzling range of technology and software products.
In the company’s own words, Cisco Secure Endpoint (formerly ‘AMP for Endpoints’) is ‘built for resilience’. Cisco even makes the bold claim that the platform blocks more threats than any other security provider.
When it comes to brass tacks, we were unable find any specific pricing on Cisco’s website but interested parties can contact one of their sales representatives. In fairness, this type of pricing model is quite common for the EPPs we’ve reviewed.
The good news is that unlike most EPPs we’ve reviewed, Cisco Secure Endpoint is truly crossplatform, supporting Windows, macOS, Linux, iOS and Android devices.
The platform maintains a database of every file it’s scanned, allowing it to automatically block ‘good’ or ‘bad’ ones without intensive scanning through using a scoring system.
Cisco Secure Endpoint also employs machine learning analysis to identify malicious files based on their behavior. It supports detection of polymorphic malware to stop bad actors from making small changes to viruses to avoid signature detection. Once threats are detected, the platform is also capable of performing sandboxing and/or advanced forensics.
During our tests, when we tried to download a fake computer virus using the Microsoft Edge browser, the Cisco agent immediately detected it and blocked the download. We were impressed that the threat was prevented before it even gained a foothold on the test machine.
When we manually tried to copy a real trojan virus to the machine’s ‘Downloads’ folder, the threat was also immediately detected and quarantined.
This means, aside from slightly vague pricing we found Cisco Secure Endpoint to be faultless.
Read the full Cisco Secure Endpoint review.
Best lightweight client
buy if
✅ You want lightweight protection: The advantage of Malwarebytes Endpoint protection is that it isn’t very resource intensive, making it quick to setup and run yet it still offers advanced threat protection.
✅ You want a good price: Malwarebytes Endpoint Protection is well priced, and offers coverage for many devices.
don’t buy if
❌ You want proactive protection: During our tests, Malwarebytes only kicked into gear once we tried to download our dummy malicious payload the ‘BrowserGuard’ extension failed to actually prevent the download itself.
the bottom line
🔒 Malwarebytes Endpoint Protection is lightweight and well priced, but still provides advanced threat protection. It didn’t block threats straight away, though but it still stopped our test virus from actually running. ★★★★½
From 2016 onwards the cybersecurity experts at Malwarebytes have been producing EPP products such as Malwarebytes Endpoint Protection.
EPP for Business pricing is extremely competitive it starts at $4.96 per device, per month for 10 99 devices.
Key features include a very lightweight client, which is quick to download and setup. Management of Endpoints takes place through Malwarebyte’s ‘Nebula’ cloud portal, complete with introductory video.
The platform engages in application ‘hardening’ to reduce attack surfaces, as well as behavioralbased analysis and blocking. The company claims this is also combined with ‘zero day’ protection which uses payload analysis to proactively block threats.
Malwarebytes Endpoint Protection also incorporates ‘web protection’ technology to protect endpoints from malicious URLs. When we contacted Malwarebytes to request a trial for this review, they also suggested installing their free ‘BrowserGuard’ browser extension on our test machine.
We decided to put the platform through its paces after setup and downloaded a fake computer virus in compressed (ZIP) format in Microsoft Edge. The ‘BrowserGuard’ extension seemed to raise no objection to us doing this.
After we extracted and tried to run the program, the Malwarebytes agent sprang to life and contained the threat. Similarly when we copied a real trojan virus to the test machine, the agent only blocked and quarantined it when we actually tried to run it.
Most other EPPs we’ve reviewed are able to block downloads of malicious files or proactively quarantine them before the user has a chance to to launch. Still, the fact that threat detection works differently doesn’t mean it’s any less effective.
Read the full Malwarebytes Endpoint Protection Review.
Best UI
buy if
✅ You want a clear interface: One of the best aspects of Vipre EDR is its user friendly interface, which is vibrant and helpful at the same time.
✅ You want good and clear pricing: There is an annual subscription for $60 per seat, supporting up to 10 seats. This makes it one of the better priced endpoint protection services out there.
don’t buy if
❌ You want strong agent software: Unfortunately, there is no agent software for mobiles or for Linux, and our setup on Windows proved to be more troublesome than we expected (although the company assured us this was only because we were using a beta version provided to us).
the bottom line
🔒 Vipre EDR is a wellpriced solution with a great interface and plenty of advanced features, including AI malware detection and antispam. However, the agent software was only available on Windows and Mac, although there is still a console app for mobile. ★★★★½
Vipre Security Group was originally founded in 1994 and Vipre EDR (Endpoint Detection and Response) is one of their flagship products.
There’s a basic pricing model of $60 per seat, for up to 10 seats, billed annually via automatic subscription, unless you email to cancel .This makes Vipre EDR one of the most competitively priced platforms we’ve reviewed.
The platform supports AIdriven malware detection, deploying agents with firewall, email scanning, network intrusion detection, DNS protection, web exploit detection, and antispam engines.
Vipre also claims the platform has additional security measures, including correlation engines that combine raw events, security events, and contextual data to identify zeroday, “livingofftheland”, and gray zone threats not detectable by regular antivirus.
Agent software is available for both Windows (from Windows 7 SP1 onwards) and macOS. We were sorry to see that Linux and mobile devices weren’t listed, though the console itself has an excellent mobile interface.
During our tests it took three tries before we could install the agent software and update it successfully. VIPRE were keen to point out that this was because the trial account that they set up for us was on the beta version of the platform. These issues don’t exist in VIPRE’s main production environment.
Once the agent was running it was immediately able to detect the fake computer virus we’d downloaded to our test machine in ZIP format, immediately quarantining the threat.
We next tried to copy a real trojan virus to the test machine’s ‘Downloads’ folder, only for the agent to immediately detect and quarantine it too.
This combined with a colorful and helpful UI definitely make VIPRE an EDR platform to consider.
Read the full Vipre EDR Review.
Best endpoint protection for remote deployment
buy if
✅ You want to operate remotely: One of the advantages of ESET PROTECT is that you can deploy and manage endpoints remotely from any device, thanks to its cloud interface.
✅ You want a Linux client: ESET’s solution offers a client that you can install on Linux machines, which is something of a rarity in the endpoint protection world.
don’t buy if
❌ You want remote control over those Linux endpoints: Despite having Linux clients, ESET can’t offer the same level of remote admin features that it does for Windows and Mac systems.
the bottom line
🔒 ESET PROTECT offers protection for numerous platforms, both desktop and mobile, and allows for remote deployment and management via its cloud interface. Although Linux is covered, the amount of control you have over them isn’t as comprehensive as you get over Windows and Mac machines. ★★★★
ESET PROTECT is pitched at small and mediumsized businesses and covers Windows, and macOS, and with certain conditions also extends to Linux, Android and iOS endpoints as well.
The security product brings with it a software firewall, the ability to detect malicious communications over the Internet and then block the offending process that initiated it. You also get a Hostbased Intrusion Prevention System (HIPS) that uses a predefined set of rules to identify and stop dubious behavior.
ESET monitors and evaluates all executed applications on the endpoints and based on their reputation and behavior will block any processes that act like ransomware. It keeps an eye on typically exploitable applications such as browsers, document readers, email clients, Flash, Java, and such, to look for identifiable exploitation techniques.
The endpoint bundle also includes the File Security product for Windows Servers and Microsoft Azure that can scan and monitor a connected OneDrive storage and VMs.
During our tests, we found ESET failed to quarantine our fake computer virus in compressed (ZIP) format but as soon as we extracted the file it was detected and deleted.
We also enabled the ‘Web Control’ feature and tried to visit The Pirate Bay to search for some (legal) downloads of Ubuntu Linux. Although we found we could search torrents, downloading was blocked.
When we logged into the ESET cloud console after running these tests, the ‘Detections’ section displayed all security alerts.
Read our full ESET PROTECT review.
Best endpoint protection for modules
buy if
✅ You want lots of features: There are many security features within the Trend Vision One platform, including the ability to integrate with thirdparty services.
✅ You want a modular service: Trend Vision One works on the basis of credits, and you use them to buy licenses for certain modules in the platform, so you only take what you need.
don’t buy if
❌ You want clear pricing: Because of Trend’s modular approach, we found it difficult to ascertain how much on average a typical customer would likely spend on Vision One.
the bottom line
🔒 Trend Vision One takes a different approach to endpoint solutions, by operating a credit system to purchase modules in the platform. There are also many security features, but working out how much you’ll end up paying may take some effort. ★★★★
Trend Micro’s Vision One debuted in 2021. It’s touted as an XDR (Extended Detection and Response) platform to allow customers to detect and respond to threats from a single console. It uses a ‘credits’ system to buy licenses for individual products, though in our research we had trouble finding out how much on average it costs to use Vision One specifically.
The platform includes an ‘Operations Dashboard’ for quickly assessing risks such as user and device vulnerabilities. It even delivers a helpful ‘risk index’, though we found this was unaffected by detection of a fake virus on our test machine. Trend Vision One’s features can be extended by adding various apps.
The ‘Security Assessment’ app is useful for executing quick scans on remote mailboxes and endpoints. The ‘Workbench’ app displays alerts in response to threats, while the ‘Targeted Attack Detection’ app uses threat intelligence from the Trend Micro Smart Protection Network to identify early indicators of attacks.
Another notable feature of Trend Vision One that impressed us is that it does allow you to run simulated attacks on endpoints. Ultimately though we decided to run our own tests in the interests of fairness.
The Agent software provided by the platform immediately detected and quarantined our test virus file, even though it was in compressed (ZIP) format. A short while later, we received an email alert from Trend Micro alerting us to the detection and providing a link to view details in the aforementioned ‘Workbench’ app.
Read our full Trend Vision One.
Best endpoint protection for detection rates
buy if
✅ You want to get going quickly: From our tests, Bitdefender’s offering was one of the quickest and easiest setups we’ve experienced, kicking straight into action once downloaded.
✅ You want a great interface: From the welcome screen to the console management hub, GravityZone is helpful and easy to navigate, and the dashboard that offers summaries of your endpoints’ security is also one of the best we’ve seen.
don’t buy if
❌ You’re on a budget: Bitdefender GravityZone is on the more expensive end of the spectrum, and beware that some features bundled with the trial version have to be bought separately when it comes time to parting with your cash.
❌ You want mobile coverage: This is sadly yet another endpoint protection solution that doesn’t cover mobiles.
the bottom line
🔒 Bitdefender GravityZone Business Security offers some great features in a wellpackaged outfit, making it very easy to setup and use. The pricing is a bit steep, though, and no mobile devices are covered. ★★★★
BitDefender GravityZone Business Security can command some high prices, placing it at the higher end of the spectrum for endpoint protection platforms. However, there are offers on to net some good savings.
For our tests we used a fake computer virus, provided by the good people of EICAR. Our initial ‘Quick Scan’ failed to reveal it but this was unsurprising as these types of scan only seem to check the C:WindowsSystem32 folder on our Windows 11.
We next ran a ‘Custom’ scan to check the ‘Downloads’ folder specifically where the virus was located. The Bitdefender Agent recognized the virus immediately and quarantined it.
For our final round of tests we tried to download the fake virus directly from the EICAR website several times as a compressed (ZIP) file. In each case the agent either deleted the virus or changed file permissions, so we couldn’t access it.
Our only criticism was that we had to open up the agent software to see the detection alerts other endpoint protection software we’ve reviewed usually shows a pop up notification as soon as a threat is detected.
Read our full Bitdefender GravityZone Business Security review.
Best endpoint protection crossplatform
buy if
✅ You want advanced threat protection: WatchGuard offers an antivirus that is nextgen, so it can detect more malicious files and programs than those based on signature detection alone. It can also suggest security updates for your endpoint.
✅ You want good compatibility: WatchGuard Endpoint Security works not only on Windows, Mac, Android and iOS devices, but also on Windows on ARM machines and Windows Server.
don’t buy if
❌ You want an easy setup: WatchGuard proved to be quite troublesome when we tried to get it working, failing to install on Windows 11 on numerous occasions, and alerts only came when we manually synced with the Panda agent.
the bottom line
🔒 WatchGuard Endpoint Security offers advanced endpoint protection across 100 devices and supports numerous platforms. We did encounter setup issues during our testing, though, but there is at least a 30day free trial for you to see for yourself how it performs. ★★★★
WatchGuard was first founded in 1996 and their flagship product was a single firewall program. Since then WatchGuard has created any number of security solutions, as well as acquiring Madridbased Panda Security in 2020.
WatchGuard allows interested parties to secure up to 100 endpoint devices with a 30day free trial. From accessing the free trial and examining the various licenses available, we were able to discover there are in fact a number of solutions: WatchGuard Advanced EPP, EDR, EPDR and ‘Advanced’ EPDR.
For the sake of simplicity we chose a trial of WatchGuard EPP, though this doesn’t tell the full story: users can subscribe to additional ‘security modules’. These handle tasks like patch management, full disk encryption and multifactor authentication.
The platforms NGAV (NextGen Antivirus) provides detailed, realtime detection and reporting. The agent software (named ‘Panda’) is compatible with a huge range of devices including Windows, Windows Server, Windows for ARM devices, macOS, Android and iOS. This makes WatchGuard EPP by far the most crosscompatible platform we’ve ever reviewed.
During our tests we tried to download the agent software and install it to our test machine running Windows 11 but setup failed the first three times. Eventually we rest the test machine and were able to get the Panda agent running the fourth time.
We also tested the platform’s malware detection features. We were able to download a fake computer virus in compressed (ZIP) format but as soon as we tried to extract, the agent software immediately detected and quarantined it. Next, we tried to copy a real trojan virus to the ‘Downloads’ folder of our test machine with the same result.
When we logged into the cloud console however, there were no reports of these threats until we manually clicked the ‘sync’ option on the Panda Agent. The console then displayed details of the threats in a helpful infographic.
Read the full WatchGuard EPP review.
Best for features
buy if
✅ You want advanced features: In addition to the basics, ThreatLocker also offers unique features, from ringfencing application interactions and setting time slots for their access, to opening ports based on precise application conditions.
✅ You want good support: In our experience, we found the support team at ThreatLocker to be very helpful, even offering to help us setup the platform on our devices.
don’t buy if
❌ You want a sleek interface: ThreatLocker’s UI is about as basic as it comes, but it is at least well laid out and a beta version is available for something a bit more visually appealing.
the bottom line
🔒 ThreatLocker is a powerful endpoint solution with a great setup experience and plenty of interesting features. The UI is quite spartan, though, but there is at least an upgraded beta version for this. ★★★★
Threatlocker is a newcomer to the cybersecurity game the Floridabased company was only founded in 2017, long after security giants like Symantec and Kaspersky. Still, the company’s endpoint security platform has one of the most impressive array of features we’ve ever seen.
It includes basic features we’d expect to see such as black and whitelisting of applications. We were much more intrigued though to read about Threatlocker’s ‘Ringfencing’ feature, which allows managers to set boundaries for how certain applications interact.
Threatlocker also supports ‘Dynamic Network Control’ to regulate traffic, as well as open ports only for authorized applications using dynamic ACLs (Access Control Lists) or agent authentications. The Threatlocker website rightly points out that this is an often overlooked security gap for EPPs.
Users can also set timebased policies, so applications can only be accessed and/or perform certain functions at an allotted time during the day.
Threatlocker’s extremely friendly and helpful support team, offered to contact us and set up a demo to walk us through the onboarding process. We appreciated the offer but decided to go it alone to see how easy the platform is to use.
Upon login, we found that the main interface is a little spartan. At times it feels more like editing a database rather than editing an online portal. That said, the left hand pane is logically laid out and it’s easy to expand sections to see further options. There is, however, a a ‘Beta’ portal which offers a much more modernlooking UI.
During our tests, when we tried to extract the fake computer virus in compressed (ZIP) format, the Threatlocker Agent immediately changed file permissions to contain the threat. We next tried to copy a real trojan virus to our test machine’s ‘Downloads’ folder, which was also immediately detected and quarantined.
A barebones interface is a small price to pay for a platform so powerful and versatile.
Read the full Threatlocker review.
Best endpoint protection software FAQs
What’s the difference between consumer and business antivirus protection?
Consumer antivirus tools are designed to protect individual devices from cyber threats. It’s suitable if you run your business from just one device that needs protection. On the other hand, business antivirus tools provide protection for a network of devices within an organization. They differ in several other ways including
Setting up consumer antivirus software is pretty easy. You just buy and install it on the device that needs protection. In contrast, business antivirus software works through a centralized management system; an IT administrator can install the software on multiple devices from their control panel. This panel can modify settings, deploy updates, and receive alerts about the devices connected to the organization’s network.
Business antivirus tools are called endpoint security because they protect multiple devices under a single network, and these devices are called endpoints. Any device connected to the network is automatically protected, while in the consumer sphere, you must manually install the software on each device that needs protection.
Another distinction between consumer and business cyber software is that the former is reactive and the latter is proactive. Consumer systems aim to prevent known malware from infecting your device, although some may slip through. If malware slips through, the antivirus software then mounts a defense to prevent it from corrupting the system.
Proactiveness, on the other hand, is more focused on preventing any attack from occurring in the first place than defending against one that has occurred. The software anticipates the threats and works to close any vector that the threat can come from.
Think of the reactive approach as security personnel guarding the door of a building and the proactive approach as a military battalion patrolling the perimeter of a building to identify and eliminate potential threats before they can strike.
Business antivirus software is much more sophisticated than consumerlevel ones. Consumer software operates more simply; it scans files on your device for signatures associated with malware. The companies behind these tools have large databases of known malware signatures that their tool runs checks against. But, business cyber software goes more than that. They usually employ artificial intelligence and machine learning to detect threats whose signatures may not be known.
Business software also usually provides extra features outside endpoint protection. For instance, it can come with a Virtual private network (vpn) service, a password manager, a registry scanning tool, etc. You may find these extra features on consumer software, but it will likely come at an additional cost, unlike business software where it‘s free.
Business software is more complex than consumer software, so it costs more to buy and maintain. Consumer software usually has a fixed annual or lifetime fee that you can pay for each device, while pricing for business software varies according to the number of devices on the network and other related factors.
Expect to pay much more for endpoint software covering an entire network than you would for consumer software installed on a few devices.
Do I need endpoint security software?
If you need protection for a personal device or just a few devices under your care, endpoint security is not costeffective. You’re better off with basic cyber tools that safeguard your devices against threats.
However, if you run a business with a significant number of employees, think a few dozen, then it becomes worth it to get endpoint security software. Businesses, not individuals, are the primary targets for data leaks and ransomware operations, so it is worth it to invest in a sophisticated endpoint security solution if you run a large one.
Which endpoint protection software is best for you?
The essential factors to consider when choosing endpoint protection software include
Threat Prevention
Your software should be able to identify attack patterns and mount a defense to prevent them from infecting your devices. It should have full visibility into the network and constantly monitor the traffic for suspicious activity. If any is detected, you should get a realtime report to take steps that will prevent it from successfully breaking into your network.
Response and Data Recovery
No software is perfect, so even if your endpoint security solution is good at detecting and preventing attacks, some could slip through. Nonetheless, the solution should be able to delete all traces of an attack that slips through its defenses. This way, your files won’t be corrupted or deleted.
A good endpoint solution should also provide tools for regular data backup and recovery. It’s advisable to set up automatic backups for your data at specific intervals, e.g., daily, weekly, or biweekly. This way, even if an attacker successfully breaks into your network and locks you out, you can just restore the backup and avoid paying any ransom.
Policy Management
A good endpoint solution should give you considerable administrative control over devices connected to your network. For instance, you should be able to decide who gets access to certain data or not. You could also define different protection rules for different devices, e.g., one device can have weekly automatic backups while another has daily backups because the data on it is more sensitive.
External Device Monitoring
External devices such as USB drives, CDs, and hard disks are one of the most common vectors for introducing attacks into a network. Thus, an ideal endpoint solution should allow you to monitor which external devices are connected to any PC within your network. You can even block external devices from connecting to some PCs that contain very sensitive information. This goes a long way in preventing cyber threats.
Artificial Intelligence and Machine Learning
Cybersecurity threats are increasingly becoming sophisticated, some say too sophisticated to be detected by traditional methods. Many endpoint solutions now employ artificial intelligence and machine learning to identify threat patterns and stop them before they can cause issues. It isn’t compulsory for your solution to incorporate these tools but it’s preferable.
How we test
How we tested the best endpoint protection software
To test for the best endpoint protection software we first set up an account with the relevant platform, logged in to the cloud console and downloaded the agent software to our test machine, which contains a clean install of Windows 11. No thirdparty software is installed besides the platform we’re reviewing.
Our aim is always to push each endpoint protection software platform to see how useful its basic tools were and also how easy it was to get to grips with any more advanced tools.
To this end, we make a point of leaving each platform’s default settings as is, to see how well it responds to potential threats.
When reviewing the EPPs, our first test is always to download a fake computer virus, provided by EICAR. This file is actually harmless but it’s signature exists in almost all antivirus databases for testing purposes.
The file is downloadable from the EICAR website in compressed (ZIP) format. We used the Microsoft Edge browser on our test machine to begin the download. If the EPP offers any web filtering features, we also check to see how the agent reacts to our attempts to visit the website.
Once the fake virus is downloaded, we then try to extract it to the test machine’s ‘Downloads’ folder. A hallmark of an effective EPP is if it can recognize the threat before the file is decompressed and quarantine it. But at the very least we expect the file to be isolated and sanitized after it’s extracted.
Our next test is to try to copy a new, real computer virus (usually a trojan virus) to the test machine’s ‘Downloads’ folder. We do this to check that an EPP can detect a threat based on suspicious behavior, not just by comparing file signatures to a database of known malware. If the EPP agent doesn’t immediately quarantine the file, we then try to run it to see if the platform will block it or if the machine will be infected.
Our final test is always to log into the EPP’s cloud console to see which threats (if any) have been reported. Even if a file has been quarantined, we’d expect to see a report in the main dashboard, ideally providing more information about the threat.
Read more on how we test, rate, and review products on .
The competition
The above Endpoint Protection solutions represent a handful of the products out there. Sadly in a number of cases when we filled in a form on the company website requesting a trial, we either received no response or a representative refused our request.
A number of platforms offered to showcase a product demo or provide marketing material but we felt that readers would prefer to read reviews of products we’d tried for ourselves, not to mention the results of our malware detection tests.
Although we’re not going to name names here, we encourage all software vendors to cooperate with requests from independent reviewers to try out their products. IT Managers often make a point of visiting websites like to read assessments of your platforms before signing up for a trial.
- You’ve reached the end of the page. Jump back up to the top ^