SE Labs Q2 2022 Endpoint Protection: Enterprise, Small Business, and Consumer

Please note:
This compliance page covers multiple component tests, for details of products covered by each component please see the individual summary pages under “Additional links”

Test Lab

SE Labs

Test Title

SE Labs Q2 2022 Endpoint Protection: Enterprise, Small Business, and Consumer






AVAST, AVG, Avira, Broadcom, CrowdStrike, Emsisoft, ESET, Kaspersky, McAfee, Microsoft, NortonLifeLock, Panda Security, SentinelOne, Sophos, Trellix, VIPRE, Webroot

Publication date


Statement from Test Lab

“SE Labs tests a variety of endpoint security products from a range of well-known vendors in an effort to judge which were the most effective. Each enterprise, small business, or consumer class product are exposed to the same threats, which are a mixture of targeted attacks using well-established techniques, public email, and web-based threats that are known or found to be live on the internet at the time of the test. The Test Reports indicate how effectively the products were at detecting and/or protecting against those threats in real time.”

AMTSO Standard compliance info

Notification issued


Notification method

Publicly posted test plan, Contact list notification

Test plan

Commencement date



These Vendors chose to adopt Participant status under the AMTSO Standard, gaining certain guaranteed rights in return for attestations.
Commentary dates
CommentaryStart dateEnd date
Phase 1 Commentary2022-04-152022-04-25
Phase 2 Commentary2022-08-152022-08-22

Commentary received

VendorCommentary phaseComment
BroadcomPhase 2

Our product utilizes a new technology known as Adaptive Protection. This feature requires a baseline of “normal business operation” before locking down to exclude extraneous functionality from being allowed. The test plan does not allow for this learning period. We have proposed, as a compromise, running the FP test first, having that substitute for the “normal business operation”, then locking down all activity not seen during that test. As a precaution against mischief, the FP test can be re-run to verify nothing changed. If this course is taken then we recommend they FP/Config/FP test be run as quickly as possible, so that our normal backend operations do not change the result.

AMTSO Standard compliance status

Confirmed compliant with AMTSO Standard v1.3Compliance report