Consistent protection is a crucial consideration when choosing an EPP solution:  During testing, it is common for products to block a threat on download at one moment and then miss the same threat later, meaning consistency of protection over time is critical in enterprise deployments.  Most vendors stayed above an 85% block rate for download at any one time during the test period, but only one vendor, McAfee, maintained near 100% block rates throughout the test period.

Beware of significant differences in how quickly EPP solutions block against new threats: The same SEM often moves rapidly to new URLs as existing URLs are cataloged as malicious and blocked. The faster an EPP solution adds protection against SEM, the faster protection is provided for all future malicious URLs. McAfee VirusScan added protection for new threats in 31 seconds on average, a 12x time-to-block advantage over the next fastest vendor, Symantec, with a 15 minute average time to protection. 

Over time all vendors eventually achieved a block rate of over 99%: When combining the SEM block-on-download and block-on-execution capabilities after 7-day intervals during the test, all products achieved total security effectiveness scores in excess of 99%. While the combination of blocking on download and execution protection ultimately results in nearly identical protection scores, products that blocked fewer threats at the initial download phase are more reliant on host-based protection mechanisms in order to still block at execution phase. In an enterprise where client updates are required to maximize host-based defenses, protection is often delayed due to update testing frequently required prior to wide deployment.

Bitdefender

Fortinet Fortigate 100D

McAfee VirusScan Enterprise and AntiSpyware Enterprise

Symantec Endpoint Protection

Trend Micro OfficeScan