To help clear up any confusion, we’d like to again share our thoughts on why our approach is difficult to compare in reports like this.
The latest AV-Comparatives report is an on-demand detection test of a specific set of files that evaluates whether or not a particular security solution has a signature for those files. Signature-based detection is not the only measure of a solution’s efficacy in protecting a user from threats, however.
While Webroot’s SecureAnywhere solution does leverage signature files in the cloud as part of its detection capabilities, those are not the primary security capabilities that the solution uses to protect users, particularly from unknown threats. While this test demonstrated that Webroot did not at test time have the most current sample set as part of its cloud-based database, it did not test the efficacy of the Webroot solution in protecting users from these threats outside of signature-based detection.
Webroot’s solutions work differently than traditional security solutions by focusing on the behavior of files that try to execute on a system regardless of whether or not we have seen that file previously and have a signature for it. Any unknown file is monitored and its behavior journaled as it tries to execute. Once it is deemed malicious, any actions the file may have taken are automatically rolled back to return the system to the last known good state, reversing only the changes that the suspicious file made. While the file is being monitored, SecureAnywhere has a collection of shields – including a Behavior Shield, a Web Threat Shield, an Identity Shield, an Offline Shield, and a Zero-Day Shield – that provide real time protection that prevent any untrusted file from executing behaviors that put the user or their information at risk.
Webroot has updated its signature database to reflect the sample set used in this test and has improved its overall sample sharing process to ensure we are continuously updating that database. However, users can be confident that the regardless of the state of signatures, they are protected from any current, new or unknown threats that they may encounter as a result of Webroot’s unique approach to protection.
Best answer by RetiredTripleHelix
AV-C has a great report: Whole Product Dynamic "Real World" Protection Test Results Graph Bar for November Great Job Webroot teams!