SiteLock uses cookies in order to enhance your experience on our site. To learn about what cookies are, why we use them, or how to block or remove them, view our privacy policy.


Independent Testing Shows SiteLock Web-Based Malware Protection Outperforms Traditional Endpoint Solutions

SCOTTSDALE, ARIZONA — October 5, 2016

A recent report from the Tolly Group confirms that traditional virus scanning applications and endpoint security solutions are not designed to detect or remove web-based cyber threats and malware. According to the study commissioned by SiteLock, a global leader in website security, traditional endpoint security solutions miss more than 90 percent of web-based malware attacks when used alone. This study comes as the Department of Homeland Security launches Cyber Security Awareness Month (NCSAM).

Testing a group of nearly 3,000 web-based malware examples to determine effectiveness, the independent testing group compared the SiteLock SMART (Secure Malware Alert & Removal Tool) web-based malware protection solution alongside McAfee Complete Endpoint Protection.

Additional findings include:

  • Traditional virus scanning applications and endpoint security solutions are not designed to detect and effectively counter web-based cyber threats and malware
  • The endpoint security solution tested missed over 90 percent of web-based malware
  • SiteLock SMART provided 100 percent PHP and JavaScript coverage versus less than 6 percent coverage by McAfee
  • Relying solely on endpoint security solutions increase the likelihood of security breaches

Tests showed that the SiteLock solution detected and cleaned 100 percent of the samples provided. Traditional anti-virus endpoint solutions have focused on threats that arrive as executable programs, failing to address newer web-based attacks. SiteLock SMART offers real-time, non-disruptive continuous scanning for website and web applications.

"Millions of websites get hacked and don't know it. We work tirelessly to get ahead and stay ahead of cyber criminals, developing a solution that can not only detect malware and vulnerabilities but remove threats in real-time," said Neill Feather, President of SiteLock. "There is a misperception regarding the role of traditional solutions and customers don't realize they can be left vulnerable. The Tolly Report provides third-party validation of the unique work that SiteLock SMART delivers, and helps us to continue our journey to detect and prevent future website attacks."

SiteLock can detect malware the minute it hits and scans source code of more than 200,000 websites and web applications each month. After identifying malicious content, it automatically neutralizes and removes the threats—cleaning over 50,000 applications per month. SiteLock then provides businesses with complete reports on scans, threats detected and items removed.

To view the complete report, visit: To join the NCSAM conversation, follow @SiteLock on Twitter and use #CyberAware.

About The Tolly Group

The Tolly Group is the industry's leading provider of third-party testing and validation services for IT products, services and components. Tolly's expertise spans wireless, storage, virtualization/thin clients, switching, security (including but not limited to: endpoint security, NAC, mobile security, backup and recovery and deduplication), networking, and cloud services. For more information, please visit

About SiteLock

SiteLock, the Global Leader in business website security solutions, is the only web security solution to offer complete, cloud-based website protection. Its 360-degree monitoring finds and fixes threats, prevents future attacks, accelerates website performance and meets PCI compliance standards for businesses of all sizes. Founded in 2008, the company protects over 6,000,000 customers worldwide. For more information, please visit