I've used Webroot Endpoint Protection for a little over two years. I've found every aspect of the product to be excellent except (and this is a big except) actual detection of threats, and client speed on OS X systems. Webroot allowed several common worms through at my client's location, and did not detect them on a standard Windows 7 installation, even on repeated scans, after I was able to confirm that the infected downloads and compromised .dll files were within the scope of protection. Needless to say, this did not inspire confidence. I wound up using a Kaspersky live stick to remove the infections, and installing a realtime threat detection system using Suricata and ClamAV to meet the data security needs of our clients and ensure we were meeting the obligations of our contracts.
Very easy to use and deploy, administrative console allows excellent granular controls of client privileges, scope of protection, and endpoint groups. Integrates with Windows server products for deployment (though I use Samba instead, so this was not an option), and provides a centralized point for administrator notification and action when compromised/infected systems are detected. Client seems relatively fast and works on multiple platforms, though see below re. OS X.
In my experience, Webroot, though the exposed end is fast and well-designed, does not reliably block or detect common threats. This is obviously a Big Deal in a product billed as enterprise-grade antivirus/antimalware. One employee at the affected client's office was able to download three separate third-party software installers containing malware payloads on a Saturday, install them, and work for a full weekend before I arrived back on Monday to complaints that her machine was being "slow and weird". I discovered that Webroot, though fully deployed and set to monitor downloads, warn on browsing, and scan the affected directories, simply had not alerted on anything. At that point, it doesn't matter how beautiful the interface may be: antimalware software which lets common malware through is essentially useless. Also, while there is an OS X client, it's buggy and slow. It causes problems with network browsing and network virtualization with both VirtualBox and VMware Fusion, and it results, for some reason, in systemwide UI slowdowns, which suggest to me that there may be some elemental problems with the codebase: use of deprecated APIs, memory leaks, etc.—not usable.
Time used: 1-2 years