Unfortunately, the security product is only one third of the needed requirements for safety and security. Nothing is 100% all of the time.
The other third is taking the time to update and patch all of your programs to prevent as many vulnerabilities as possible. Some of those vulnerabilities are in the browser, before it even hits the machine or the security software.
The final third is user interaction. If the user does not take the time to understand how malware works, changes and is injected, the user is going to click the wrong link, respond incorrectly to the threat, or fail to take it seriously when infected.
the user has to take responsibility for the security of the machine. It can't all be laid at the door of the security developers to protect users from themselves. God knows, they all try.