McAfee ePolicy Orchestrator Reviews

It is an endpoint protection product. You use it to centrally manage security policies and push out configurations, then you manage the antivirus on endpoints.

We use the on-premise deployment model.

If you're talking about endpoint, you have virus detection, behavioral-based detection in advanced threat detection, and even have host-based firewall, etc. Each of these would be a separate product that would integrate into the endpoint solution. From a cost perspective that would scale pretty quickly, which is not cheap. Also, it creates management overhead. We have to administer and configure it separately with a separate lists of policies. This is where it gets a bit complex, but it gives us the power to do things very specific. 

Once you understand how to use it, it becomes easy to use.

I have used the product for four years.

The product is solid. It's a bit of a beast. We've used it in a very large environment where we manage around 150,000 endpoints, and it is able to cope with the load. It helps that our architecture around it is pretty solid. So, it works like a charm. 

There have been some issues with bugs and things from a functionality perspective. However, there are issues with everything.

It will become stable. We have had very specific issues. I am not blaming the product, as it could be the way the product is configured. There have been bugs and utilization problems where it may not be compatible with a certain operating system. You might find that there are certain processes that are just chewing up a lot of memory. There are known issues and errors. Things that do exist. We have seen this things quite often. It's just a matter of McAfee releasing a hotfix or stable version, which then needs to be tested and deployed correctly. We've been seeing quite a few of these.

These are systems with developer workstations or developer system services and are highly resource heavy. So, the API always has an impact.

It is scalable. We have 150,000 endpoints using an agent handler in between. The scalability does require us to do a lot of planning for things, like bandwidth. The problem is with the complexity. If one thing breaks, it can also impact a bunch of other things.

It serves a purpose. If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good.

While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service.

Struggles like this impact the experience. If you have an issue, you want to get expedited within a certain amount of time. Sometimes, it just takes longer to get things done.

It's easy to deploy. This does depend on the complexity of your environment, and it depends on how you set it up. You can make it as granular as you want. 

It is not something that's very easy to administer. You have to go for a course with training modules. Once you understand how to use it, it becomes easy. For a beginner, it's not that easy. It's a very complex system. If you know what you're doing, it becomes easy.

You get what you pay for.

McAfee tries to package different things into different products, then sell them as different products with different licenses. They just split everything up into multiple things. That's just their sales pitch and how they do it.

It does provide a lot of functionality. 

ePO Cloud takes away a lot of the management administration overhead. Though, I haven't tried this feature.

We use McAfee Antivirus in our organization, as it is one of the best antivirus solutions on the market.

We manage all of our endpoints centrally from the McAfee ePolicy Orchestrator console. We send signature updates and software updates to all of the agents that we are responsible for.

It is difficult to imagine the workstations without Antivirus protection. In this cyberworld, McAfee is the best software to protect our machines. Before we had antivirus protection installed, we saw daily infections in our organization. Now, McAfee is helping us to clean all of the viruses from the machines, protecting our desktops from the latest threats.

We use McAfee Threat Prevention and McAfee Adaptive Threat Prevention for protection against viruses. There is also exploit-prevention support. The McAfee Web Control module is one of the best solutions to protect users from online threats.

The features we use are:

• DXL (Data Exchanger Layer)
• Threat prevention
• ATP (Adaptive Threat Protection)
• Web Control
• Firewall

McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers.

Threat detection capabilities should be increased for both viruses and other threats.

Two years.

We did not use another solution prior to this, and we are happy with our choice.

Compared to other Antivirus products, the cost of this solution is a bit high.

In my opinion, this is the best product. Please go for it!

With this solution we use ENS with DLP. DLP works in controlling data protection when transferring data from PC to USB, USB to PC. We also use it for read-only access for hard disks. In DLP we have many options which we can work with.

Currently, we are using it for the clipboard, where we cannot capture screenshots from the PC screen, as well as for USB locking/data transfer, and the hard disk protection.

It has secured our environment. We have over 200 machines.

It is protecting us from USB-based hazards like viruses. Previously it was only for blocking USBs. They have added more features, like network protection.

Originally, we were only using it as a security platform to block USBs and as an antivirus product. But in the last six or seven months, we've been trying to enhance things and use more of the features in it. In that time we implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC. 

We also implemented read-only access to the secondary drives, the D drive, C drive, and E drive.

Three to five years.

It is stable.

I have opened a few cases with technical support and their support is good. It depends on what type of contract you have with them. If you have an Enterprise Support contract, or a Platinum Support contract, they do provide very fast support solutions. If you have basic support, it will take one or two days.

It's a little bit complex to configure it, but when you start using it, it is much easier. There are many policies that you need to create, and in three or four places. When you assign the policies then it starts working.

In terms of an implementation strategy, we need to get the requirements from the customer. It depends on their requirements. You have many options, many features. It depends on what you want to configure. If you're looking only for a particular part, only DLP for example, it depends what you need within that. But for DLP it will take about one day to finish.

Do a PoC with competitors' endpoint protection products. But compared to what McAfee has, I don't think other products have as many options, as many features. If you want to protect data, DLP is a good option.

In terms of scalability, they're introducing more and new more features in ENS, Endpoint Security. If a ransomware attack happens, you can roll the encryption to its previous position. This is what they are implementing, according to their articles.

For maintenance of ePO, one guy is enough. If the server is ready, if the database and the platforms are ready, one guy can oversee the product. But you still need someone who is strong in SQL and someone who can install operating systems.

I have not compared this product to any other product. If I had then I could rate it properly. But, overall, it's good, it's not a bad product. I would rate it at nine out of ten. The product has everything I need.

I use McAfee as a solution to monitor our network log systems. I monitor logs and use it to be able to report incidents and get better internal vision. 

The DLP feature is great to have for our users.

There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates.  

There have been some problems with monitoring the logs. It's not very user-friendly. 

One to three years.

Stability is fine. I haven't had many issues with it.

Scalability is fine. We have around 600 users. We required two or three staff for maintenance and monitoring. They're security analysts, and junior consultants.

Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time.

The initial setup was not straightforward. It takes time to deploy and configure. 

I have not had too many problems with this solution. It works fine. I really like the DLP feature. There are no database issues. 

I would rate it a nine out of ten because it gives IT clarity, it doesn't have database issues, and it hasn't crashed or given us problems in the two years we've been using it. It's a great tool.

It allows us to detect rogue devices, then to subsequently force policies on them to protect our system from them.

The only feature worth mentioning is the rogue devices detection. This helped the company manage new laptops joining the network.

I am not familiar with the newer versions, but the biggest issues we had with our version were false positives and performance degradation.

I used it for four years.

There were no issues with the deployment.

We had no issues with the stability.

We had no issues scaling it for our needs.

Customer Service:

In my experience, the level of customer service is very good.

Technical Support:

Technical service is very good.

I came into the company and started using McAfee ePolicy Orchestrator. The previous solution was F-Secure.

I have managed the setup to new servers (kind of a migration). I will admit that it was very straightforward. My policies were easily accessible and managed.

We implemented it with our in-house team.

The replacement for McAfee was due to pricing. It is common in the antivirus space to have price wars, though.

I am not familiar with the latest versions, but I am sure they have been improved. From a management point of view, ePO is one of the best solutions out there.

I like the following features:

• Centralized virus signatures and patch updates.
• Reports of signature update status.
• HIP management and automatic product deployment.
• Allows virus signatures and VirusScan Enterprise patch updates via McAfee agents installed on the user's PC.

Before this solution, I had to do the following:

• Set up daily virus signatures and product updates on each PC in the office. These are the configurable parameters in the McAfee VirusScan Enterprise application.
• Perform regular spot checks on some PCs to make sure the virus signatures are being updated. As the number of PCs increases, I needed to find a solution to handle this task.

With this solution, all I have to do is install the McAfee Agent on a PC. When the McAfee agent communicates with the ePO server, ePO checks if VirusScan Enterprise is installed on the PC.

If it is not installed, it will start the deployment, patch updates, and virus signature updates. The ePO server is configured to send me a report of virus signature versions and VirusScan Enterprise patch levels of all connected PCs by email on a daily basis. This saves me a lot of my time, as I don’t have to check this information on all PCs manually. I end up with a beautiful report to show my auditor about how the anti-virus software is implemented.

This solution reduced a lot of effort to check and confirm that all PCs are running the latest anti-virus signatures and patch levels. It also helps the IT admin to find the mapping between the logged-on user ID and the PC name which Windows AD doesn't provide.

I would like to see the solution provide a function to roll back patch deployment and alert the administrator about which system is not supported per patch level. It should retain all previous patches in the system to support legacy systems, including the latest patch that was checked in the system.

We have been using this solution for over six years.

The system is quite stable and works as expected.

There is no built-in or easy upgrade of the system. When I upgraded the system from a 32-bit version to a 64-bit version last year, I basically reinstalled the whole environment.

The initial setup is very straightforward. The IT administrator can install and setup basic functions of the system without a user manual.

However, for some complicated functions like drive encryption, it is better to read the user manual before deployment.

Make sure you understand the following:

• The license terms and how they are applied to the user or device.
• What products are covered.
• The dates of the license period.
• Whether or not the agreement will be automatically renewed with an increase in price.
• Whether the price is different when running on a server or on other special devices.
• The support SLA and if there are any additional charges if the problem is complicated. If you do this, you won’t be surprised when you call support.

I would suggest the following:

• Set up a test environment. Test all products you are going to deploy on all platforms you have before actual deployment.
• The testing environment should be retained since new patches may impact some legacy systems.
• Plan your implementation and application deployment. Write down all parameters you put into the system configuration. Link this with Windows AD for user authentication.
• Prepare your SMTP server for an email setup alert.
• If you are going to use it to manage McAfee VirusScan, make sure you set it with up-to-date virus signatures from McAfee, at least on a daily basis. This is not enabled by default.
• Consult your IT vendor for best practices.

• Centralized management
• The scalability
• The report engine

I made an MSS (Managed Security Service) solution based on the ePO and McAfee Endpoint products.

This was before all the vendors made it themselves, and when I researched the major vendors, this was the best product for the project.

The fact that it uses MSSQL, and cannot be deployed on anything other than Windows, can be a problem. The system can get slow at times when you do big searches and reports.

I've been using it since 2007.

We had some issues with deployments as this product was not made to be set up as an MSSP solution but we had a lot of help from McAfee, and fixed them all.

The problems with stability as never in the ePO but in the Operative system (Microsoft Windows) and the database server (Microsoft SQL).

The scalability is very good.

Customer Service:

We were a McAfee EMEA Premier Managed Service Provider at the time, so we had no problems getting the support we needed.

Technical Support:

10/10.

F-Secure, but their product did not scale, and there are so many more endpoint products, that the ePO can handle than F-Secures Central management system.

It was not the easiest projects I did, but with help from McAfee it was not that difficult.

We implemented it in-house.

We were a managed service provider, so the licensing was not what most customers have. We report in what we use, and pay after.

We looked at several options.

If you use any McAfee endpoint solutions in the enterprise you need to use the ePO, as there are no other options.

Easy interface, reliability, scalability, built-in reporting.

We integrate more and more client computers from different supported businesses across the globe into a single ePO environment managed by a single support team, thus reducing support staff and unifying security policies across organization providing the anti-malware protection to the endpoints (both to servers and to workstations).

a. Reporting: The pre-canned ePO queries can be improved

We use different versions of McAfee ePO for the last 10 years (v. 2.5 through v. 4.6).

No

No

No

Customer Service: GoodTechnical Support: Good. However there is no definite SLA when a complicate issue is escalated to McAfee Level 3 or to McAfee software developers.

We used to use Computers Associates AAO software till 2003. The McAfee manageability and price was much better.

Straightforward

We invited the vendor team. I’d rate their level of expertise 4 out of 5.

I like McAfee ePolicy Orchestrator software. It is great centralized security management software that allows management of various McAfee products on the client computers. McAfee ePO makes risk and compliance management in the organization simpler and more reliable.

Automatic workflow remediation

By setting up automatic workflows for specific tasks by the use of property tags there is less hands on intervention needed.

Although it has the ability to auto create service tickets, it needs to expand to allow more products this ability. It also seriously needs a better way to direct connect to remote users not located within the network.

12 years

Yes, someone who doesn’t understand their environment and the configuration needed cannot just turn everything on and let it go.

No

No, we were able to scale this from a single location within the US of 100 endpoints to 5,000+ globally within a week with only 10% of the systems having a problem that needed to be addressed because of a specialized configuration.

Customer Service: 8 out of 10Technical Support: 8 out of 10

Kaspersky, the management console is very cumbersome and difficult to manage and doesn’t allow for the fine grained control of ePO.

It’s straightforward until you get to some of the advanced components such as a DMZ and agent handler deployment.

In-house, I personally did the implementation, configuration and management.

Saves a company 20 man hours a week. The true dollar value ROI is going to be based on the cost of the product for a particular company, since that can vary depending on the negotiated contract terms.

This product will take 40 man hours for setup, configuration and deployment once the environment information is gathered.

Yes, Trend Micro

There is no other product out there with the control and overall security components that can do what ePO can.