Symantec Endpoint Security Reviews

We're a large company with half of our business in the UK and half throughout the rest of Europe. We deal with about 13 countries and I work from Serbia. Our business focuses on train and bus transport, and sometimes ferry services. We're using the solution to mitigate security risks. We were considering solutions for endpoint protection and decided to go with Symantec for our work stations and servers. It offers anti-malware plus a firewall and some other functionalities. I'm an IT manager. 

I like the antivirus and the local firewall that the solution provides. It's user friendly with a good dashboard. 

I'd like to see a full anti-ransomware solution because there are some anti-ransomware functionalities that would assist us if they were included in the solution. 

I've been using Symantec End-User Endpoint Security for about six years.

The solution is very stable. 

We're not a big business in Serbia but scalability is easy. We have around 160 workstations and about 130 users. 

We have a contract with the local Symantec partner in Serbia so we can speak to them in our language. The support is very good. 

The initial setup is rather simple. 

The license for this solution is purchased on an annual bases. The price could be cheaper but it's not too bad. We also pay for technical support which we get locally here in Serbia.

Symantec is not the only endpoint security solution that we actually have experience with but I would recommend it. I think it's one of the best solutions currently on the market.

I rate this solution an eight out of ten.

We are service providers. We use this solution for endpoint response and detections.

We use this in the banking sector regularly.

We also use it for automatic threat protection and for DLP (Data Loss Protection).

After selling this product, what we have observed is that the system gets slower, which is a major issue.

We would also like to see better pricing. It's almost double when compared to other products.

I have been using this solution for more than seven years.

We are using the latest version.

It's a stable solution.

It is scalable. If you get the proper licenses then it scales well. There are no issues with scalability.

We are service providers with many different clients. Some of our customers have 100 users, whereas others have 200, and even as many as 300.

We have completed several installations but have never contacted technical support.

We do a direct installation. It is cloud-based and we can create a diary on the Symantec site.

We create the ID and download the client package.

It can take five to seven minutes to install per node.

If it is in the same network, we don't require much manpower to maintain it. All of the usernames and passwords are in the system. We can deploy remote deployment and installation.

Symantec is expensive. 

When compared with Trend Micro and Sophos, it is expensive.

Customers are required to purchase a license.

We recommend this solution to others who are interested in using it. In some organizations, it is compulsory to use Symantec.

I would rate this solution an eight out of ten.

The primary reason we use the solution is to protect the device and to be sure there isn't any kind of malware. The device is protected from any kind of malware is the basic level of the solution. We use the control applications to blacklist applications that we don't need to use, and that we have blocked on the Microsoft group policy. We use the antivirus to do the same thing. That way, if the final user tries to install any non-approved software, the antivirus removes or blocks the application.

The protection against any kind of malware is the most important feature of this product. It really helps to keep the operations system clean.

The product has been quite stable.

We've found the scalability to be very good.

Today, it's just a question of understanding the update package of the operating system as the antivirus software in and of itself is not enough.

This is due to the fact that if I have not updated Windows, I have a huge breach of security. The idea for us, from our point of view, is that the antivirus needs to understand how if Windows is safe. If the operating system is safe, the antiviral has less work to do. From a security point of view, both of them need to work together. It's not just the task of the antivirus to keep all the computers safe. The operating system needs to be updated too.

The operating system and the antivirus need to communicate better with each other and exchange information so that I know everything is secure. It needs to be more clear when things aren't aligned and need to be repaired, in order to avoid the risk of a security breach.

The technical support could be a bit better.

We've been using the solution for just about a year or so. I'm quite new to the company. That said, it's my understanding that the company has been using the solution for about six years or so.

The stability is very good. It's reliable. It doesn't crash or freeze. There are no bugs or glitches. It's quite good.

We have no problem with scalability so far. We are a growing team and company and so far it's been growing with us. It scales well. 

As of today, we have around 4,000 users, however, we are still growing.

Technical support is a bit of an issue. In Brazil, when we need technical support we use a partner. Every time that we contact Symantec, it will take a long time to get the answer. The primary contact is the partner who implements the software here. It's a local company from Brazil that handles all the support information and services for us. We just needed to make contact with Symantec one time however, the answer was so long that the partner got the answer to us first and therefore we really stopped trying to directly reach out.

We don't have too much trouble with deploying the solution. 

We have a policy software that controls all the policies and deploys with the software. I really don't know too much beyond that, however, as we have a security team that handled the installation, deployment, and maintenance. I haven't heard anything negative, however, which makes me assume everything is very straightforward.

We pay a yearly licensing fee. The fee was paid last year, however, I don't have access to the exact costs. It may have been renewed before I started working with the company.

Today, we are looking at Kaspersky. We want to see if it can handle dealing with Windows updates in a better way than Symantec. They have some interesting features that take a pretty deep look inside the Windows system in order to protect it. We feel the antivirus needs to go farther into the Windows system and down to the endpoints themselves and really take a look around in order to effectively protect it from attacks. We're currently searching for more information to see how Kaspersky stacks up.

The pricing is also quite different between the two solutions and this may affect our decision as well.

We're just a customer and end-user.

I'm finding that, in Brazil, Symantec's services need to be closer to the customer and the antivirus itself is not enough for an IT department to keep the company safe. It can't just protect user data. It needs to go further and protect all of the company's devices and software. 

I can have the best antivirus software, however, we find that if our Windows disk is not updated or has a security branch, something can attack the security branch in the Windows and sometimes it's a virus software. That's why Windows needs to work more closely with this product - or any antivirus.

In general, I would rate the solution at an eight out of ten.

We're primarily using this solution for our workstations.

The product is a good antivirus in terms of the fact that it can do real-time scanning and scheduling. We can plan scans for the weekend. We can also control it on the server for all the clients it manages. 

The solution gets real-time updates of virus definition files from the internet. If there is any malware attack or something, then it can immediately download and apply it to the clients.

The initial setup is straightforward.

The pricing is pretty good. We don't find it too expensive to have in our organization.

We've had some issues with the performance. There have been some minor hiccups. Now it's better. Initially, it had some issues, not for all, but some of the systems only. We had applied a fix that was released in the 14.1 version. By 14.2 they fixed the issue. Ever since we applied 14.2, it's good.

During the scanning time, it could be less intrusive for the users. Right now, it's not exactly working quietly in the background.

Technical support could be more responsive.

I've been using the solution for six years at this point. It's been a while since we began working with it.

While we've had issues with stability in the past, since version 14.2 it hasn't been a problem. We no longer have issues.

The resources can be expanded with more load and all, however, I'm not sure how scalable it is in terms of expanding it.

Internally, there are likely 800 users that use this product.

We've dealt with technical support in the past. They are okay, however, they could be faster in their response time. We're not fully satisfied with their level of service.

We didn't previously use a different solution.

The initial setup is not too complex. It's pretty simple and straightforward. A company shouldn't have too much trouble with the implementation.

The installation of the server would have taken few hours, however, on the client site we attracted an automated installation, so it deployed from the server and we can pose the agent to the server from the client.

We had a manager and two consultants that handled the implementation.

We had a consultant assist us with the client.

We need licenses to use the product, however, the pricing is reasonable. It's not too expensive.

I'd recommend the solution. I'd rate it at an eight out of ten.

We use it for endpoint protection at the desktop level.

The antivirus and antimalware features are good. Reporting is also pretty good.

The platform itself can be improved as there's no way to track how infections get into the organization. You're just notified if there is an instance. Still, there's no way to actually determine a workflow of how it actually came in, how it was executed, and how it was distributed within the enterprise if indeed it did migrate or propagate through.

It would be really good if they had a proactive feature to isolate the node with the agent on the endpoint when it sees some type of erroneous behavior and knock it off the network. Then it can't probably get onto another node. You can usually do that with a policy setting.

It'll also help if they give us more of an explanation of what the malware tries to do once it's on the network. For example, if it's trying to call home to a specific IP or domain. We can use that information to beef up the firewall rules.

Case in point, we had an issue where we had a machine that was affected. It immediately tried to find other machines on that network segment with the same vulnerability to infect that particular node. There was no way to lock that node down immediately when you see something out of the ordinary.

I have been using Symantec Endpoint Protection for about 13 years.

Stability has been fair. There have been some issues with the CPU utilization on some of the endpoints. A little bit of a resource hog, but we've been able to work through it for the most part.

Symantec Endpoint Protection scaled very well. It's actually very easy to use.

The initial setup was very straightforward. It probably took an afternoon or maybe a day to install and deploy. 

I implemented Symantec Endpoint Protection by myself. 

We usually go on a per-seat basis, and it's usually yearly. The prices fluctuate, but this year I think it was maybe around $12,000. If you're looking at the on-prem costs for the virtual server and the licensing for the server, that would be the only extra cost.

Symantec Endpoint Protection is very straightforward to implement. The installation of the septum server on-prem is very straightforward, and you can push the radio to your endpoints almost instantly. 

On a scale from one to ten, I would give Symantec Endpoint Protection a six.

The use case for the solution was basically this: any computer or anything used for any sort of official business needed to have endpoint protection and needed to have some sort of antivirus protection. The thing was somewhat more than just an antivirus, it also included a firewall that operated in addition to the Windows or Mac firewall.

The university policy basically required that all endpoint devices used for official business have to meet certain requirements and one of them was to have an antivirus.

The solution probably caught some malware a certain percentage of the time and that helped the organization. By the time we abandoned it, it was actually less effective, at least on Windows 10 machines, than the built-in antivirus that you get with the Windows 10 Defender Antivirus. It became, in the end, sort-of a liability.

It also became a liability when the company was sold to Broadcom. The name is actually different now. I don't think it's called Symantec Endpoint Protection. It's called Broadcom Endpoint Protection. We had a very difficult time even getting in touch with the technical support from that company, especially after Symantec was sold. It wasn't a very robust solution.

The solution detects malware very well.

It wasn't a very good solution overall, which is why we ended up replacing it.

Most organizations are choosing a next-gen antivirus, one that's based on artificial intelligence. Symantec Endpoint Protection was one of those legacy products that have been around forever. Symantec was a spinoff from Norton. Norton Antivirus was one of the very first antiviruses to come out in the 1980s. Symantec was very highly rated at one point in its life. It never really caught on to the new trends and antivirus protection. And so it still relied on things like a database of virus signatures that would need to get downloaded and then files would be checked for those signatures.

Modern antiviruses don't do that. They're based on behavior. They're based on intelligence algorithms. They're honed by artificial intelligence and machine learning from data collected all over the world. And so for that reason, the next-gen antiviruses are much more efficient at detecting viruses. They also take up a lighter load on the computer.

Next-generation is behavior-based detection rather than signature-based detection. Symantec tried to be a hybrid between the two. It had a behavior-based component called SONAR, however, it was still mostly a signature-based software antivirus application. For that reason, you can never keep up with all the mutations and viruses, and you can't keep up with malicious behavior that isn't based on viruses. Things like downloaded PowerShell scripts, things that computers can do with the components that they already have without needing to put any virus on the computer. A lot of malicious attacks, government-backed attacks, don't use any kind of foreign software. They take advantage of vulnerabilities within existing operating systems like Microsoft Windows or the various versions of Linux or the Mac operating system. They don't need to put additional software on the computer to compromise them.

That, in a nutshell, is why we switched to a next-gen antivirus. Next-gen antiviruses have probably been around for about five or six years. Some of the old companies made the transition to them seamlessly. Symantec didn't. It remained wedded to the old technology and that made it, you could say, a has-been.

I've been using the solution for many years. It's probably been about ten years at this point, at least a decade.

The stability was not the best. There were times when antivirus updates broke it. It wasn't necessarily self-updating - at least, not in terms of the virus signatures. It updated in terms of the executable files. Therefore, when Windows updates would come out, they often couldn't be installed, or the computer would hang due to the fact that the updates weren't compatible with the antivirus. I give it pretty poor score for robustness.

It was scalable just due to the fact that had to be installed individually on individual computers. For the unmanaged workstations, it was as scalable as you wanted it to be. There was a new download and a new install on a new computer. There are no limits on that. I'm not sure, however, how true that is, as it wasn't within my area of responsibility. I'm not sure if the managed work points overloaded the servers that were meant to monitor them. I don't think that was the case. The scalability was probably pretty good there too. I never heard any complaints about it not being scalable.

We likely had between 10,000 and 20,000 users on it. The roles would include, since it's a university, students, faculty, staff, and researchers. That pretty much covered the type of people that work at a university.

We don't plan to increase usage as we've completely phased out the solution.

Once Symantec was sold to Broadcom, it became very difficult to reach out to technical support, and they just stopped being responsive. By the end, we were very unhappy with their level of support.

I've been at the organization for 21, 22 years. Originally, before we had Symantec, it was McAfee antivirus. We had that up until maybe about 2010 or so. Now, we are using CrowdStrike Falcon.

The initial setup was not complex. It was simple.

The deployment was always ongoing due to the fact that, as a university with something like 16,000 employees, computers were getting bought and repurposed all the time. The initial rollout was in fact not a managed version of the antivirus. It was just a standalone version that users could download from a website when they provided their credentials. After that, they would just double click on a downloaded file and run the installer and they'd have the antivirus.

However, it was completely unmonitored. The antivirus program on their computer was not sending its data anywhere. It couldn't be helped by anyone remotely to do its job of protecting the computer.

Therefore, almost all organizations now want to have a managed antivirus solution where there's software installed on the computer, but it communicates with the cloud, and IT administrators at the organization can control this behavior and learn from it.

In terms of the staff required to handle the deployment and maintenance, there was probably the equivalent of maybe two to three full-time staff that were dedicated to antivirus endpoint protection issues. 

We handled everything ourselves in-house. We didn't need the help of a consultant or integrator.

We pay on a yearly basis. However, I'm unsure of the exact amount.

We did evaluate a number of other vendors. We entertained some RFPs and we did testing on four other competing products. There was one other competitor that was close. The main factor that tilted us toward CrowdStrike is that they did make a last-minute significant cut in price to their offer. I think they reduced it by something like 30% or 40%.

CrowdStrike has been in the business longer and is a bigger company than the runner up as well. To us, that mattered. If there is winnowing out of competitors, if the market actually shrinks and there are a few big players in five years, we want to be sure that we're with one of the big players that are going to make it.

The solution is a kind of a mix between an on-premise managed server that managing some machines, and other machines just had an unmanaged client that was distributed to students. It's not actually a cloud, it's a server. It's an on-premises server. It's not a cloud-based server that is being used. The antiviruses report to the server and policies can be set on the server.

I'd advise users to be aware that there are better solutions out there than this. I've learned that technology can change and your solution may be great now, but in a few years, it may drop to the bottom of the barrel. That's what happened here.

I'd rate the solution one out of ten. In order to get any sort of higher rating, they would need to start it over again from scratch. Instead of trying to make a legacy product better, they should abandon it and invent a new product.

The primary use case for this solution is to protect all endpoints in a complex enterprise environment, including it's servers, workstation, Citrix-based systems, includes Windows, Linux and Macs. We're a small company, under 50 users. But we deploy Symantec to companies that have from a few hundred to dozens of thousand users, therefore I have extensive experience with the product. We are partners and resellers and I'm a senior professional services engineer. 

All the features are great with the core being antivirus, spyware, Artificial Intelligence and Advanced Machine Learning, and capabilities like reputation analysis based on their huge footprint, firewall, IPS and device control are very useful at protecting the environment. Unfortunately many companies just use the basic, out of the box solution. Even when they turn on the firewall, they will use it just with its default settings, but if you really learn how to use it and deploy it correctly, it provides much more protection. With Symantec adopting the AI and many of the new protection features like file-less attacks and other modern technologies, it's very attractive and makes a big difference. EPPs by nature have so many parts to it, they can be daunting, even to those with experience, but once deployed it's quite easy to use.

This is a very complete solution. It has all the pieces that you need. Like many companies, Symantec also sell an EDR solution, and it is a feature you'd want to add to an endpoint solution. 

I think Symantec, like many of its competitors, doesn't have comprehensive built-in reporting. The product keeps improving, but reporting and alerting is not keeping pace, and these are critical.

I've been using this solution for about 13 years. 

This is a very stable solution. 

In terms of scalability, it's one of the best out there. I did a project for a major hotel chain that also has rental properties. Some of these places have five users, and then others have 200 users. When you deploy in a company like that, scalability and the ability to protect remote places without having to put a server out there, is critical. And Symantec just really scales up. It's very efficient. It can be used in a company that has a lot of remote users, like oil companies with remote locations. It's a solution that allows you to support a worldwide company that might have offices in dozens of countries, and it just works.

The technical support is similar to other companies. You're assigned a low level guy on your first call. We don't have issues with the basic things, it's more about the bigger problems so we always have to escalate and they do a good job of it.

The initial setup is super easy. Deployment is faster than in other solutions but it still takes time. It needs to be done in steps. You initiate it with a test and pilot to discover false positives or whether it might be blocking things or creating an issue on your network. A lot of companies have custom code programs and typically any EEP would trigger false positives. The companies we deploy to are generally medium or large so you have to be strict on your load because the impact can be brutal if not done right. You then carry out an expanded pilot and once you're satisfied that it's not going to bring your network down, you deploy it almost at once. You go from deploying it to 25 endpoints as a test to maybe 200 endpoints as an expanded pilot, and then you deploy it to 5,000 computers over a relatively short period of time.

We generally offer up to a six-month window for implementation and it usually takes between two weeks to six months to fully deploy. The process isn't difficult, you just have to be careful. You can deploy all the features in a month if it's a small environment including all the testing and pilot phases. 

My understanding is that the price is quite good and competitive. My advise is to invest the necessary time and effort to deploy it correctly and with minimal disruption. In the enterprise arena, if you don't have the in-house expertise in the more complex areas of the product do your organization a favor and get expert assistance.

Many, there are numerous great solutions in this market and they all offer great protection. The differences are in the feature sets, some for example don't have firewall, device control or Intrusion Preventions, or for example don't have the scalability required to deploy to companies that have hundreds of remote offices that have a few computers and hardly any bandwidth, and they can cause bottlenecks.

It's like any enterprise solution, it needs to be done professionally. People complain about Symantec, claiming it's messed up their system but I've deployed it to hundreds of places of all sizes and have had few issues. The problems are self-induced because the people deploying didn't know what they were doing, and didn't understand the solution. They didn't do the pilot, they didn't do the best practices. And so something happened, messed up the system, and created problems, and they blamed the product. 

This remains a very viable solution. There's a lot of sexier stuff out there, but Symantec brings a lot to the table with their introduction of AI and the latest technologies. They continue to be a well-designed system that just works. 

I would rate this solution a nine out of 10. 

We use the product as an antivirus solution and install it on every end-user machine.  

I think Symantec is a good antivirus solution. There is not really a specific feature that I think stands out. If you consider the protection as a feature, I would say that antivirus protection is the most valuable feature the product has.  

We have had some problems with the Symantec solution. The problems were bad enough that I was compelled to start to research into other products. The biggest issue was the whitelisting feature. The Symantec software has a feature that detects certain things as malicious and it takes care of the issue. It is supposed to do that. Sometimes the things it flags are not real issues — they are essentially false positives. Sometimes there are things we want it to let through that it would otherwise flag. We put these things on a whitelist so they get allowed. We were having a problem keeping a particular file on the whitelist. It was an EXE and Symantec kept flagging it even when it was whitelisted.  

To fix the issue, we had to do in-house software development. We had to run some extra code. The process was not smooth and, in the long run, it basically did not work. The support by Symantec on the issue was of no further help and it remained a problem.  

A feature that seems to be missing from Symantec is reporting on external devices. For example, if a remote user gets a virus on their computer and they are accessing our system, I want to know. The Symantec agent should be checking this in the cloud and informing us that a particular end-user got a virus. I should get a report or alert somehow. The computer in question should be isolated — or something like that — to mitigate the potential of the threat. Instead, nothing happens.   

The enterprise product that we have now does not have that feature. Maybe Symantec has that feature implemented in other products, but I do not know about it. Maybe it is not there at all or maybe it is some type of cloud feature. But the end result is I have looked for the solution in the product, can not find it, support did not inform me that it can be resolved, and we are essentially left with a vulnerability. That is really not acceptable.   

I have been using Symantec Endpoint security for about 2 years.  

It is stable. We do not really have problems with the product crashing.  

Endpoint Security is not that scalable right now because it is hard to even get a new quote. It is part of the problem happening during the transition when they got bought up by Broadcom. The whole process of renewing and buying new licenses has become a pain. It takes forever to get a quote.  

On a daily basis in our company right now there are around 300 people using the product. The system is monitored by the system admin and myself. We have a cooperative situation.  

The Symantec customer support team is responsive by email. I would say it is between 80% to 90% effective.  

I have not used other antivirus products as an admin. The Symantec product was already in use at the company when I came here.  

I would say that the initial installation is moderately straightforward. It is not really completely straightforward and it is not really complex. It is somewhere in the middle.  

The deployment of the server takes more time, but I am not the one who deployed it. I do not know exactly how long it took. I am not aware of any surprises or difficulties with the deployment.  

The system admin did the installation without external assistance.  

I was not the one who implemented Symantec at our company. The decision was made before I arrived and I inherited the product.  

I am now researching products in consideration of deploying a replacement option for Symantec because it is not totally meeting our security needs.  

The honest advice I would have for someone considering this solution at this point in time is to move on. I say this because Symantec is being bought out by Broadcom. That may not be a bad thing on its own. Symantec has traditionally been a very good company and still was up to this point. But being bought by another company just means that there will be a mess because of the transition and integration between these companies and products. Developers of the product will be spending time focusing on that merger rather than core product issues. It creates a little bit of a mess that the client should not have to suffer through when there are other capable solutions.  

Another thing is that Symantec still needs to implement some features that it does not have. They have very good, strong protection, but they are behind other products on the market. There are a lot of more features they have failed to implement. Especially now when everyone is working remotely and with cloud products, the security does not seem complete.  

Maybe the cloud version addresses these issues. I have not used the cloud version because I am on the enterprise version and like in-house deployment. Our version is missing a ton of features that are very important to security especially in the current environment.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Symantec End-User Endpoint Security as a seven-out-of-ten. It is missing too much to be rated higher.