Trellix Endpoint Security Platform Reviews

I work for a company that is a McAfee partner. We sell the solution, and we have engineers that implement the solutions. Basically, I am part of the technical staff that implements the solution on-premise.

We use endpoint security for our clients. We configure policies to scan the computer every single day in some cases and every week or even every moment. Basically, it protects the endpoint, and we have policies to do advanced threat protection.

Thanks to the implementation of this tool, we have managed to avoid massive virus infection, have visibility into console events and be able to implement action plans to contain threats.

Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful. We use the firewall to protect the client's network or even blocks and some kind of traffic that the computer received. The ATP model, I think, is one of the most important features because it can protect the computer when an application doesn't work as expected. It will alert and send messages to the ePO, and we can see everything.

The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually.

I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.

I have been using McAfee Endpoint Security for about three years.

It's very stable. It works as expected, and I am very happy with this solution.

This is a very flexible product. It can be installed on a single physical or virtual server, or well installed on a windows cluster, and if you want to explore other modes it can also be implemented in the AWS cloud or as a SAAS.

In some cases, if the report comes from India or America, it's basically an open and shut case. But if the support comes from Latin America, you probably have to scale that problem to another area or another region. You need a person that has more experience with the product.

No. 

The initial setup can be both straightforward or complex. Some documentation on clients is very slow. Basically, we spent time implementing the ePO version because sometimes the database from the ePO is too big, and we need to do some things to the database to shrink the space, and it doesn't always work as expected. Sometimes, we have to follow one, two, or three steps to get the data and various scenarios to increase the number of steps because troubleshooting wasn't working.

If we implement MVISION, eventually, it would take around three hours because we have to install the software on the server. We have to do all the upgrades and implement some upgrades to the ePO software. Basically, it's three hours, but it can take five to six hours, depending on the data's size.

We implement this solution for our customers. If you are an engineer, and you have the experience, you can do it. If someone doesn't have experience with the OS, with Windows, or with the product, you might need specialized engineers.

For the issue of implementation costs, you require that the partner you use has qualified personnel to carry out this activity or you can use the professional services of McAfee, but these can be somewhat expensive.

Our clients ask us about other solutions like Cylance. I have one client that uses CrowdStrike. If you compare Cylance and McAfee Endpoint Security, the main difference is support. 

McAfee is excellent. You can ask any questions, and with a couple of clicks, you will find the answer to the issue. If you don't find it, you can open a support ticket. Sometimes, the McAfee solutions are very complex to configure. Just in some topics, but on the other hand, very simple to configure.

I recommend that the client needs to be aware of what McAfee can do for them. If the engineer can implement the solution, he'll just follow the book, and he's not going to get the best experience from the product.

To not impact the computer or the endpoint's performance, you need to finetune the policies. If the engineer doesn't have that kind of experience, you won't get the best out of the product. The client needs to get an engineer with a lot of performance tuning experience to get the most out of the product.

On a scale from one to ten, I would give McAfee Endpoint Security a nine.

We use this product for endpoint server protection and content security.

What I like best is the integrated end-to-end security that works with the security information and events manager. It's a complete suite.

Technical support is an area that can be improved because sometimes, the response time is a bit slow and the explanation is short.

We have been using McAfee Endpoint Security for three years.

This is a stable product.

McAfee Endpoint Security is scalable. We have approximately 3,000 users.

We have used technical support in the past and I find that their response time can be a little bit slow. Also, they provide less of an explanation than we expect.

At this time, we use the complete suite of McAfee solutions. However, we used to use Trend Micro.

The initial setup is pretty straightforward because it comes with the central admin manager. This means that it can be deployed or pushed from this console.

It takes a couple of hours to roll this solution out to about 500 users.

My in-house team is responsible for deployment and maintenance. There are three people in our support team.

If the price of this product were lower then it would be much more attractive.

Since the maintenance is done by our own team, the price of the subscription should really be cheaper.

This is indeed a premium product when compared to others.

Feature-wise, I am happy with this product and we have no plans to change it at the moment. It is a product that I recommend.

I would rate this solution an eight out of ten.

We currently have around 50 servers. We aren't really a big company but we have 50 servers which we manage. We use McAfee for the web filtering portion of it. For example, if a user is doing a search on Google, there's a risk-rating web content filter built into McAfee. This alerts us if there are any threats present. 

We have licensed McAfee ENS on a per-server basis. As of now, from memory, I think we have 56 endpoints running McAfee — 56 servers in total.

From the McAfee side, I really like the ePolicy Orchestrator software that allows us to manage all of our endpoints. You can create the deployment policies and whenever there is a new update — a new version of the ENS Agent, or threat protection — we could test it out in the evaluation branch, and even test it on some of our servers.

It's quite easy to manage. Quite intuitive. I would say the dashboard of ePolicy Orchestrator software is quite intuitive and quite easy to understand and manage. 

I have been using this solution for 15 to 20 years.

We have had some issues from the performance side of things, especially when we were deploying new types of software. Sometimes the consumption of resources from McAfee was a bit high. Afterward, these problems were resolved gradually in future versions of McAfee. From what I've read from the release notes, in regard to the handling of memory, McAfee has been doing a better job, which wasn't really the case in the early years. 

It's easily scalable. If I need to deploy the Agent over 800 endpoints, I just have to script it and run a group policy to deploy it to all of our computers on the network — it's quite easy. 

For day-to-day management and ongoing queries, if ever I didn't have the solution to queries, I would just raise the case to the case management section of the McAfee website. Then the McAfee support team would help me out.

I was definitely satisfied with the support team. I really can't complain. They always sent me the correct knowledge-based article and they provided really insightful information to help me find a resolution to the issue. 

At the previous company that I worked for, we used Symantec Endpoint Protection. Now, we are working with CylancePROTECT and OPTICS.

The main reason that we moved from McAfee to Cylance is that McAfee is still a signature-based product. We moved to Cylance, a signatureless-based product, where everything is updated. What I was doing, from an ENS product point stance, I had set reminders to myself and my team to update the Agent and look into the software repository to see if there were any updates every month.

Indeed, every month we had software updates and fixing restrictions. It wasn't good but I now have less of a hard time looking into this from a Cylance perspective as the Cylance library doesn't push one-minute software updates per year. I would say at most, two or three software updates a year, which is very, very small from a software update perspective in comparison to McAfee.

They're both good products. I'm not saying McAfee is a bad product. It's a very, very good product. It's mainly for these reasons that we moved to Cylance.

The ePolicy Orchestrator console is good, but from my side, I would say Cylance has a better artificial intelligence module — the OPTICS module which I would say is the way to go. I haven't really seen the trend in terms of what other companies other than McAfee or Symantec are doing, but Cylance is doing a really good job with this artificial intelligence module. It's great when it comes to notifying the team when it detects something malicious.

With McAfee, if there is a zero-day vulnerability, you have to download the patch for it from the McAfee website, then apply it to your endpoint. With Cylance, it's not like that. Each agent does it by itself — it's like a self-healing application. This is something that signature-based antivirus solutions like McAfee and Symantec didn't have until now, unfortunately. That's why we moved towards Cylance.

It's quite easy to install agents. Deployment and product updates are quite easy, as well. It goes without saying that it comes with some, I would say, low-level training and upscaling but these are easily retrievable from the knowledge base of McAfee.

We manually downloaded their AMCore versions to keep all our endpoints up to date. This way, whenever we troubleshoot the root cause of an issue, we still keep our endpoints as updated as possible and keep our environment safe.

When we installed the Agent — let's say I am building a new VM and new server. When you run the frame package, it's really intense. I would say it takes roughly two minutes to install, then afterward, to install the ENS modules, like the threat protection and web filtering packages, you've got to go through the ePolicy Orchestrator management console. I would say, all in all, it takes roughly 10 minutes.

To get it up to date, to download everything, all the packages, the software updates, and all of the AMCore DAT files as well as the virus definitions, it's quite easy. It doesn't take much time at all.  

For deployment, I worked with one external consultant.

Initially, when I came to the company, I didn't really have a background or any experience managing McAfee. I came from more of a Symantec background but I gained some knowledge from one of our external consultants who really had a deep understanding of McAfee products and their deployment. We had some training sessions and then I could manage the McAfee forum on my own. After a week's worth of training, I could manage McAfee on my own.

We had McAfee on a year renewal. We purchased it initially and then we renewed it on a yearly basis. I think the only reason we are renewing the license is for support reasons. 

I would definitely recommend this solution to others. McAfee is a good product. I worked with Symantec, but personally, I think McAfee is better.

However, in my opinion, now having worked with CylancePROTECT and OPTICS, I think  CylancePROTECT and OPTICS are on another level. Still, we have been working with McAfee for nearly 10 years and I feel it's a very good product. 

Overall, on a scale from one to ten, I would give McAfee a rating of eight.

McAfee MVISION is security for integrated VMware and OpenSite cloud solutions.  

McAfee is fine as an endpoint. We are offering the product to clients for data protection. It is not about this being a reactive solution like a firewall. There should be a shield of gateways, wherever possible, whenever this security solution can be implemented.  

The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers.  

Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution.  

Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve.  

Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible.  

What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution.  

This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward.  

If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.  

I have been using this type of product from McAfee since about six years ago off and on.  

I think it is a stable product. It needs to be more robust in identifying threats.  

It is a scalable, of course, as it is designed for enterprise use. It is scalable unless you do not configure it correctly and try to work with it without knowing how to do it.  

We have been in touch with the McAfee technical support. They also struggled with a problem we had with an infected server. I was involved in the contact with McAfee at the time when trying to resolve the issue. Ultimately, they did not have any solution for the problem and we ended up rolling back the server. In all that is a bit of a problem with the product and the technical support. Neither were optimal.  

The installation and implementation are the easiest parts of using the product. The real difference comes in how you want to optimize the performance. That is the key. Otherwise, implementation is not challenging.  

By optimizing the performance, I mean that you should not change the function of the basic purpose of a security product. If it is a firewall implemented on the network, that product should be providing the service without excessive expense or resources in performance. We are looking at the cloud solutions in the same sense. There can be performance concerns for products on the cloud. It is a known factor.  

Then the second point is all about the features and configuration. The question is about configuration management using tools on the cloud platforms. You may be using multiple clouds. You have to be sure you can configure it so the product remains secure across platforms. Security solutions should also focus on providing that rather than forcing users on to different products and having to manage multiple solutions.  

The deployment for McAfee MVISION Endpoint, after everything has been considered and all of the points have been taken into account, takes some time. Say we have got around 3,000 to 10,000 servers. The type of configurations can be critical. If the client provides a rule-based requirement, we have to go with their requirements. Depending on what needs to be configured, this can take more or less time. Each of the servers will take a certain amount of time to do the implementation. So the time estimate for the implementation has to include the customer requirements. Analysis has to be completed for each unique need.  

The maintenance is looked after by the client. It should not take more than five to six team members, even if we have a client with 3,000 servers. That is the number of people that we would expect once the product is properly organized and implemented.  

That should not be considered just an eight-hour per day effort. It needs to be serviced around the clock because the servers do not sleep. Deployment of people to maintenance teams is important.  

With the installation complete, the configuration done, and the maintenance team in place, using the product is all about monitoring it. A lot of intrusion detection is getting automated now, but not everything will be. Someone has to take some time doing analytics with the logs.  

We try to configure the solution to sort out many things. We have to work with what the client is expecting and configure for that level of load and to get proper alerts. The configuration will probably be ongoing as a part of maintenance and review.  

MVISION is intended as an enterprise product and it is priced like one. That is what I can say about the pricing. Enterprise organizations will be able to make the expenditure and it will not be practical for most smaller organizations. This solution is within the price range of competitors at the enterprise level.  

We definitely evaluated other products and continue to. We have to put our case forward for justifying our products and solutions within our company and with our clients. It has been an experience with the POC. Whatever the product and features, the cost-benefit analysis has to be taken in terms of leaky security. That may not matter for certain situations and products, but from our testing and experience, it will definitely matter for this product right now.  

Our company has to make a decision about whether they have to switch to a different product internally. If we try to become a partner with a certain company and begin to resell that to other clients, we can get a better price in a negotiation. This may affect the product we end up using.  

We definitely need to explore a lot. In this case, it will take a lot of time to consider the benefits of various products and cost-benefits.  

My advice to people considering this solution is that they should take a look at it. As of now, that is all I can say. I was not focused on working with all of the products within this category and, after a long time, I am working with them again. Just these last three or four months, I am back into evaluating the security solution sets more rigorously.  

I am not biased at this point and have to leave the possibilities wide open in order to make a good recommendation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee MVISION Endpoint as a five to six in a range of ten. The rating is not about the product being perfect, I am not rating it too high because the things that are missing are things that really should be a part of a superior endpoint solution already. They have so much to work on as of now with this product that it seems to be lagging behind. With their experience in the business, they should know these things are important. If you look into the other competing products of whatever brand, the competition has already released identity and access management. The new organizations in the category are coming into this field with all the latest innovations. As more of them do, they will create a challenge in the marketplace. McAfee is lagging a little behind and not moving quickly to keep up.  

We are a reseller and McAfee is one of the security solutions that we implement for our customers.

The cloud-based security and data protection features are essential for the work from home set up, because of the pandemic.

Some of the most valuable features of this solution are the ePO, centralized management, single control, and ease of management. 

The agents are easy to deploy.

For McAfee, as long as you have ePO it is easy to manage.

It integrates well with other solutions and I like their CASB and the Web Gateway, their cloud security.  Most of our clients are migrating to the cloud and they are evaluating cloud security solutions and data protection.

Endpoint resource utilization causes high levels of instability and that is something that needs improvement. Our clients are concerned about how it can affect their endpoints and do not want the CPU overburdened.

I have been working with this solution for four years.

The stability is good.

This is a scalable solution. Most of our clients are enterprise-level companies with 10,000 users.

My personal experience with technical support is limited, but we have a good working relationship with them. In the four years that we have worked with McAfee, we have found that the people behind this product are easy to talk to. No matter how complex the problem is, they will help you to better understand it.

Overall, I feel that their support is good.

The initial setup is straightforward and it is easy to configure.

The pricing is mid-ranged and quite reasonable compared to other similar products.

Being a reseller, we handle many different endpoint products and have evaluated several of them. When comparing to Symantec, for example, McAfee is better in that they have multiple agents and multiple consoles. We also work with CrowdStrike and Cylance.

Some of our customers prefer McAfee because they started with an on-premises solution, which is a good thing. Not every company is cloud-ready, yet. Some of them have hybrid configurations, where they have on-premises protection as well as cloud-based protection.

Price-wise, McAfee is less expensive than CrowdStrike or Cylance, although not as cheap as Kaspersky or Sophos. I would say that it is reasonable, for the feature set.

We have been working with McAfee for four years and the sales and support have always been good. It is not difficult for us to handle McAfee because they have always worked well with us.

I think that this is a good option for people working from home because it is easy to implement and deploy the agents.

My recommendation for anybody who is implementing this product is to have VPN access set up, adding to the security, especially when working from home.

I would rate this solution an eight out of ten.

The solution has three primary uses for us. 

Our environment is Windows-based. We don't have Mac and very little space for Linux systems. We use the solution on all of our Windows devices as a basic antivirus protection. That's our first use case.

The second use case for the solution is to be able to have USB restrictions on my endpoints. 

And the third would be the protection of machines when, especially now in this COVID-19 climate, users connect from home. There are a lot of network-based attacks. When users are connecting from other networks, they're protected from dangers with this solution

The manageability of the product itself is its most valuable aspect. You have the underlying EPO, and on top of it, you can deploy the various components as you require. This is unlike other solutions like Symantec where you have to deploy everything or nothing. With this solution, you can choose to only deploy antivirus or only deploy a firewall, or only something else. I choose the components and that deployment is done through EPO. It makes manageability very flexible.

There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging. 

The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread. 

I've been using the product for almost two years at this point.

I would say on a scale of one to 10, the scalability would rate at an eight. It's not perfect and there's room for improvement. However, it's generally been stable for us.

We've seen some versions of McAfee not functioning correctly. Then, suddenly, we had to put in a patch. Occasionally, the notes are not there and when we raise a ticket with the support they came back and say, "Oh no, no, this version has a bug, you guys will need to move to a new version."

The scalability of the solution is good. We've actually scaled up, so we can speak from experience. We initially rolled out to a smaller set of users and then eventually to our entire base. We've scaled up to about 15,000 users at this point. There were no issues in doing so. It's quite straightforward to expand outwards as needed.

Technical support I would say is average. A lot of times we've gotten standard responses from support. They don't really offer a solution. The responses that we have gotten from support is something that we have already tried or they'll simply tell us to move to the next version. That requires us to deploy to 15,000 users. They don't go out of their way to be helpful. 

We've always used McAfee. There never has been another solution that the organization has tried out.

I personally have worked with a few other solutions. I'm not talking about next-generation products, like a CrowdStrike or a Carpenter due to the fact that they are a different league altogether. However, I would say I've had extensive experience with Symantec also. 

In terms of Symantec versus McAfee, the two big differences are that on McAfee I am able to scale quite well and now, especially with users who are connecting from home, I can see users' statuses over the internet. That way, we can check the health of the machine and update machines remotely. That isn't the case of Symantec. Unless the user connects to back to the office VPN we will not be able to do as much.

However, where McAfee falters is the size of the modules, which are quite large.

The initial setup was simple and the deployment itself was straightforward. The was no complexity in terms of the architecture or the initial deployment of the solution.

I came into the organization when McAfee was already deployed. However, I've set up some other packages. For example, although McAfee was already deployed, the USB blocking features module, took about two months I would say to deploy across the network.

We have a team of approximately four people the deploy patches and updates and generally maintain the solution.

We deployed the solution ourselves and continue to deploy any ancillary modules on our own as well. We don't need the outside assistance of consultants or integrators. We have a team that manages these items in house.

I would advise, if somebody's looking at buying a brand new solution fresh or have a solution coming up for renewal, to look at the next generation antivirus products. The next-generation products are far more sophisticated. They might be a little higher in price, but in terms of manageability, updates, and the packet size, they are far superior. 

McAfee has released something called Envision. It's a next-generation antivirus. In this other solution, they have incorporated a lot of next-generation technologies. It's a different license and a higher-priced license altogether. 

Overall, I would rate this solution seven out of ten.

We use the platform for managing and securing endpoints in our organization.

The solution's technical support services have a quick response time. It has been beneficial for our organization. 

The platform's most valuable features are AI capabilities and its quick updates. 

They could provide better integration capabilities for the product with other services.

We have been using Trellix Endpoint Security (ENS) for two to three years. We are using the latest version and regularly update it.

I rate the product's stability a seven out of ten. 

Our corporation has approximately 13,000 Trellix Endpoint Security (ENS) users. It is a scalable product.

The solution helps manage users easier and reduces the workload for the IT team.

The product pricing is high. 

We are evaluating Trellix Endpoint Security (ENS) features compared to others. 

I advise others to consider the specific requirements of users, such as personal devices that may not be supported before making a purchase decision.

I rate it an eight out of ten. 

My company uses Trellix Endpoint Security (ENS) to protect our computers.

The most valuable feature of the solution stems from the fact that it works fine with stability.

From an improvement perspective, I want everything in the solution to be free. I don't consider myself to be so sophisticated when it comes to Trellix Endpoint Security (ENS).

I have been using the trial version of Trellix Endpoint Security (ENS), but I have experience with the tool for around four years. I don't remember the version of the solution.

It is a stable solution.

It is a scalable solution.

I used the solution's technical support and was satisfied with their responses.

I have experience with Microsoft Defender, AVG, and Norton.

The product's initial setup was straightforward.

The solution's deployment by an end user can be done in three minutes.

I recommend the solution to others who plan to use it.

I rate the overall tool a nine out of ten.