Trellix Endpoint Security Platform Reviews

Our primary use case is for endpoint protection, to block malware and viruses.

We like the web control and firewall.

I have been using McAfee for twenty years. 

It's very stable.

Scalability also works nicely. It's easier to scale it out on thousands of machines.

We only require two staff members for maintenance. There around 16,000 users. 

They have two different kinds of support. One is enterprise support and one is normal support. They charge more for enterprise support and when we raise tickets we get a good response but with the normal support, their response is not quick. They don't give much preference to normal support. It can take three, four days, or even a week to get a reply from them.

Being in the IT industry, we have come across different products, McAfee and Defender plus Symantec, and Trend Micro. For my needs, I like McAfee the most. Symantec might be equivalent but I like McAfee the most.

There are good web, application, and firewall control features. It would be helpful if the controlling of connections coming to the PC could be done from McAfee's side so that we can block those connections. 

It's a good product. I would recommend it. 

I would rate it a nine out of ten. It's easy to use and it's very powerful. It offers nice endpoint protection.

We use this product for our endpoint security.

The most valuable features are:  

- reporting facility using the ePO console for conformity and threat identification  

- using the advanced threat protection (ATP) 

- MNE module for customising and securing Windows Bitlocker.

We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems.

The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.

We have been using McAfee Endpoint Security for ten years.

In terms of stability, we haven't had many problems.

We use that solution for more that 10k station and servers, and we have space to grow...

The support that we get from McAfee is excellent.

We tried Bitdefender, F-Secure, and many other products before settling on McAfee. When our central agency switched to McAfee, we all adopted it.

The price of this product is good.

One of our subsidiaries has tried to switch products, although I don't know the reason why. Ultimately, the project was aborted.

My advice for anybody who is looking at McAfee Endpoint Security is simply to use it.

I would rate this solution an eight out of ten.

We use it for all Windows and MAC clients. We use it for endpoint protection, DLP, and disk encryption. We are using the latest version.

The endpoint protection and disk encryption features are the most valuable.

It didn't work well for some of the use cases. We have different use cases for each entity. 

Their support is also not good and needs improvement.

I have been using McAfee Endpoint Security for almost three years.

Only the endpoint is stable. There are still a few things that need to be done in DLP.

It can scale. We have around 10K users who use it on a daily basis. 

Their support is not good. It needs to be improved.

We used Symantec previously. They didn't have a suite, and I wanted a suite that can give me a single control panel to manage my endpoint protection, DLP, and disk encryption. I wanted to use only a single agent with different modules so that I don't have to worry about multiple things.

It was not that simple. I would say it was moderate. It took more than three months to stabilize.

We used a partner integrator. We maintain it on our own. 

It is not that expensive. There is no additional cost. We got the entire bundle together.

I would not recommend this solution because a lot of new-age solutions are available in the market. These solutions are better than McAfee Endpoint Security and can do a better job.

I would rate McAfee Endpoint Security a seven out of ten.

We want more protection for our servers. We would like to know if a real incident or something compromising is happening. Therefore, we have deployed this EDR solution.

The exploit guard and malware protection features are very useful. The logon tracker feature is also very useful. 

They have also given new modules such as logout backup, process backup. We ordered these modules from the FireEye market place, and we have installed these modules. We are currently exploring these features. 

The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux.

We would also like assets grouping and device lock protection features, which are included in their roadmap.

We have been using FireEye Endpoint Security for the past two years.

The current version is more stable than the previous ones.

It is easily scalable.

My experience was 50/50. Sometimes, it was good. Sometimes, they took some time.

We were using McAfee AV. We switched to FireEye Endpoint Security because we had some performance issues with McAfee AV. We are not facing those issues with FireEye Endpoint Security.

It is easy to deploy. It took us a month to deploy. 

Deployment may take more time based on the architecture and the environment. With some vendors, it took us some time to analyze because there were things that we wanted to monitor, which depended on the production. Therefore, we installed it step by step, not in one step at full force.

If you are deploying on Windows or Mac, there will be minimal issues, and you can go for this solution. With Linux, you need to understand a few features. What you expect from Windows and Mac is not available in Linux. If your main technologies are open source, then probably rethink about FireEye Endpoint Security. You can go for FireEye Endpoint Security after they have the same capabilities in Linux. Most of the features are there in their roadmap.

We mostly faced issues with Linux support. In the past, we also had issues related to communication between an agent and an endpoint where they didn't communicate, the communication got stopped automatically, or the data communication time didn't sync properly. In the later versions, they improved and resolved these issues.

I would rate this solution a seven out of ten. It's gradually growing, and a few features that we require are not there. If these requirements are satisfied, I would rate them nine or ten.

This product is mainly used for detecting viruses and malware on the laptops and also to scan older, existing files.  

The ability to check a wide range of vulnerabilities and devices is a very valuable feature in this product. This is not really a user interface or manually driven product. VirusScan gives an alert to the user that a scan should be performed on their device and the user has to click it to initiate the scan. Then McAfee scans the device and it gives a report saying that it has run a scan of the system and now everything is fine. It runs for the user rather than manual scanning.  

We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly.  

One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected.  

For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.  

For the last six to eight years we have been using McAfee VirusScan Enterprise.  

The stability of the solution is fine, actually, and we are satisfied. It does not have a problem working with the 10,000+ users in our organization. It checks and updates everything every day and the stability is there.  

The scalability with McAfee is good. We currently have about 10,000 laptops which we are using it to secure. It is globally distributed and everybody uses the data scanning to ensure data security is a high priority.  

The people are using it with roles that range from the top to the bottom of the corporation. It is mandatory to use McAfee to ensure that we are in compliance with security regulations as well as preventing data loss on our local systems.  

We have plans to increase the usage of this product as the employee base and the number of devices increases.  

I did not have a chance to interact with the technical support team at McAfee because our local internal IT takes care of everything when it comes to the maintenance. Some issues that we have occur because the product is not upgrading locally for whatever reason. Our IT people will handle that type of minor support issue for us.  

As far as I know, before this company used McAfee VirusScan as a solution for these past six to seven years, there was not another endpoint security protection product in place.   

The initial setup is straightforward for the administration. The end-user should not have to do anything. There is an automatic trigger and it scans devices on the network along with their files and automatically generates a report. That is all there is to it. It is updated through the central station which tracks the upgrades and the devices that it scans.  

The implementation is kind of done in incremental steps because it is a cloud solution. It is just being pushed from the system to the central location. The agent runs on every laptop and we either manually click it when it issues a notice that it is time to scan the device, or it triggers by itself. It automatically runs these processes without intervention.  

As always, the cost of the licenses has to be paid and it will be per user per year. But the cost is minimal because we have taken a sort of deal with McAfee for a site license.  

I recommend McAfee VirusScan to everyone in an enterprise environment. Part of the reason is that nowadays everyone is working from home. Their systems and devices have to be secure when they are connecting externally to the internal network with whatever device they are using. They should have at least one security solution in their system so that they can avoid vulnerabilities that they may encounter outside of the secure internal network. VirusScan ensures that is happening.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee VirusScan Enterprise as a nine-out-of-ten. It is a very good solution and gives good blanket protection.  

McAfee MVISION is security for integrated VMware and OpenSite cloud solutions.  

McAfee is fine as an endpoint. We are offering the product to clients for data protection. It is not about this being a reactive solution like a firewall. There should be a shield of gateways, wherever possible, whenever this security solution can be implemented.  

The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers.  

Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution.  

Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve.  

Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible.  

What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution.  

This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward.  

If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.  

I have been using this type of product from McAfee since about six years ago off and on.  

I think it is a stable product. It needs to be more robust in identifying threats.  

It is a scalable, of course, as it is designed for enterprise use. It is scalable unless you do not configure it correctly and try to work with it without knowing how to do it.  

We have been in touch with the McAfee technical support. They also struggled with a problem we had with an infected server. I was involved in the contact with McAfee at the time when trying to resolve the issue. Ultimately, they did not have any solution for the problem and we ended up rolling back the server. In all that is a bit of a problem with the product and the technical support. Neither were optimal.  

The installation and implementation are the easiest parts of using the product. The real difference comes in how you want to optimize the performance. That is the key. Otherwise, implementation is not challenging.  

By optimizing the performance, I mean that you should not change the function of the basic purpose of a security product. If it is a firewall implemented on the network, that product should be providing the service without excessive expense or resources in performance. We are looking at the cloud solutions in the same sense. There can be performance concerns for products on the cloud. It is a known factor.  

Then the second point is all about the features and configuration. The question is about configuration management using tools on the cloud platforms. You may be using multiple clouds. You have to be sure you can configure it so the product remains secure across platforms. Security solutions should also focus on providing that rather than forcing users on to different products and having to manage multiple solutions.  

The deployment for McAfee MVISION Endpoint, after everything has been considered and all of the points have been taken into account, takes some time. Say we have got around 3,000 to 10,000 servers. The type of configurations can be critical. If the client provides a rule-based requirement, we have to go with their requirements. Depending on what needs to be configured, this can take more or less time. Each of the servers will take a certain amount of time to do the implementation. So the time estimate for the implementation has to include the customer requirements. Analysis has to be completed for each unique need.  

The maintenance is looked after by the client. It should not take more than five to six team members, even if we have a client with 3,000 servers. That is the number of people that we would expect once the product is properly organized and implemented.  

That should not be considered just an eight-hour per day effort. It needs to be serviced around the clock because the servers do not sleep. Deployment of people to maintenance teams is important.  

With the installation complete, the configuration done, and the maintenance team in place, using the product is all about monitoring it. A lot of intrusion detection is getting automated now, but not everything will be. Someone has to take some time doing analytics with the logs.  

We try to configure the solution to sort out many things. We have to work with what the client is expecting and configure for that level of load and to get proper alerts. The configuration will probably be ongoing as a part of maintenance and review.  

MVISION is intended as an enterprise product and it is priced like one. That is what I can say about the pricing. Enterprise organizations will be able to make the expenditure and it will not be practical for most smaller organizations. This solution is within the price range of competitors at the enterprise level.  

We definitely evaluated other products and continue to. We have to put our case forward for justifying our products and solutions within our company and with our clients. It has been an experience with the POC. Whatever the product and features, the cost-benefit analysis has to be taken in terms of leaky security. That may not matter for certain situations and products, but from our testing and experience, it will definitely matter for this product right now.  

Our company has to make a decision about whether they have to switch to a different product internally. If we try to become a partner with a certain company and begin to resell that to other clients, we can get a better price in a negotiation. This may affect the product we end up using.  

We definitely need to explore a lot. In this case, it will take a lot of time to consider the benefits of various products and cost-benefits.  

My advice to people considering this solution is that they should take a look at it. As of now, that is all I can say. I was not focused on working with all of the products within this category and, after a long time, I am working with them again. Just these last three or four months, I am back into evaluating the security solution sets more rigorously.  

I am not biased at this point and have to leave the possibilities wide open in order to make a good recommendation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee MVISION Endpoint as a five to six in a range of ten. The rating is not about the product being perfect, I am not rating it too high because the things that are missing are things that really should be a part of a superior endpoint solution already. They have so much to work on as of now with this product that it seems to be lagging behind. With their experience in the business, they should know these things are important. If you look into the other competing products of whatever brand, the competition has already released identity and access management. The new organizations in the category are coming into this field with all the latest innovations. As more of them do, they will create a challenge in the marketplace. McAfee is lagging a little behind and not moving quickly to keep up.  

We are a reseller and McAfee is one of the security solutions that we implement for our customers.

The cloud-based security and data protection features are essential for the work from home set up, because of the pandemic.

Some of the most valuable features of this solution are the ePO, centralized management, single control, and ease of management. 

The agents are easy to deploy.

For McAfee, as long as you have ePO it is easy to manage.

It integrates well with other solutions and I like their CASB and the Web Gateway, their cloud security.  Most of our clients are migrating to the cloud and they are evaluating cloud security solutions and data protection.

Endpoint resource utilization causes high levels of instability and that is something that needs improvement. Our clients are concerned about how it can affect their endpoints and do not want the CPU overburdened.

I have been working with this solution for four years.

The stability is good.

This is a scalable solution. Most of our clients are enterprise-level companies with 10,000 users.

My personal experience with technical support is limited, but we have a good working relationship with them. In the four years that we have worked with McAfee, we have found that the people behind this product are easy to talk to. No matter how complex the problem is, they will help you to better understand it.

Overall, I feel that their support is good.

The initial setup is straightforward and it is easy to configure.

The pricing is mid-ranged and quite reasonable compared to other similar products.

Being a reseller, we handle many different endpoint products and have evaluated several of them. When comparing to Symantec, for example, McAfee is better in that they have multiple agents and multiple consoles. We also work with CrowdStrike and Cylance.

Some of our customers prefer McAfee because they started with an on-premises solution, which is a good thing. Not every company is cloud-ready, yet. Some of them have hybrid configurations, where they have on-premises protection as well as cloud-based protection.

Price-wise, McAfee is less expensive than CrowdStrike or Cylance, although not as cheap as Kaspersky or Sophos. I would say that it is reasonable, for the feature set.

We have been working with McAfee for four years and the sales and support have always been good. It is not difficult for us to handle McAfee because they have always worked well with us.

I think that this is a good option for people working from home because it is easy to implement and deploy the agents.

My recommendation for anybody who is implementing this product is to have VPN access set up, adding to the security, especially when working from home.

I would rate this solution an eight out of ten.

The solution has three primary uses for us. 

Our environment is Windows-based. We don't have Mac and very little space for Linux systems. We use the solution on all of our Windows devices as a basic antivirus protection. That's our first use case.

The second use case for the solution is to be able to have USB restrictions on my endpoints. 

And the third would be the protection of machines when, especially now in this COVID-19 climate, users connect from home. There are a lot of network-based attacks. When users are connecting from other networks, they're protected from dangers with this solution

The manageability of the product itself is its most valuable aspect. You have the underlying EPO, and on top of it, you can deploy the various components as you require. This is unlike other solutions like Symantec where you have to deploy everything or nothing. With this solution, you can choose to only deploy antivirus or only deploy a firewall, or only something else. I choose the components and that deployment is done through EPO. It makes manageability very flexible.

There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging. 

The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread. 

I've been using the product for almost two years at this point.

I would say on a scale of one to 10, the scalability would rate at an eight. It's not perfect and there's room for improvement. However, it's generally been stable for us.

We've seen some versions of McAfee not functioning correctly. Then, suddenly, we had to put in a patch. Occasionally, the notes are not there and when we raise a ticket with the support they came back and say, "Oh no, no, this version has a bug, you guys will need to move to a new version."

The scalability of the solution is good. We've actually scaled up, so we can speak from experience. We initially rolled out to a smaller set of users and then eventually to our entire base. We've scaled up to about 15,000 users at this point. There were no issues in doing so. It's quite straightforward to expand outwards as needed.

Technical support I would say is average. A lot of times we've gotten standard responses from support. They don't really offer a solution. The responses that we have gotten from support is something that we have already tried or they'll simply tell us to move to the next version. That requires us to deploy to 15,000 users. They don't go out of their way to be helpful. 

We've always used McAfee. There never has been another solution that the organization has tried out.

I personally have worked with a few other solutions. I'm not talking about next-generation products, like a CrowdStrike or a Carpenter due to the fact that they are a different league altogether. However, I would say I've had extensive experience with Symantec also. 

In terms of Symantec versus McAfee, the two big differences are that on McAfee I am able to scale quite well and now, especially with users who are connecting from home, I can see users' statuses over the internet. That way, we can check the health of the machine and update machines remotely. That isn't the case of Symantec. Unless the user connects to back to the office VPN we will not be able to do as much.

However, where McAfee falters is the size of the modules, which are quite large.

The initial setup was simple and the deployment itself was straightforward. The was no complexity in terms of the architecture or the initial deployment of the solution.

I came into the organization when McAfee was already deployed. However, I've set up some other packages. For example, although McAfee was already deployed, the USB blocking features module, took about two months I would say to deploy across the network.

We have a team of approximately four people the deploy patches and updates and generally maintain the solution.

We deployed the solution ourselves and continue to deploy any ancillary modules on our own as well. We don't need the outside assistance of consultants or integrators. We have a team that manages these items in house.

I would advise, if somebody's looking at buying a brand new solution fresh or have a solution coming up for renewal, to look at the next generation antivirus products. The next-generation products are far more sophisticated. They might be a little higher in price, but in terms of manageability, updates, and the packet size, they are far superior. 

McAfee has released something called Envision. It's a next-generation antivirus. In this other solution, they have incorporated a lot of next-generation technologies. It's a different license and a higher-priced license altogether. 

Overall, I would rate this solution seven out of ten.