Trellix Endpoint Security Platform Reviews

The easy accessibility of managing all the agents through a central server and the customizability of the management interface are the most valuable features for us from our experience with it so far.

With this product, we can easily implement encryption for all our users in the company and deploy modules as and when needed through a central interface. This has made our job much easier.

We’ve had issues when upgrading to updated versions of the product two times already. A single sign-on functionality would be good to have in the future.

We’ve been using this for about three years now.

When we upgraded the agent deployed on our users' computers, it locked out the people who were still on the old agent, which was not supposed to happen.

We’ve also had an issue previously with one of the modules of Mcafee Endpoint encryption, DLP. This particular module, when we upgraded to the latest version ,took up all the resources on the computer, making it unusable. We had to remove this module from all the affected computers.

We have had no issues with the stability.

We have had no issues scaling it.

They didn't know why the upgrade issue was happening.

The setup is easy and straightforward. Install the agent, put the computer in the correct deployment group, and that's it.

We implemented this through our in-house team and used the vendor for support in any technical issues we might encounter.

Pilot testing is a must when upgrading any of the new modules or the McAfee agent.

From an IT management point-of-view, the most valuable features are the force of the ePO console and its simplicity. For security, the most valuable feature is that it offers clear security dashboards and reporting.

Our endpoints are secure and updated daily. Viruses and malware are detected and quarantined automatically. Users are informed when a detection has been made with alerts. We have confidence in the product to keep our business users secure.

We are functioning in a delegated organizational structure with 20 sites. Every site has been delegated certain security rights to manage their local clients. ePO supports delegation of administration.

The client-side interface is out of date, and has not been updated over the last few years. Additionally, the interfaces of different modules do not integrate common settings. This should be reworked in the next-gen version of the product (EndPoint Security 10.)

Larger updates like service packs are sent to all clients at once and can potentially cause network saturation. The product does not have built-in bandwidth control for avoiding this.

We've been using it for 10 years, and it includes several modules for endpoint security. All modules are managed by a central server called ePolicy Orchestrator (ePO), which gives complete control over policies, tasks, events etc. The mainstream product for virus scanning is McAfee VirusScan Enterprise. Other modules are Host Intrusion Prevention (firewall) and Advanced Threat Protection (rootkits, advanced malware protection etc.).

We've had no deployment issues.

The product is very stable. One ePO Server can manage thousands of clients. Most updates and Service Packs are tested thoroughly before RTW. Hotfixes for known issues are posted regularly. There is also a notification service that keeps you updated with news about the product(s) you manage. This enables you to immediately react if needed.

We have been able to scale it for our needs.

8/10

8/10

I have not used anything previously.

You install the ePO Server, link to AD, and deploy the agent. Then all you need to do is to configure the policies and deploy module, then it's ready. There is, however, a learning curve to properly configure policies and client tasks in the most efficient way.

We are using local distribution channels of Intel Security.

When you have a small security team, a solid security product that is easily manageable will automatically return its investment. EndPoint Protection does the work for us.

When it concerns security, no compromise should be made on product quality. Quality may have its price and is always negotiable.

There were no other issues evaluated.

Deploy the product with a phased and progressive strategy and optimize it during deployment. Often policies need to be adapted in order to lower impact on performance for some applications.

The central management feature of the ePolicy Orchestrator was extremely valuable to me. My organization had a very small security team, so the ability to manage our protection tools from one program made the job much more efficient.  Additionally, central management made it much easier to create executive reports for management review. 

My organization did not have a well-maintained host-based security program before McAfee Endpoint Protection. This product made it possible to protect critical data, investigate threat events, and prevent future events from occurring on every endpoint on our network.

One thing I could have used was a more detailed description of the HIPS signatures. When selecting a HIPS configuration, I would have liked to see exactly what access will change on the system. My organization did not have much room for testing, and many issues did not come up until days or weeks after changes were made. 

We have had no issues with the deployment.

We have had no issues with the stability.

We have had no issues scaling it for our needs.

The system my current organization uses does not allow for administrative changes from the endpoint itself, like McAfee Endpoint Protection does. This feature is very useful when testing firewall rules and HIPS configurations for specific programs and sites that only certain network segments may need to access. 

The centralized management of the solution is valuable since we are a diverse organization.

It would be nice to have the ability to change Safeboot passwords from within the OS as there is a delay in the boot process and password changes can take time.

We've been using it for over five years. The component versions we are using are

McAfee VirusScan Enterprise + AntiSpyware Enterprise 8.8.0.1445
McAfee Agent 4.8.0.1938
Saferboot Device Encryption 5.2.11
McAfee SiteAdvisor Enterprise 3.5.0.1364

We have had no issues with the deployment.

There have been no issues with the stability.

We have had no issues scaling it.

I've not had to contact customer support.

I've not had to contact tech support.

We had something in place previously, and this just seemed to be a better fit. Also, the management of the device worked best for our organization.

The initial setup was straightforward.

We implemented it in-house. I would suggest building a small lab to get familiar with the process before working on a live environment.

Take your time and plan it out before attempting to deploy in a production environment.

There is not one feature in particular that is more valuable than another for us. It is generally a valuable tool that helps us with our security.

We can easily renew our subscription and update the product. When we update it, it automatically removes viruses from most of the infected systems.

They could improve it by providing better manageability for administrators. I need to spend too much time on this right now.

We've been using it for three years.

We have had an issue updating it. I have applied update ePO 5.3.1, but it shows the update version is ePO 5.3.0.

There have been no stability issues.

We have had no issues scaling it.

Customer service responds well.

Technical service is also responsive.

I used a different product in a previous position.

The initial setup was straightforward.

We implemented it via a vendor team.

The pricing needs to be lowered as we find it to be high. We're just a small-to-medium sized company.

You should use a licensed version of an anti-virus, preferably McAfee.

The most valuable feature that I've found most useful is the availability of seamless AES 256 full-disk encryption.

I don't need to worry about the content of a laptop if it's lost or stolen. It provides better security of laptops when doing foreign travel.

I think encryption needs to move to an all hardware-based solution. Software encryption is less efficient than hardware-based. Intel purchased McAfee a few years ago, so this company is set up from the chipset point-of-view.

We've used it for six years.

Initially, we ran into issues running full-disk encryption and certain versions of disk defragmentation software. However, this has now been resolved.

There have been no issues with the stability.

We have had no issues scaling it for our needs.

9/10. I've found technical support to be very good and responsive.

We selected this endpoint protection solution due to its multi-platform support, not just Windows (e.g BitLocker). Other reasons were that it has enterprise key storage and recovery, which is very important to us.

It's fairly easy to get going. It's been around for a while now, and there are lots of use cases. You just just need to follow the best practice installation documentation.

We implemented it with the help of a McAfee vendor team.

Everything has a cost. During the initial product evaluation, price was considered but it was not a show stopper.

The central management console, ePO, is very useful. It incorporates file/folder encryption as well as encrypted thumb drive registration and policy management.

McAfee Endpoint Protection is a a good product that's easy to administer. It provides endpoint protection for desktops, laptops, and servers, and the protection includes anti-virus, anti-malware, anti-spam, DLP, and encryption.

We're less affected by viruses and threats on end-user device, able to manage all endpoints from a centralized server across locations. We're also able to encrypt sensitive laptops with ease. Very good reporting and compliance to endpoints.

It needs much better control on zero-day viruses and easier submission of threats to McAfee. They also need to improve the DLP rules since loads of false positives and patch releases are not quick enough when a new OS hits the market. Because of this, there are incompatibility issues which cause slowness on end-user devices.

I've used it for five years.

Deployment of agents and products to end-user machines is straightforward and easy. The basic McAfee ePO deployment is not easy and you need good knowledge in SQL and servers.

Patch release is not fast when there is a new OS on the market, so compatibility issues will come and can cause slowness on end-user devices. For example, I had a tough time when Windows 10 was released and the devices were not protected for a month, which is not advisable.

The upgrade of the new ePO from older versions always have issues and need support from McAfee engineers all the time. In a span of three years, we had upgraded three times and all three times were difficult. But the engineers were good enough and at the end of the day, they fixed it.

We had no issues with the stability.

We had no issues with the scalability.

Excellent 8.5/10

9/10 - Very fast support and engineers have good knowledge of the products. They show patience in understanding the issues before taking any action/recommendations, which I personally appreciate. They also have an escalation matrix that provides for faster response time depending on issue severity.

I have used Symantec, not happy with their support and was facing lots of performance issues.

The initial setup is complex as loads of communication (ports between server, clients and locations) has to be done, making setup difficult. You need a good engineer who has knowledge of SQL, database, servers, and firewalls.

Our environment was a mix. I prefer to do it with a vendor and Intel Support.

The pricing was good and licensing is on a per-user basis, so it's flexible. All the products will work, but only AV signatures will stop downloading.

We evaluated Kaspersky and Trend Micro.

Always test on all environments and different OS's before deploying into production, especially VSE, DLP, and encryption.

The fact that the three components have been provided under one platform helps to simply perform product management.

Also, the virus definition file size is 40% smaller, which reduces the amount of bandwidth required to update all the endpoints.

There are three valuable components to Endpoint Security 10.1: First, there's threat prevention, which is for anti-virus and anti-malware detection. Second, there's firewall, which replaces the Windows firewall when activated. Third, there's web control which is used for endpoint web filtering.

The threat prevention feature is the most valuable because it provides protection against malware.

I would like the product deployment to be made simpler. The current deployment requires creating tasks to install each component.

The product is quite stable. We haven't had any issues with instability.

The scalability is great. We've been able to scale it for our needs.

Intel Security technical support is very efficient, although the wait times on the customer support line can be quite long.

I previously used Kaspersky. However, the management console does not match up to the functionality of the ePolicy orchestrator management console provided by Intel Security.

The setup was very straightforward. The EPO server deployed the McAfee agent and then we were able to deploy Endpoint Security.

Implementation was done through the vendor. My advice is to ensure all the requirements that are provided prior to implementation to avoid any delays.

The return on investment has been very encouraging. Ask the vendor to give you as much information as possible on all the suites so you can get a package that suites your environment.

Endpoint Protection 10.1 is a very complete endpoint protection solution that gives complete protection for endpoints. It is easy to deploy and can be a very useful endpoint protection suite for small, medium, and large-scale environments.

• Easy installation and configuration
• Managed by ePolicy Orchestrator (ePO) for simplified management

It's provided us with a reduction of the attack surfaces used by malware. As an organization, we've decreased our threat visibility.

We have reports by users of machines being slow when the on-demand scan starts.

Recently, some cases of ransomware have been reported on managed systems without VSE detecting them.

I've used it for six years.

VSE 8.8 is managed by ePO for easy deployment.

Beta versions are released for extensive testing on the various platforms before RTW (Release to World) versions.

We have had no issues scaling it for our needs.

McAfee technical support is available 24/7 to assist with any calls logged.

I have worked with Symantec before. I chose McAfee because of the security-connected framework for synchronized security, which works well to mitigate risks and to enable a proactive approach to threat responses.

The initial setup of VSE is via the ePO. When checked in to the ePO, VSE can be deployed to the whole environment via the ePO silently without any user intervention.

The initial implementation was done by an in-house team comprised of highly-skilled McAfee experts since we are an Infosec company specializing in various vendor products. An in-house team can set it up, provided they are awarded adequate training.

With the rise of malware and, recently, ransomware cases, using VSE assures you a positive Return-on-Investment. The benefits surely outweigh the risks of a compromised environment.

Using McAfee provides you a single, integrated platform that helps you have an end-to-end visibility of the whole environment.

I personally really like what the folks at Intel did when creating the Endpoint Protection Suites. Running the EASI.exe installer from the .zip file simplifies the build process for newer administrators and engineers by installing a base-system tree, basic policies, and streamlining the installation process. 

What most don't seem to grasp is that Endpoint Protection is a Suite Install Package. There are 6 different versions of Endpoint Protection, each coming with different applications installed. Primarily, I usually install the Endpoint Protection Advanced Suite (EPA) & Complete Endpoint Protection Suite (CEE). I recommend installing SQL either on the same box as ePO if you're managing under 5000 endpoints, or on a separate SQL server if higher, overusing the SQL Express that comes with the Installer. The primary reason is that if you use SQL Express, you do not have access to SQL Management Studio. Having access to the data tables and being able to clean up the space on the SQL server over time will be a must. The Complete Endpoint Suite has certainly simplified the build procedure.

I have been installing ePO and the separate modules for years. I am a bit biased on Intel Security products as it is how I make my living as a Subject Matter Expert .

There are a few things I wish the folks at Intel would fix. 

The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.

A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system  (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier. 

Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.