What needs improvement with McAfee MVISION Endpoint?

Trellix Endpoint Security Platform is great the way it is, and I see no need for improvement. There isn't anything, even small, that I think could be improved, including user interface or reporting.

What could be better is the performance impact on some machines and the complexity of configuration. There was one time I had to wait because it was a different time zone. I was in Nigeria back then and the support was in India, so we had to wait to get in touch. However, it was fantastic. The support representative did a great job, so I commend the customer service team. A colleague of mine complained once about the interface, saying they do not prefer it because it is a bit overwhelming for newer admins. Perhaps they can improve that, and maybe because the workflow sometimes requires clicking on this to go to that place. It might be better to reduce the workflow complexity. However, for me, it is seamless. I appreciate new technology and exploring new things, and for me, it was a good experience. They could reduce the complexity of the workflow and the policy configuration workflow, which would be good for newer admins. Trellix Endpoint Security Platform does the work for enterprise security, but there is definitely room for improvement to enhance usability and performance. As for other features, I am thinking that perhaps there could be a feature where instead of some users not preferring to update their system or push patches, Trellix Endpoint Security Platform could push critical patches to workstations. That would be beneficial instead of using another tool for that function. Trellix Endpoint Security Platform could do that, providing one centralized tool that can help and improve the process. The centralization for everything and pushing critical patches would be something the Trellix team can look into.

Trellix Endpoint Security Platform can be improved by having more user-centric features. Competitors like CrowdStrike and Microsoft Defender have a very user-centric UI, and it is easier to see the visibility is much more. The menus and the dashboards are interactive, they have some response, some touch and feel to it. Trellix does not have either of those features, so it is very bland, and the simple things would be done after taking the long route, with menus within menus. This definitely needs to improve, plus the customer support. The issues with patches and rollouts include a scenario where we had this issue whereby when we wanted to import multiple alerts for reports, we could only select 50 or 60 at one time. Whereas the other SIEMs give you more flexibility on selecting the bunch of reports and just exporting them directly, which was a limiting factor and it definitely slowed down the whole automation of the process. When we tried to reach out to the team, they did not help us with the rollout. There are multiple other improvements needed for Trellix Endpoint Security Platform. The rules are a bit hard to tweak, and to tweak a rule, you would have to go very deep into the system, which again leads to more alerts, more detections, and ultimately more fatigue within the SOC analysts. It basically needs a lot of fine-tuning from the developers, but unfortunately, they are not open to feedback.

I think Trellix Endpoint Security Platform's live application could be more user-friendly. When we tried to find some rules or specific configurations, it was sometimes difficult, and I believe they could be centralized in a specific location rather than being separated by topic, as it was confusing at times.

Trellix Endpoint Security Platform needs to sort out their issues with the organization and outreach to clients to improve their platform because they have been lagging behind. The needed improvements for Trellix Endpoint Security Platform are more a company decision and not so much a product decision.

There is a need to enhance the expertise of the support portal and support engineers for Trellix Endpoint Security Platform, but overall, everything else is acceptable. The support could be improved, particularly concerning response time.

From an improvement perspective, I am looking for a way to troubleshoot situations where the endpoint agent becomes corrupted and requires reinstallation, as there is currently no option to resolve these issues without rebooting the system. I give it a rating of seven because, in today’s scenario, the portal is complicated to navigate. The Trellix Endpoint Security Platform dashboard is somewhat difficult to understand, and it takes considerable time to familiarize oneself with the tools and policies compared to other solutions. For on-premises deployment, I would also like to highlight that the architecture is quite complex, which is an area Trellix Endpoint Security Platform should consider improving.

Some customers feel that the Trellix Endpoint Security (ENS) agent consumes more memory and resources in their environment, which is a major issue we are facing. This causes their endpoints to consume more CPU under subscription, resulting in a feeling of slowness in their processes.

I cannot really point to any areas that need improvement at this moment. Continued available training is important for people coming in to use it.

The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

They could provide better integration capabilities for the product with other services.

Sometimes, one might face issues with the scalability of the product. The aforementioned area can be considered for improvement.

There is room for improvement in the pricing. The price should be improved, it's high.

The product is consolidating its portfolio into one product. It is difficult at the moment.

The solution should respond faster. Whenever Trelix runs, the system slows down.

The product could be flexible and offer better pricing. They should make it free, open-source software.

The product needs to reduce the usage of RAM and CPU.

Performance is a problematic area in the solution needing improvement. There are some weird problems in the endpoint protection or security of the solution.

You do not have access to all the features when you use the Trellix web interface. For example, you cannot do device or drive encryption from the web interface. Also, when we're working with customers, it's sometimes challenging to get sales support. Delays mean we might lose an opportunity. Lastly, Trellix lacks some documentation about custom features. I would like to see Trellix add database activity monitoring. They don't have a plan for this, and there isn't a significant roadmap around it. They have an enterprise service manager, which is sort of like a SIEM, but there is no roadmap. I want to see a clearer roadmap for integrating specific critical solutions like PAM and other things, too.

Trellix tends to get in the way and really impacts the performance of the servers quite negatively.

We'd like better UI on the management screen. It could be a bit simplified, which would make it easier to use.

The only challenge we found is the integration with its product modules. It has a DPP. That integration, we felt, is slightly complex. The complexity of advanced modules can be improved. They could do some improvements so that it is easier to deploy the advanced modules. We would like more in their advanced modules or ATP.

The quality of the dashboard could be improved, and the central monitoring dashboard needs improvement. At first, we thought we were getting multiple views. One was a wholly summarized view, and the other was a more detailed view of an endpoint device. Digging into one device's detail is sometimes difficult. Additionally, the granularity of reporting can be improved. The next release could also include an extended mobile connection for the solution.

I'm not feeling any critical care is missing in the solution. It is a very heavy tool, unfortunately. It could always be a bit more stable.

So far, McAfee MVISION Endpoint ticks off all of our boxes, but its pricing could always be better.

Looking at the current ePolicy orchestrator, and the transition of most vendors to the cloud, they need to do an improvement with the current dashboard or the overall aesthetic of their GUI. They need to just keep up with the current trends. It's still a bit old-looking. That said, with the CASB, their other solutions their cloud solutions, they're already on the way with that. They are working on improving things. The initial setup can be a bit difficult. They should offer further application control. The way of doing the application control is based on an inventory scan. It would be great and it would be at par with other solutions if they would be able to improve that into a category-based application control.

The email protection isn't efficient enough, and I'd like to see DLP features in the next release.

The price of McAfee MVISION Endpoint could improve.

I would like to see more automation.

I would like to see more local integration for the applications that we use. We are looking forward to having more unified management.

We're still looking for weaknesses. The product is still quite new for us. That said, so far, every time I have thought, "I wonder if it can do this or it can do that." I've been able to do it. McAfee has also asked us for feedback, and we noticed when we gave them suggestions, they worked to implement them. For example, we asked for the ability to leverage Windows Defender instead of creating an endpoint. They've just put that in so you can choose now what you want to do. You can change that deployment and push it out without any intervention by the client as well. The initial setup can be a bit complicated for those unfamiliar with the product.

McAfee has several MVISION products. It will be really amazing if they could be consolidated into one dashboard. As of now, I know that this is on the roadmap and is expected to be released very soon. It'll unify the management of the various MVISION portfolios. It will be a great tool for improvement. Instead of needing separate management consoles to manage some of the products in the portfolio, a unified console for MVISION Cloud, MVISION EDR, MVISION Endpoint, MVISION DLP, and the remaining MVISION portfolio would be great. I believe that McAfee is addressing this at present. A drawback with the cloud MVISION ePO is that you can't push agents from the cloud portal. You need to download that agent, and you need to figure out a way to install that agent into the machines. I'd like to see MVISION Endpoint for other platforms because MVISION Endpoint is only compatible with Windows 10 and Windows 2016 and above. If I were using a Linux operating system, I would not be able to use MVISION Endpoint. I'd like to see it in the Mac operating system as well. I'd like to see cross-compatibility, which would be great. Even though McAfee has a simpler product for Androids and the iOS, it would be great to see the ease of use of MVISION Endpoint across the portfolio.

The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers. Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution. Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve. Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible. What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution. This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward. If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.

A policy-editing console should be added. Having automatic updates would be helpful.

Endpoint resource utilization causes high levels of instability and that is something that needs improvement. Our clients are concerned about how it can affect their endpoints and do not want the CPU overburdened.