Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs Trellix Active Response comparison

Microsoft and Trellix are both solutions in the Endpoint Detection and Response (EDR) category. Microsoft is ranked #2 with an average rating of 8.3, while Trellix is ranked #66. Microsoft holds a 12.3% mindshare in EDR, compared to Trellix’s 0.2% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution.
Microsoft Defender for Endp...
Read 190 Microsoft Defender for Endpoint reviews
  • 27,294 Views
  • 21,178 Comparison Views
94% willing to recommend
Trellix Active Response
Read 3 Trellix Active Response reviews
  • 398 Views
  • 286 Comparison Views
0% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

Trellix Active Response and Microsoft Defender for Endpoint are two prominent endpoint protection solutions. Microsoft Defender for Endpoint seems to have the upper hand due to its comprehensive feature set and seamless integration with other Microsoft products.

Features: Trellix Active Response users value its robust threat detection, real-time response capabilities, and advanced threat detection. Microsoft Defender for Endpoint receives praise for its broad feature range, including advanced analytics, seamless integration with Microsoft 365, and comprehensive protective features.

Room for Improvement: Trellix Active Response could benefit from a more intuitive reporting system, reduced false positives, and better third-party integration. Microsoft Defender for Endpoint requires improved third-party application compatibility, performance optimization, and better initial setup cost management.

Ease of Deployment and Customer Service: Trellix Active Response is commended for its straightforward deployment process, though some users find the learning curve steep. Customer service is generally well-regarded. Microsoft Defender for Endpoint is recognized for a smoother and faster deployment, with extensive documentation aiding the process. Customer support is seen as highly efficient.

Pricing and ROI: Trellix Active Response users find the pricing model reasonable and note a positive ROI due to reduced security incidents. Microsoft Defender for Endpoint users feel that, although the initial setup costs are higher, the ROI is justified by its extensive protective features and integration capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Endpoint vs. Trellix Active Response Report (Updated: January 2025).
Buyer's Guide
Microsoft Defender for Endpoint vs. Trellix Active Response
January 2025
Download the complete report
Helped 831,791 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
190
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
Trellix Active Response
Ranking in Endpoint Detection and Response (EDR)
66th
Average Rating
6.4
Number of Reviews
3
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of Microsoft Defender for Endpoint is 12.3%, down from 17.2% compared to the previous year. The mindshare of Trellix Active Response is 0.2%, down from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR)
 

Featured Reviews

AnuragSrivastava - PeerSpot reviewer
Provides detailed visibility into threats but the ability to add exceptions needs improvement
One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to. The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices. Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.
Read full review
LW
Lighter with good stability and pretty good technical support
It's still not lightweight enough and not as light as they claim to be with the McAfee area of a next-gen AV. They can do some improvements along that line. There needs to be some improvement around the white-listing or black-listing. The product could improve aspects around the removal of blacklisted applications, et cetera. This was an exercise to centralize the AV cell, and that's how we ended up upgrading. The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer. It is okay for what it's doing now, however, it's not the ultimate software. There are some components on the cloud that should also reside in the on-prem deployment models but don't. They should ensure they are doing parallel development for cloud and on-prem when they are doing R&D.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool."
"It has Kusto Query Language (KQL), so we can use our own queries to find anything."
"It's effective against most types of infection, and the firewall is perfect for protection."
"It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal."
"We are a Microsoft shop, and Defender is a Microsoft solution that provides some security at a reasonable cost."
"It's pretty easy to scale."
"We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations."
"We found that because the endpoint devices are based on Microsoft Windows devices and Windows Defender is integrated with the foundation and the core layer, it makes it more integrated and more agile in terms of responding to any security threats or changes or development"
More Microsoft Defender for Endpoint pros
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"The solution is scalable."
 

Cons

"Microsoft Defender for Endpoint could improve by adding more security features."
"With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately."
"The solution could always be more secure."
"The pricing could be a bit better."
"Some integration components for Mac should be added. We use both Windows 10 desktops and Mac desktops, but presently, the Mac component is still lagging a bit behind."
"There is room to improve the security of the solution."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"Lowering the price would be an improvement."
More Microsoft Defender for Endpoint cons
"I also expected Active Response 's user interface to be much more analytical."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"While the product is good, we are currently facing support issues."
 

Pricing and Cost Advice

"Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract."
"The cost is high for E5 licenses, but if we go with the E3 license, most of the features are not covered."
"Everybody would like to see a lower price on everything. The Slovenian market is basically an SME market with clients having up to 100 seat licenses, comprising 90% of the company. They're very price sensitive. So, the price could be cheaper."
"When compared with other vendors, the pricing is very high."
"We have a bundle where the price includes all Microsoft products."
"It came with Windows."
"You just pay Windows 10 prices, then you have antivirus software. As a price comparison, Defender's costs are very low."
"Currently, for us, Windows Defender is free with the purchase of Windows Server. Pricing is an important point for us when we are looking at the competitors of this solution. If we choose to go with another vendor, we will have to pay some license fees."
More Microsoft Defender for Endpoint pricing and cost advice
"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
See recommendations
831,791 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
27%
Computer Software Company
11%
Government
7%
Financial Services Firm
7%
Government
24%
Financial Services Firm
11%
Comms Service Provider
9%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
See all answers
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
See all answers
Ask a question
Earn 20 points
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
CrowdStrike Falcon vs Microsoft Defender for Endpoint
Compared 8% of the time
Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
Symantec Endpoint Security vs Microsoft Defender for Endpoint
Compared 5% of the time
Microsoft Intune vs Microsoft Defender for Endpoint Logo
Microsoft Intune vs Microsoft Defender for Endpoint
Compared 5% of the time
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint
Compared 4% of the time
Trellix Endpoint Security vs Microsoft Defender for Endpoint Logo
Trellix Endpoint Security vs Microsoft Defender for Endpoint
Compared 4% of the time
More Microsoft Defender for Endpoint Competitors
Trellix Endpoint Detection and Response (EDR) vs Trellix Active Response Logo
Trellix Endpoint Detection and Response (EDR) vs Trellix Active Response
Compared 57% of the time
Trellix Endpoint Security (ENS) vs Trellix Active Response Logo
Trellix Endpoint Security (ENS) vs Trellix Active Response
Compared 43% of the time
More Trellix Active Response Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Endpoint
January 2025
Microsoft Defender for Endpoint reportDownload Microsoft Defender for Endpoint product report
Buyer's Guide
Endpoint Detection and Response (EDR)
January 2025
Trellix Active Response reportDownload Trellix Active Response product report
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
McAfee Active Response
 

Interactive Demo

Microsoft
Demo not available
Trellix
 

Overview

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

Trellix
 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Liquor Control Board of Ontario
Buyer's Guide
Microsoft Defender for Endpoint vs. Trellix Active Response
January 2025
Free Report: Microsoft Defender for Endpoint vs. Trellix Active Response
Find out what your peers are saying about Microsoft Defender for Endpoint vs. Trellix Active Response and other solutions. Updated: January 2025.
DOWNLOAD NOW
831,791 professionals have used our research since 2012.
See our Microsoft Defender for Endpoint vs. Trellix Active Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.