Try our new research platform with insights from 80,000+ expert users

ThreatLocker Zero Trust Endpoint Protection Platform vs VMware Carbon Black Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 23, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
8.1
ThreatLocker Zero Trust Platform enhances security, improves efficiency, saves costs, increases revenue, and supports business growth by reducing threats.
Sentiment score
7.1
Users reported significant ROI with VMware Carbon Black Endpoint, citing reduced malware and ransomware incidents, and 10% cost savings.
If something were to happen without ThreatLocker, the cost would be huge, and thus, having it is definitely worth it.
The main return on investment is peace of mind, knowing that with ThreatLocker on any endpoint, it will almost always block all malicious code or exploits, even zero-day exploits.
It keeps malware, Trojans, and ransomware at bay.
 

Customer Service

Sentiment score
8.8
ThreatLocker Zero Trust's responsive customer service, highlighted by the Cyber Hero program, is praised for speed, professionalism, and effectiveness.
Sentiment score
6.4
VMware Carbon Black Endpoint support is generally praised as effective and knowledgeable, but some report delays and issues with tiered support.
They have been very responsive, helpful, and knowledgeable.
I would rate their customer support a ten out of ten.
Their support is world-class.
 

Scalability Issues

Sentiment score
8.2
ThreatLocker Zero Trust Platform offers seamless scalability and adaptability, efficiently managing diverse environments and dynamic growth across endpoints.
Sentiment score
7.5
VMware Carbon Black Endpoint is highly scalable and adaptable for various enterprises, praised for ease of adding tenants and managing environments.
I started off with just the servers, and within a month and a half, I set up the entire company with ThreatLocker.
It seems to primarily operate on the endpoints rather than at a central location pushing out policies.
I would rate it a ten out of ten for scalability.
 

Stability Issues

Sentiment score
7.5
ThreatLocker Zero Trust Platform is praised for stability and reliability, with minor issues swiftly addressed by support.
Sentiment score
7.6
VMware Carbon Black Endpoint is stable, lightweight, reliable, and highly rated, though minor issues with sensors and updates occasionally occur.
For five years, we have not had a problem.
Once deployed, it downloads the policies locally, so even if the computer doesn't have internet, it doesn't matter.
It has been very stable, reliable, and accessible.
 

Room For Improvement

ThreatLocker needs UI improvements, better integrations, expanded training, enhanced analytics, restricted Learning Mode, and faster support.
VMware Carbon Black Endpoint struggles with mobile support, complex UI, performance issues, inadequate reporting, and insufficient third-party integration.
Controlling the cloud environment, not just endpoints, is crucial.
This is problematic when immediate attention is needed.
Comprehensive 24-hour log monitoring is a valuable enhancement for both business and enterprise-level users.
 

Setup Cost

Enterprise buyers find ThreatLocker's pricing competitive and flexible, valuing its affordability, transparency, and accessible setup costs.
VMware Carbon Black Endpoint licensing is seen as expensive and inflexible, with prices ranging from $15 to $7,000 per node.
After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues.
We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, 'This is going to cost you.'
I had a really good deal at the time, and it continues to be cost-effective.
 

Valuable Features

ThreatLocker Zero Trust Platform enhances security with features like application control, selective elevation, and robust network access controls.
VMware Carbon Black Endpoint offers robust remote security with intuitive real-time detection, AI-driven threat response, and centralized cloud control.
ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent.
It protects our customers.
The major benefit is fewer breaches overall, as nothing can be run without prior approval. This helps my company protect its data and secure itself effectively.
 

Categories and Ranking

ThreatLocker Zero Trust End...
Ranking in Endpoint Protection Platform (EPP)
6th
Ranking in Ransomware Protection
3rd
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
39
Ranking in other categories
Network Access Control (NAC) (5th), Advanced Threat Protection (ATP) (6th), Application Control (2nd), ZTNA (3rd)
VMware Carbon Black Endpoint
Ranking in Endpoint Protection Platform (EPP)
21st
Ranking in Ransomware Protection
5th
Average Rating
7.8
Reviews Sentiment
7.0
Number of Reviews
63
Ranking in other categories
Security Incident Response (1st), Endpoint Detection and Response (EDR) (15th)
 

Mindshare comparison

As of April 2025, in the Endpoint Protection Platform (EPP) category, the mindshare of ThreatLocker Zero Trust Endpoint Protection Platform is 0.7%, down from 0.8% compared to the previous year. The mindshare of VMware Carbon Black Endpoint is 1.7%, down from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Johnathan Bodily - PeerSpot reviewer
Ensures ransomware protection and reduces phishing chaos
The application control has been great so far, and while I am still exploring the network access controls, I unfortunately don't have access to one module I would love to have due to licensing restrictions. It's easy to use in regard to reducing attack surfaces. For me, it's a piece of cake. We can have something approved within 30 seconds, thanks to the mobile app. We haven't eliminated security solutions. We just add to it, and ThreatLocker has been a great addition. We also have Kaseya and ThreatLocker as a supplement to that. It's useful. They have overlap, and we look at the overlap as a good thing. It's helped your organization save on operational costs or expenses by ensuring that many fewer hours are spent dealing with ransomware nonsense. I cannot count the amount of hours that I personally have not had to put in to recovering an environment from a ransomware event. The last big one took us about three weeks to completely recover from. Since we've grouped ThreatLocker in, the management of that whole setup has gone down to just daily help desk tasks and general server maintenance instead of having the whole system on fire. There are probably thousands of hours of saved time between our teams. It's been great so far. ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications is great. It's my biggest protection, the blocked applications. In a lot of cases, you go to install something yourself that you need for management, and it comes in and says, nope. And then I have to log into the portal and approve it. I get our other guys saying, hey, why are you trying to approve something? Any of the tools that I'm using on a day-to-day basis that haven't been in the environment during the whole learning mode initially, I could go through and set extensions and all that. So, while it's a headache on that end, the amount of saved time I can't even count. It is a little frustrating on my end since I like to go as quickly as I possibly can, and it slows me down. However, that's a really good thing. Depending on the site, it can save a lot of time and cut down headaches. It's likely saved a week's worth of time. It's cut down the amount of sever help desk tickets. Those have become minimal.
Nikunj Kamboj - PeerSpot reviewer
Integrates well with our existing SIEM tool and helps in identifying suspicious activities
The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it. The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization. Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
38%
Retailer
8%
Financial Services Firm
5%
Manufacturing Company
5%
Computer Software Company
15%
Financial Services Firm
11%
Government
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ThreatLocker Allowlisting?
The interface is clean and well-organized, making it simple to navigate and find what we need.
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
We have encountered a few challenges regarding pricing, contract renewals, and additions. As we explored adding features like Cyber Hero, it proved to be an increased expense for our clients. This ...
What needs improvement with ThreatLocker Allowlisting?
I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls. I would prefer the learning mode to be harder to access, ideally h...
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...
What do you like most about Carbon Black CB Defense?
VMware Carbon Black Endpoint is a highly stable solution.
 

Also Known As

Protect, Allowlisting, Network Control, Ringfencing
Carbon Black CB Defense, Bit9, Confer
 

Overview

 

Sample Customers

Information Not Available
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Find out what your peers are saying about ThreatLocker Zero Trust Endpoint Protection Platform vs. VMware Carbon Black Endpoint and other solutions. Updated: February 2025.
842,767 professionals have used our research since 2012.