Trellix Endpoint Security (ENS) Reviews

The tool is primarily used for endpoint detection. When an event occurs on an endpoint, alarms are generated. Colleagues from my company then investigate these alarms based on a playbook. Depending on the playbook and the specific customer contract, actions may be taken, such as informing the customer or implementing endpoint containment measures.

The tool has contributed to improving our security posture. While it's just one part of our overall solution, it plays a crucial role. As we continue to evolve, we anticipate it becoming even more important alongside other aspects like network behavior and additional metrics.

The tool's most valuable feature is containment. Last year, a German company faced an external attack. We installed the product on every machine, totaling hundreds of endpoints. The Trellix agent collected information, allowing us to check the entire IT infrastructure. 

The product is consolidating its portfolio into one product. It is difficult at the moment. 

I have been using the product for three years. 

The solution's scalability is easy. If you have Trellix Endpoint Security on-premises, you need to define how many agents you will support and consider future scaling. Different appliances are available for various scenarios. If you plan to have hundreds or thousands of agents in the future, hardware considerations become important. However, if it is deployed in the cloud, scaling up or down is easily manageable.

My experience with the product's tech support is good. 

Positive

Trellix Endpoint Security (ENS)'s deployment is not difficult. There are different options available, such as using an on-prem hardware box or a virtual machine in the cloud. Setting up the virtual machine in the cloud is easy, requiring only a connection to the customer's system. 

If you plan to install the solution on-premises, you bring the box to the customer and connect it to their system. This involves some configuration, such as opening a port on the firewalls. Deploying agents on the endpoints is straightforward and can be done from a central management point. The entire process takes around a day to configure, and then you are up and running.

Microsoft Defender is not cheap and from a cost perspective, Trellix Endpoint Security (ENS) is a better option. 

We integrate the product into our system using API. The information, in the form of messages or alarms, is received in our system. We further process this information and incorporate it into our complete solution. 

I rate the product an eight out of ten. 

My company uses Trellix Endpoint Security (ENS) for endpoint protection and scanning.

The most valuable feature of the solution is its advanced ability to search for threats.

Performance is a problematic area in the solution needing improvement. There are some weird problems in the endpoint protection or security of the solution.

I have been using Trellix Endpoint Security (ENS) for two years. I am an end user of the product.

Though it is a stable solution, we face performance issues with the solution in our company.

Considering my company's current scenario, there are around 5000 users of the solution.

The installation phase of the solution was very easy.

The deployment phase of the solution takes around an hour.

Only one IT person is required to install the solution.

My company contacts the product's local integrator for support.

Trellix Endpoint Security (ENS) is not a cheap solution. I don't know about the licensing course since my company uses the solution with the licenses provided by our central health center office, a public organization managed by the government. I don't think any costs are involved in the maintenance of the solution.

It is very easy to maintain the solution.

I suggest checking for the product's performance issues for those planning to use the solution.

I rate the overall solution a seven out of ten.

The solution is used, especially by those who want an antivirus product. It is also useful for those looking for tools that offer endpoint detection and response features. The product offers multiple features, one of which is endpoint security.

Sometimes, one might face issues with the scalability of the product. The aforementioned area can be considered for improvement.

I have been using Trellix Endpoint Security (ENS) for five years. I operate as a system integrator of the product in my company.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a seven out of ten.

My company caters to the needs of small, medium, and large-sized businesses.

I rate the technical support a ten out of ten.

Positive

The product's initial setup phase was straightforward.

The solution is deployed on the cloud and on an on-premises model.

The time required for the deployment of the product can vary, and it also depends on whether the company has been actively using the product.

The price of the product is similar to the ones in the market that offer the same features.

The product has improved its malware protection features since it provides a couple of features that no other solution does. The tool is helpful for multiple companies.

The tool streamlines the incident response process.

The most effective part of the product for threat prevention is related to the tool's rollback feature.

Trellix Endpoint Security (ENS) is like an antivirus tool, but it doesn't alone provide the rollback feature since it is something that is possible with Trellix Endpoint Detection and Response (EDR).

The tool does provide adaptive threat protection features.

I recommend the product to those who plan to use it.

I rate the tool a seven to eight out of ten.

We primarily use the solution as a basic antivirus. It's for protection. We centralize the management of 50 computers. 

The solution offers us more security and less chance of getting a virus. So far, we have had no viruses. 

So far, the experience has been positive. 

The pricing is good. It is very reliable. 

It offers good centralized management.  

The solution is scalable.

It is stable. 

I found the initial setup to be easy. 

We'd like better UI on the management screen. It could be a bit simplified, which would make it easier to use. 

I've used the solution for a while. I've used it for two years so far. 

The solution has high stability. It doesn't crash or freeze. There are no bugs or glitches. The solution has been reliable. 

The solution has a high level of scalability. It is easy to expand as needed. 

I've never used technical support at all. I cannot speak to how helpful or responsive they would be. 

I also used Kaspersky. I used it for two years and then replaced it with McAfee. 

The setup was straightforward. I did not find the process to be complex at all. 

I have not measured any ROI at this time. 

The pricing is reasonable. I'd rate it nine out of ten. It is quite affordable. 

I am an end-user. 

I'm using the latest version of the solution. 

The pricing has been very useful so far. I'd rate it nine out of ten. 

We are using McAfee MVISION Endpoint for our endpoints. It manages our antivirus and does antivirus deployments.

The most valuable features of McAfee MVISION Endpoint are advanced threat protection, web filtering, and removable storage devices in the DLP.

McAfee MVISION Endpoint could improve by an overall simplification of the solution.

I have been using McAfee MVISION Endpoint for approximately two years.

McAfee MVISION Endpoint is stable.

We have approximately 200 users using this solution in my organization.

The support from McAfee MVISION Endpoint is very good.

We previously used the on-premise version of McAfee MVISION Endpoint. It was very similar. However, we switched so we did not have to manage the server ourselves.

The initial setup of McAfee MVISION Endpoint is not difficult because it is on the cloud. However, policies are complex.

We had a discount when purchasing the solution because of the size of our company and we are happy with the price.

We have two administrators that are managing this solution.

My advice to others is for them to try the solution out. It is important to check, l the complexity of the solution because it's a great solution with lots of features and can do very granular settings. However, this can also be something that can be a hindrance because it does make it a very complex solution to learn. 

It is a great solution overall. There is a bit of a learning curve on it when you compare it with other platforms, which I think might be simpler to manage, or more straightforward. It's a very complex solution you have to get used to it.

I rate McAfee MVISION Endpoint an eight out of ten.

We primarily use the solution for our endpoints. 

McAfee is working perfectly. The productivity itself is great.

There are really a lot of features in McAfee.

The endpoint administration is very easy.

We found the initial setup to be simple. 

The stability has been great.

You can scale the product.

I'm not feeling any critical care is missing in the solution.

It is a very heavy tool, unfortunately.

It could always be a bit more stable. 

I've used the solution for three years. I've used it for a while now. 

It's stable and reliable. I've been happy with the performance. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is scalable. It's not a problem if you would like to expand it.

We have about 430 users on the product right now. 

There are no plans to increase usage at this time. In fact, we are using it less and less. 

Technical support has been fine. We haven't really had any big problems to deal with. 

I've also used Check Point. 

We deployed the solution three years ago. It was not hard to implement. It's all pretty straightforward. 

I'm not sure of the exact pricing. I'm not sure what it breaks down to, per user.

We are using the latest version of the solution. I'm not sure of the version number. We keep it updated. 

I don't recommend McAfee for endpoint users. This is a very crucial tool that to have these days. However, it is too heavy for the end user.  

I'd rate it six out of ten. 

McAfee MVISION is security for integrated VMware and OpenSite cloud solutions.  

McAfee is fine as an endpoint. We are offering the product to clients for data protection. It is not about this being a reactive solution like a firewall. There should be a shield of gateways, wherever possible, whenever this security solution can be implemented.  

The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers.  

Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution.  

Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve.  

Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible.  

What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution.  

This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward.  

If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.  

I have been using this type of product from McAfee since about six years ago off and on.  

I think it is a stable product. It needs to be more robust in identifying threats.  

It is a scalable, of course, as it is designed for enterprise use. It is scalable unless you do not configure it correctly and try to work with it without knowing how to do it.  

We have been in touch with the McAfee technical support. They also struggled with a problem we had with an infected server. I was involved in the contact with McAfee at the time when trying to resolve the issue. Ultimately, they did not have any solution for the problem and we ended up rolling back the server. In all that is a bit of a problem with the product and the technical support. Neither were optimal.  

The installation and implementation are the easiest parts of using the product. The real difference comes in how you want to optimize the performance. That is the key. Otherwise, implementation is not challenging.  

By optimizing the performance, I mean that you should not change the function of the basic purpose of a security product. If it is a firewall implemented on the network, that product should be providing the service without excessive expense or resources in performance. We are looking at the cloud solutions in the same sense. There can be performance concerns for products on the cloud. It is a known factor.  

Then the second point is all about the features and configuration. The question is about configuration management using tools on the cloud platforms. You may be using multiple clouds. You have to be sure you can configure it so the product remains secure across platforms. Security solutions should also focus on providing that rather than forcing users on to different products and having to manage multiple solutions.  

The deployment for McAfee MVISION Endpoint, after everything has been considered and all of the points have been taken into account, takes some time. Say we have got around 3,000 to 10,000 servers. The type of configurations can be critical. If the client provides a rule-based requirement, we have to go with their requirements. Depending on what needs to be configured, this can take more or less time. Each of the servers will take a certain amount of time to do the implementation. So the time estimate for the implementation has to include the customer requirements. Analysis has to be completed for each unique need.  

The maintenance is looked after by the client. It should not take more than five to six team members, even if we have a client with 3,000 servers. That is the number of people that we would expect once the product is properly organized and implemented.  

That should not be considered just an eight-hour per day effort. It needs to be serviced around the clock because the servers do not sleep. Deployment of people to maintenance teams is important.  

With the installation complete, the configuration done, and the maintenance team in place, using the product is all about monitoring it. A lot of intrusion detection is getting automated now, but not everything will be. Someone has to take some time doing analytics with the logs.  

We try to configure the solution to sort out many things. We have to work with what the client is expecting and configure for that level of load and to get proper alerts. The configuration will probably be ongoing as a part of maintenance and review.  

MVISION is intended as an enterprise product and it is priced like one. That is what I can say about the pricing. Enterprise organizations will be able to make the expenditure and it will not be practical for most smaller organizations. This solution is within the price range of competitors at the enterprise level.  

We definitely evaluated other products and continue to. We have to put our case forward for justifying our products and solutions within our company and with our clients. It has been an experience with the POC. Whatever the product and features, the cost-benefit analysis has to be taken in terms of leaky security. That may not matter for certain situations and products, but from our testing and experience, it will definitely matter for this product right now.  

Our company has to make a decision about whether they have to switch to a different product internally. If we try to become a partner with a certain company and begin to resell that to other clients, we can get a better price in a negotiation. This may affect the product we end up using.  

We definitely need to explore a lot. In this case, it will take a lot of time to consider the benefits of various products and cost-benefits.  

My advice to people considering this solution is that they should take a look at it. As of now, that is all I can say. I was not focused on working with all of the products within this category and, after a long time, I am working with them again. Just these last three or four months, I am back into evaluating the security solution sets more rigorously.  

I am not biased at this point and have to leave the possibilities wide open in order to make a good recommendation.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee MVISION Endpoint as a five to six in a range of ten. The rating is not about the product being perfect, I am not rating it too high because the things that are missing are things that really should be a part of a superior endpoint solution already. They have so much to work on as of now with this product that it seems to be lagging behind. With their experience in the business, they should know these things are important. If you look into the other competing products of whatever brand, the competition has already released identity and access management. The new organizations in the category are coming into this field with all the latest innovations. As more of them do, they will create a challenge in the marketplace. McAfee is lagging a little behind and not moving quickly to keep up.  

I'm working on a project for the Hong Kong library system under the Hong Kong government. They provide workstations in the library for citizens to access the Internet. The ENS needs to be installed on all the PCs in the library. Another part involves the CSWA for the server farm. They are upgrading the entire library system, including the rental system, book search, eBooks, multimedia, and other services. The CSWA modules are primarily for the backend servers, including Linux and Windows.

Detection and response functionality meet our requirements, but the support is poor.

HIPS protects server files from being modified or deleted by unauthorized users. It's primarily deployed in the web tier.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. 

For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

I have been using Trellix Endpoint Security (ENS) as an implementor for two years.

We haven't had any system crashes or problems in most cases. SolidCore is not compatible with some kernels, which is causing problems. Endpoint, HIPS, and anti-theft are working fine so far. 

I rate the solution’s stability as seven out of ten.

We use one ePO server to manage around four thousand endpoints, including servers. This single server effectively handles this load.

It is suitable for medium and large enterprises.

I rate the solution’s scalability as seven out of ten.

Support is poor. A module called Solidcore needs to match with the OS kernel in one area. The support for this module has been slow because it doesn't match the latest OS. As a result, we haven't been able to upgrade our OS because McAfee does not support the latest version. We've also encountered issues where the product can't be upgraded or installed successfully. We're managing over 300 servers and 3,000 workstations. Upgrading has been a nightmare with this setup.

It provides a slow response. Sometimes, getting feedback takes a few days, and that is also not to the point.

Positive

The initial setup is easy and straightforward. Determining specific modules and functions often involves a lot of trial and error. Deployment takes only a couple of days.

Overall, I rate the solution a seven out of ten.