Trellix Endpoint Security (ENS) Reviews

We are using all Trellix solutions, and we are also using all McAfee products. Our customers are using virus scan for the old platforms, Endpoint Security, MVISION, File and Folder Encryption, File and Folder Protection, and Device Control, but at the moment, I am really interested in the integration between the new Trellix solution like MVISION and FireEye.

It is a really strong solution for endpoint security.

There should be better integration between the ePolicy Orchestrator and FireEye console. The integration of both consoles should be better.

I have been using this solution for about six years.

Its stability is perfect.

Its scalability is perfect. In our company, we have between 2,000 and 3,000 users, but our installation has about 50,000 endpoints for all customers.

They're very good. I am in contact with their support about five times a day, and they respond quickly.

Positive

It was easy. I have been using Trellix since the carbon age. I have been using Trellix since the day it was released.

Its deployment doesn't take long. 

I customize every installation.

It is not so cheap in comparison to Sophos and other solutions.

Make a really detailed survey of all the systems before implementing any solution on the endpoint. Do not buy the license and try deployment after that.

I would rate it a 10 out of 10.

We use Trellix Endpoint Security for endpoint protection, including virus protection for desktops, laptops, and servers. The solution includes special dedicated modules, such as those for Microsoft SharePoint security.

Trellix Endpoint Security helps us support and secure a large number of endpoints efficiently. We have a lot of installations, supporting up to twenty thousand endpoints. With the central management system EPO, it has significantly improved our ability to manage security across these devices.

The EPO, the ePolicy Orchestrator, is the best endpoint protection central management system. 

Trellix Endpoint Security has a lot of special small modules that I like very much, such as access protection, adaptive threat prevention, exclusion capabilities, and logging capabilities. Together with disk encryption or file encryption, it provides a comprehensive solution.

The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.

We have been working with Trellix Endpoint Security for about 20 years.

The stability of the solution is very high, I'd rate it around eight or nine out of ten.

Scalability is high; I'd rate it 20 out of ten if possible.

Technical support is correct and absolutely helpful. We had some issues during the migration from McAfee to Trellix, particularly with account migrations, but generally, support has been good.

Positive

I have used Fortinet Endpoint Management, Symantec, Kaspersky, Check Point, and others. Among these, I find that the EPO system of Trellix is the best.

I like the initial setup very much because Trellix Endpoint Security has a lot of special small modules and configurations. It's flexible and allows for detailed customizations.

The pricing of the solution is correct and justified for the value it provides.

I'd rate the solution eight out of ten.

The solution enables me to monitor all my endpoints and ensure that our agents are reporting to the FireEye management server. That is key for allowing us to see any suspicious traffic coming in. I'm the delivery manager and we are customers of FireEye. 

I like the console and the GUI is user-friendly. One of the most important and critical features is containment. Suppose something gets infected and there's the possibility of it spreading laterally and causing a problem or compromising a network. FireEye has a feature that enables it to disconnect from a system network so that the infection doesn't spread. 

Even if an incident occurs at night when support teams are not available, the feature can contain the infection so that when the support teams get to work, they can carry out the remediation part and bring the system back to production.

I'd like to see the searches enhanced because when I hand over the product to someone without experience, it should be user-friendly to them as well. If the feature was enhanced, and the amount of data that comes in reduced, it would simplify the process for anyone. 

I've been using this solution for two years. 

The solution is stable.

I haven't had any issues with scalability. 

The support is pretty good, we haven't had any problems. 

Neutral

We had a separate team implementing FireEye and there didn't seem to be any issues so I think deployment was relatively straightforward. 

I prefer FireEye to solutions like CrowdStrike, Carbon Black, and Trend Micro which are not as user-friendly. FireEye is also easier to integrate with the SIEM, so all the logs get pushed and there are no issues getting the device integrated with SIEM. 

I rate this solution nine out of 10. 

I'm working on a project for the Hong Kong library system under the Hong Kong government. They provide workstations in the library for citizens to access the Internet. The ENS needs to be installed on all the PCs in the library. Another part involves the CSWA for the server farm. They are upgrading the entire library system, including the rental system, book search, eBooks, multimedia, and other services. The CSWA modules are primarily for the backend servers, including Linux and Windows.

Detection and response functionality meet our requirements, but the support is poor.

HIPS protects server files from being modified or deleted by unauthorized users. It's primarily deployed in the web tier.

It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards. 

For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.

I have been using Trellix Endpoint Security (ENS) as an implementor for two years.

We haven't had any system crashes or problems in most cases. SolidCore is not compatible with some kernels, which is causing problems. Endpoint, HIPS, and anti-theft are working fine so far. 

I rate the solution’s stability as seven out of ten.

We use one ePO server to manage around four thousand endpoints, including servers. This single server effectively handles this load.

It is suitable for medium and large enterprises.

I rate the solution’s scalability as seven out of ten.

Support is poor. A module called Solidcore needs to match with the OS kernel in one area. The support for this module has been slow because it doesn't match the latest OS. As a result, we haven't been able to upgrade our OS because McAfee does not support the latest version. We've also encountered issues where the product can't be upgraded or installed successfully. We're managing over 300 servers and 3,000 workstations. Upgrading has been a nightmare with this setup.

It provides a slow response. Sometimes, getting feedback takes a few days, and that is also not to the point.

Positive

The initial setup is easy and straightforward. Determining specific modules and functions often involves a lot of trial and error. Deployment takes only a couple of days.

Overall, I rate the solution a seven out of ten.

We used it for a compromise assessment. That would be for our client. We deployed the agents. It was for endpoint security.

We had been using the solution previously for one of the clients. We were using it for six months, and we did a compromise assessment based on the FireEye Endpoints that were deployed across the group. At that point in time, there were a lot of ransomware attacks in the environment, and it was impossible to identify the source of the attack and where it came from. The tools didn't point to that visibility. We had to deploy these agents across the environment and also monitor the environment using the network security appliances provided by FireEye just to monitor.

We did monitor it for six months, so it was an assessment. In those six months, we did not have another ransomware attack. It was proven the environmental assessment was clean. That was the whole objective of the compromise assessment - to find out if there are any indicators or anything that has gained a foothold in the environment, trying to fend advanced persistent threats from that standpoint.

It is a great solution. The way it exchanges the information between the entire ecosystem, all the endpoints, as well as the network ATP, can trigger the blocking even if it is seen by some other device. If the network has seen something, we can use that to put a block to all the endpoints.

It works in an ecosystem. Centrally, from just one console, you can block malicious attacks across your environment. It provides you with the ability to respond to threats better.

The solution can be expensive.

If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.

In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.

We used the solution for six months.

The stability has been very good. There are no bugs or glitches and it doesn’t crash or freeze. It’s reliable.

The product can scale. It’s not an issue at all. 20,000 users were using the solution with no problems.

We have contacted tech support. Tech support was brilliant. They were very knowledgeable, very skillful, and very responsive, and they knew the subject matter. They knew what we were asking for.

The agent installation was okay. It was just a package that was installed. It also provides options to customize and fine-tune based on the system's performance. It's not too heavy on the systems or the servers.

On the network side of things, I think there were challenges to getting that working. We had to do a couple of alterations in terms of making it work, mainly since the appliance's model was provided using a special-purpose SFP, and the compatible SFP was not available in the client environment at that one point. We had to procure it specifically for that assessment.

It’s very costly.

I’d recommend the solution to others.

I would rate the solution eight out of ten.

We primarily use this solution as cover for mobile devices. I'm the manager of pre-sales and we are resellers and users of this solution. We are low-level partners of McAfee.

The solution provides good mobile device protection and it's great that it's on the cloud. The product is compatible and works for all platforms.

I'd like McAfee to include device control on MVISION. The solution currently lacks mobile device management. The cost of the solution is comparatively high and I'd like to see that reduced. 

I've been using MVISION for one year and working with McAfee solutions for the past 10 years. 

The solution is stable for threat protection. 

The solution is scalable.

The technical support is very good. They are very knowledgeable and also happy to help out. 

Positive

The initial setup is easy and very straightforward. 

There's a USD$1,500 supported annual subscription fee that includes maintenance for anywhere between 51 and 100 users. It's USD$30 per users which I think is quite expensive. 

It's important to be clear about your use case and environment before purchasing this solution. 

I rate this solution eight out of 10. 

McAfee MVISION Endpoint is used for endpoint protection. Protects the files and network against viruses and malware.

The price of McAfee MVISION Endpoint could improve.

I have been using McAfee MVISION Endpoint for approximately one year.

McAfee MVISION Endpoint is stable.

I have previously used Check Point and Microsoft Defender. I would recommend Microsoft Defender over the other solutions I have used.

The installation of the McAfee MVISION Endpoint was simple. We are able to do it remotely from a central location.

I have had a return on investment by using McAfee MVISION Endpoint.

We are on an annual subscription for McAfee MVISION Endpoint. The cost for the license could be less expensive.

I rate McAfee MVISION Endpoint a six out of ten.

We've only got two or three machines. The solution is simply used as an antivirus, however,  we've rolled it out to all of our customers and we use it as a managed service.

The solution has reduced false positives for our clients and ourselves.

It's got quite good ransomware detection.

The product can be deployed across mobile devices.

It has a managed service push deployment where we can push cloud tasks into policies. 

It's a really good product. It's stable and scalable. It offers good flexibility, has a small footprint, offers a minimal effect on performance, and is from a trusted brand.

We have found the deployment to be very fast.

Technical support is excellent.

We're still looking for weaknesses. The product is still quite new for us. That said, so far, every time I have thought, "I wonder if it can do this or it can do that." I've been able to do it.

McAfee has also asked us for feedback, and we noticed when we gave them suggestions, they worked to implement them. For example, we asked for the ability to leverage Windows Defender instead of creating an endpoint. They've just put that in so you can choose now what you want to do. You can change that deployment and push it out without any intervention by the client as well.

The initial setup can be a bit complicated for those unfamiliar with the product.

We have been using the solution for about four or five months at this point. 

The stability is good. There are no bugs or glitches and it doesn't crash or freeze.

The companies we work with range in size from small to large. 

The solution is very easy to scale.

I would rate technical support at a ten out of ten. They have been great. We have found them to be helpful and responsive. My personal interaction with them was absolutely brilliant.

The initial setup can be difficult the first time. You have the flexibility to give all sorts of setup options. You need to know, for example, do you want this, do you want that, do you want these exclusions? Do you want these exploit preventions? et cetera. There are a lot of components. It's going to be complicated initially, however, once you've done that and set it up for a customer, then it's very simple just to deploy it and roll it out.

We rolled out another customer on Friday, and that's 35 sites we've done so far - and I was able to do the whole lot remotely. It's quick to deploy. For clients, in terms of the deployment, I just simply send them a link to their emails and they just go click on it and it goes.

Once the product is deployed, there isn't any maintenance necessary. It's all controlled from a SaaS portal.

The pricing is okay. It's in the middle and there are actually surveys out and they all say that as well.

There's a couple of license options. You can choose a single license or you can choose what we call a MV2 license. Every single license gives you the ability to install a product on five other devices - including mobile. You get a Windows license and that enables you to install it on a tablet, iPhone, or Android device (up to five) as well.

We're a McAfee partner.

We are using the SaaS version. It's my understanding that we are on the latest version of the solution. 

We would recommend the solution to other companies. We actually sell it and provide it to all our clients.

I'd rate the solution at a ten out of ten.