Trellix Endpoint Security Reviews

We are using ePO Center Server to communicate with all the endpoints that are in the network. While I cannot be certain, I believe the relevant version is McAfee 8 or 9.

We make use of McAfee Agent version number 5.6.4.151. We utilize McAfee Data Exchange Layer.

The McAfee Endpoint Security version to which we refer is 10.7.

We use the solution for antivirus purposes. 

We don't like the solution since it requires much memory consumption and consumes much CPU resources. All the machines becomes very slow whenever it uses its tab scans. For this reason, we consider the solution to not be good nowadays. The newer solutions consume less memory and CPU. 

We employ the solution for our antivirus needs, for which it is solely suited, and not as an EDR. We are actually looking for an XDR solution.

The solution is currently outdated. We are looking for Next-Gen antivirus along with EDR and it should have XDR capabilities as well. This would take care of the network and the  properties that are running in the background. They should be protected from cyber threats.

The solution should also be faster. McAfee actually offers EDR and XDR capabilities but, based on our experience, it consumes an inordinate amount of memory and CPU and this causes the system to be slow. At present, McAfee does not lead the market when it comes to antivirus security solutions. 

We have been using McAfee Endpoint Security for eight to ten years. 

The solution is stable. 

While the solution is scalable, we wish to change it with the latest Next-Gen antivirus and EDR option, one which comes with both EDR and XDR capabilities.

We have not had direct contact with McAfee support. We have received support from the vendor. The support is forwarded to McAfee should we encounter problems. It is good and I have no issues with it.    

We did not make use of other solutions prior to going with McAfee Endpoint Security, which we have been using since 2009 or 2010. At that time, an attack happened which caused us to evaluate other antivirus security options. In those days McAfee and Symantec were the market leaders. We are talking about 2008, 2010. This is why awareness of these solutions was prevalent. At the time, Trend Micro greatly lagged behind these two security solutions.

The installation is easy, but expertise is required.

While the installation was not especially time consuming, we would occasionally have to manually install or remove the entire tool. McAfee Endpoint Security can be considered a good product but outdated. The beta version, the one we are currently using, is not up to date. Nowadays, everybody uses EDR and XDR solutions for their security needs.

I have a team which was responsible for the installation. As mentioned, I am currently looking for another solution, one which would allow installation to also be handled remotely from the central management portal dashboard or to have the .exe file installed in each endpoint.

We have our own team, comprised of three to four support HR, who take care of installation, daily troubleshooting, support and all necessary changes. As such, we forward to receive remote support for all our users.

We took out a three-year license, including support, but it is slated to end come December. We would like to switch to a yearly subscription. 

We pay for the license on an annual basis. 

The solution is in-house, on-premises.

There are 300 people making use of the solution in our organization. 

When it comes to the question of whether I would recommend this solution to others, we can see that McAfee greatly lags behind CrowdStrike, Palo Alto Cortex, Cynet and Sophos, which are the top performing security solutions on the market. 

I would rate McAfee Endpoint Security as a five or six out of ten. 

The solution is used for drive encryption and as a policy orchestrator.

The endpoint security, antivirus and firewall are the most valuable features of Trellix Endpoint Security.

Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator.

The solution should provide a more easy way to uninstall it on specific stations.

I have been working with Trellix Endpoint Security for two years.

The solution’s stability is quite okay.

I rate Trellix Endpoint Security an eight or nine out of ten for stability.

Trellix Endpoint Security is a scalable solution. Around 200 users are using the solution in our organization.

Currently, the solution's initial setup on a new computer is quite simple. Although some time is needed to configure all the policies, especially for our needs, it is not too difficult.

The deployment takes one week internally and two days of professional help from a local vendor partner.

It is enough to have one administrator for the solution’s maintenance, but we do not have one full-time administrator. A dedicated person is needed for the maintenance and monitoring of the solution to take it to its full potential. The resources or computers needed to use the solution make it quite expensive. Especially if you put the drive encryption and don't have new computers, you will have to delete multiple files, which is quite a pain.

The solution was implemented by a local vendor partner.

We have seen a return on investment with Trellix Endpoint Security in terms of time.

Compared to Bitdefender, Trellix Endpoint Security is more expensive, but considering it comes with DLP, the solution's price is fine. The licensing cost for the solution is 20k a year for 400 users and 10k for 200 users. You don't have to pay additionally for the solution's maintenance.

The solution's effectiveness depends a lot on the stations that you want to install it on. I will not recommend Trellix Endpoint Security for people with a lot of small text files on the computer. The DLP solution is quite okay. It is not so easy to configure in terms of the computers and permission to allow USB devices on specific computers.

Overall, I rate Trellix Endpoint Security a seven out of ten.

Previously, before the transition to Trellix, we used McAfee. Following a merger, FireEye now collaborates with McAfee, utilizing its console and threat intelligence.

In terms of endpoint security, I would recommend Trellix Endpoint Security, especially for users prioritizing threat intelligence and seeking an internal solution. Trellix has proven effective in areas such as blocking capabilities, device control, and application control.

Trellix Endpoint Security offers robust access protection, addressing major concerns in prevention. It provides both application control and user access control within its access protection features.

Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.

I have been using this solution for the past five years.

Previously, I would have rated it around ten, but now it's more like seven. They need to enhance the EDR part and put in more effort.

For on-premise implementation, I would rate it a six as there is a need for more scalable options during the initial setup. On the other hand, for cloud implementation, I would give it a nine because it offers enabled scalability options.

I acknowledge their technical expertise in the product, but the support has not been as satisfactory as it was with McAfee. I believe there is a need for improvement, whether it's the team's capacity or response time. Previously, the response time was excellent, but now it has increased, causing frustration among customers and creating potential issues. Reducing this delay would be beneficial.

Neutral

If someone asks for a bundled solution with strong threat detection, I would recommend Trellix because it stands out as the only bundle solution with a decent amount of threat detection. While there are other bundled solutions in the market, Trellix excels in both access and detection capabilities.

Regarding the initial setup of Trellix Endpoint Security, I am accustomed to executing it accurately. I would rate it around 8.5 or 9.I have successfully implemented Trellix Endpoint Security for up to five thousand endpoints, and the process took approximately four days. For smaller enterprises, it can be completed in about one day.

I would rate the cost as four to five, considering it's normal compared to other products. I find it nominal and worth the money.

The support phase needs improvement, specifically in reducing the time taken to respond to calls. Additionally, the EDR functionality in Intelix requires enhancement. While McAfee fulfilled product functionality even without strong support, the introduction of EDR seems to be partial and lacks automated response capabilities. The overall rating for Trellix Endpoint Security would be an eight.

We basically use the solution for threat detection. It's for security purposes.

The solution is pretty good for threat prevention, web protection, adaptive threat protection, and other tasks.

The solution is very stable.

We have had a good experience dealing with technical support.

The product is quite user-friendly.

Currently, we have the threat prevention as well as the web protection, and the McAfee firewall, which we were using before, however, we have not installed it on any of our machines. We have disabled it due to the fact that a lot of stuff was being blocked, it was blocking a lot of internal stuff, which meant it needed some fine-tuning. We were supposed to fine-tune it so that we can recognize our items, however, we're still working on that.

We wanted an EDR solution, and our first option was McAfee as the EDR would go hand in hand with the Endpoint integration. We'd like McAfee to offer stronger security. It's not that it isn't strong right now, however, it needs to continue to improve as attacks are always evolving. We are concerned some attacks may be able to find a way to bypass McAfee. If the solution offered something that could detect better, it would be ideal. It would add more value to what is already in place.

I know that they have application control and all the like. The one feature that maybe is lacking is a different module for the antivirus, however, we have a lot of applications that are running in our environment that were not authorized. 

Users can just install software into their computers. We need some sort of application control system that, if there are any pieces of software that are not whitelisted, then the solution could flag it or maybe alert the administers. That would be very helpful.

I joined the organization a little while back in 2016 and when I got here they were already using McAfee product. Therefore, I've been using the solution for a few years now.

We've found the solution to be quite stable. It doesn't crash or freeze. There are no bugs or glitches. It's quite reliable.

We haven't tried scaling it to as normally the license that we buy, we buy for 650 Rand and at this point, we haven't even tried adding more to try and scale it to that.

The tech support has been superb. You log a call. Sometimes we are in a different time zone when we log a service request. However, they are very responsive. I was on the line with them a few hours ago and they were helping me with an issue I was having. We are currently in the process of consolidating our SQL servers. We want them to be running from a centralized server instead of having different SQL servers scattered all over the place. Technical support is really great at helping us with the process.

While I wasn't at the company for the original implementation, looking at it, it's not that complex of a process. When I got here, we were using the lower version and then we've just upgraded it and used a higher version level. The process wasn't difficult. We upgraded to 10.5, 10.6, now we are on 10.7.

We pay 650 Rand for a license. It is a perpetual license which we normally run for two years. It will be expiring sometime in July and our renewal is normally for two years.

When we are looking at the pricing, nobody will ever say the pricing is bad. Normally what we do is we'll take quotes from different local partners, as McAfee doesn't allow us to buy direct from them. Therefore, we typically deal with resellers.

We are customers and end-users. We don't have a business relationship with McAfee.

We are a central bank and one of the things that we haven't really experienced or gone into is putting our solutions into the cloud - even though everything is moving in that direction. We are moving slowly in that direction as well. We'll get there one day.

I have found this solution easy to use. When you need support, you get it. Even in terms of protection, it's fine. I would recommend it to other users.

I'd rate the solution at an eight out of ten.

It is exclusively for Endpoint security. Besides that, we have subscribed to additional features such as MDX for mobile security and recently added ESL. Previously, we had Trend Micro, and at times we utilized it for malware. Comparing the three tools, I would recommend sticking with Trend Micro or Malwarebytes.

Trellix Security Endpoint can promptly isolate any host machines directly from the console. If alerts are received and isolation is necessary, it can be accomplished through the console. The console itself holds significant value, accessible through a browser and allowing remote actions via cloud login.              

If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration.

I have used Trellix Endpoint Security for the last two years.

It is stable and I would rate it 8 out of 10.

Scalability is 8 out of 10. 

The issue with technical support lies in the response time. When submitting a complaint, there is a delay, sometimes taking one or two days for a response. This extended timeframe is considered quite lengthy.

Neutral

The initial deployment of Trellix Endpoint Security involves some time to install agents on host machines. However, once in use, adding new versions and deploying agents to GPO becomes straightforward. It's possible to manually install agents on various devices, and the current process of deploying agents through GPO policies typically takes around ten to fifteen minutes per agent. The duration may vary based on internet connectivity, and it's generally faster when the machine is on the network.

I would rate it 8 out of 10 and it is very straightforward. 

It is reasonably priced. 

I would recommend it. I rate the solution an eight out of ten. 

I personally really like what the folks at Intel did when creating the Endpoint Protection Suites. Running the EASI.exe installer from the .zip file simplifies the build process for newer administrators and engineers by installing a base-system tree, basic policies, and streamlining the installation process. 

What most don't seem to grasp is that Endpoint Protection is a Suite Install Package. There are 6 different versions of Endpoint Protection, each coming with different applications installed. Primarily, I usually install the Endpoint Protection Advanced Suite (EPA) & Complete Endpoint Protection Suite (CEE). I recommend installing SQL either on the same box as ePO if you're managing under 5000 endpoints, or on a separate SQL server if higher, overusing the SQL Express that comes with the Installer. The primary reason is that if you use SQL Express, you do not have access to SQL Management Studio. Having access to the data tables and being able to clean up the space on the SQL server over time will be a must. The Complete Endpoint Suite has certainly simplified the build procedure.

I have been installing ePO and the separate modules for years. I am a bit biased on Intel Security products as it is how I make my living as a Subject Matter Expert .

There are a few things I wish the folks at Intel would fix. 

The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.

A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system  (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier. 

Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.

We primarily use the solution for security. Sometimes we try to shift to other security sites, however, whenever we compare this solution with the others, we found that McAfee developing in more dynamic ways.

It has a great console. We can manage everything from the central console and it is very easy. Every year we are getting the benefits of legacy also.

It's easy to set up.

Some agents become old and then they don't communicate well any longer. They need an update. They need to make sure that older agents on active computers communicate properly.

Sometimes the agents stop working, however, we cannot understand why. This is sometimes a problem, especially if some agent is not communicating for one month or two months. We're not sure if there's a backlog or if it got infected. We need to know right away if an agent has stopped working and possibly what has caused it to stop. 

They have a dashboard. In the dashboard, you can see if a signature is in backlog, and it becomes red. This is also required if new agents or some number of event communications stop. 

I've been using the solution for about seven years.

The solution has been stable. there are not any bugs or glitches and it doesn't crash or freeze.

It is able to scale as required.

We have about 2,500 people using the solution. We have that amount of servers and PCs.

Technical support has been great. They always help us to resolve any issues. We are quite satisfied with them. If they ever run into issues, they can also open up a ticket with the OEM. we've never had an incident where our issues weren't resolved.

Before I started with the company, it may have been using AVG. While I was not responsible for the shift, at the time I came on, the company was growing by quite a lot, which may have initiated the change in solutions. 

The initial setup is very simple. It's not overly complex. We have two people who are able to handle its implementation.

It takes us about two weeks to set everything up.

I work with this solution and I have two junior colleagues. They also help me and we have an IT support team that assists as well. They are actually installing it into the new laptops and they actually sometimes take on basic troubleshooting. basically from the server end, I take care of it and I have two helping hands and we have 15 members in IT support. They provide support to the end-user.

We have a vendor that helps us with the initial setup.

I have not been monitoring for ROI.

We pay for the solution on a yearly basis. 

It is affordable. I don't exactly know the amount as it is maintained by someone else on my team. We have another separate team that basically manages the financial part. 

We are a customer and end-user. 

We always want it updated to the latest version.

I'd rate the solution nine out of ten.

The solution is broken down into different components from the portals. Web filtering, which is an added feature has been great for us. Other than that, we also make use of other products under McAfee, so it was DLP, HIPS, as well. Rogue Detection is more for detecting and managing systems on our network. That worked very well for us. From an interface point of view, it's really simple and straightforward.

On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it.

We have good compliance. Compliance is using it at the moment, so we work 90% plus. It works well. It's being used on a daily basis and runs very well.

The solution is simple to scale. In South Africa, we have about 12 to 18,000 deployed and over 18,000 Endpoint users. We have two servers as well. 

Installation was a bit complicated right in the beginning. We obviously had to use a different extension and some of the policy had to be modified, changed or migrated across, but there were no other issues.

I've been using the Complete Endpoint Protection for maybe a year and a half, but the other half of the McAfee Suite, the McAfee Virus Enterprise, I've used since 2012 and then it migrated to McAfee Endpoint.

From a customer point of view what they need to look out for is just mainly some of the products that they use to make sure the exclusions are correct. The processes that they need to exclude, as well, are done correctly. It is mainly on the exclusions to ensure they don't have any impact.

I would rate this solution eight out of 10.