Currently, for additional applications that need monitoring by the EPP, a request must be made to their technical support. It would be beneficial to add a feature allowing users to manually add applications for monitoring without depending on the vendor.
CoSoSys Endpoint Protector has many predefined classifiers for data identifiers. It needs to improve in terms of policy customization. I observed that fewer policies were available, which needs to be improved so that users can modify and view policies based on their requirements and create their templates. The audit part could be added. With our current architecture, we have a lot of alerts, for example, when a user requests access to a policy temporarily for a business requirement. We can make an automatic request mechanism that would work for this type of scenario, which would help us sleep better at night.
Endpoint Protector, in particular, had some features to be desired for the Mac operating system. The controls it provided were not adequate with Mac machines, especially with the new application registry feature.
They have many predefined classifiers in terms of data identifiers, and they should improve this. As per the market perspectives, the data is driven and the usage is totally modernized. Digitally, there are lots of inventions and the data usage depends on the cloud.
It would be better if they had an inbound restriction feature. For example, I work out of my home from my personal computer. All my policies can be deployed while working. When I am done, I should be able to use my machine as my personal machine, and all these policies should be waived. In the next release, I want time bound restriction of the policies because most of these users were working out of home and using their personal computers.
Learn what your peers think about Netwrix Endpoint Protector. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Because it is only an Endpoint Protector at this point in time, it does not have a network DLP component. There's only an endpoint DLP component. In the future, it would be good if a network DLP component could be embedded and extended to have network DLP capabilities.
We are using it to only apply media restrictions. When we are installing a new agent, we have to install EPP manually on a device. It would be great if the installations can be done from the server instead of me going to each PC or device to implement EPP or using a policy. They should have some sort of system so that a domain admin can install EPP on all PCs from a central manager. After EPP is installed, the upgrade can be done from the EPP console, but they don't always work. Sometimes, there are minor issues with upgrades, but we are able to sort them with the help of their support. The EPP support is great.
Information Technology Security Engineer at a comms service provider with 10,001+ employees
Real User
2021-04-07T19:13:00Z
Apr 7, 2021
Endpoint Protector provides a single platform to support Windows, macOS, and Linux devices. There is some improvement that is needed there. The policies must be created per OS and in a large deployment with the diverse OS platform use case which can get a little bit unwieldy. Room for improvement there could be a way to clone a policy and map the old policy to the new policy on a new OS. Right now, you would just have to open it up on two different screens and map it manually, but a way to clone it to a new OS and map the differences or map the similarities would be room for improvement. I would rate the role-based access features for administrators a six out of ten. There's work to be done on the granularity of roles that can be assigned to an administrator but there is role-based administrator access present. That's why it's not a zero rating. We would probably make better use of tier1 support texts and give them granular abilities within the user interface to help us administer it and then move it to a different tier 2 tech support if the role-based permissions were more granular. A feature request would be treating a deny list as an exit point. We'd also like to have the ability to tie an allow list to a group rather than a policy so that the allow list follows the group of users or computers. Whatever policy they hit they're always allowed certain URLs. That would be a nice feature for management purposes. It could also use some minor UI improvements. There's a little bit of inconsistency in the UI that takes some getting used to.
Interactive Developer at Customer Communications Group, Inc.
Real User
2021-03-10T21:41:00Z
Mar 10, 2021
This product provides zero-day protection for macOS, although I'm currently dealing with an issue on the most recent rollout of the Endpoint client that doesn't seem to be fully functioning. It is absolutely important to me, but it has not been successful. This is something that they are definitely working on resolving. I've had multiple IT consults where we've brought on a couple of developers to try and figure out what's going on with the Mac's most recent update versus their most recent update.
I would like to see an alert feature that when a system is started, it checks to make sure that the client has the most up-to-date policies. Before the policies are updated, nothing can be done on the system.
IT Specialist at TresVista Financial Services Pvt. Ltd.
Real User
2021-02-24T21:07:00Z
Feb 24, 2021
We are currently facing an issue where it is blocking the Winman software, which is something that we don't want to happen because we use it in our accounts department to pay taxes. There is no option or support available for DriveHQ.
Security Architect at a tech services company with 11-50 employees
Real User
2021-02-16T23:41:00Z
Feb 16, 2021
The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery. It's somewhat lacking in terms of the granularity of the policies that you can create. Because this is a Mac environment, you have slim pickings. You have really good detection mechanisms, like Code42, but a lot of those players don't operate at the medium business size. So, in terms of the market segment, CoSoSys is really the only player that will be able to still effectively pick up on it, so they're the only game in town on policy. They don't really have much competition in this segment.
People Operations Manager at a tech services company with 11-50 employees
Real User
2021-01-27T18:02:00Z
Jan 27, 2021
There are times when the server needs to be updated, and it would help if I got a notification for when the newest version comes out, because at the moment, I'm going in every now and then and checking. Sometimes it comes out and I didn't know it had come out. It would be super-helpful if I got a notification saying, "It's time to update the server."
Core Facilities & ICT Manager at MJB International LLC/ Al Masaood John Brown LLC
Real User
2020-12-16T06:53:00Z
Dec 16, 2020
When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind.
I bought it for my Windows, Linux, and Mac platform. Frankly speaking, I'm not happy with the product. The reason is that they have not tested the product in their environment. You can't really install it on any endpoint, because you never know what will happen. I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps. In my experience, they claim their product is very good, but I don't think so. Software should be such that if you deploy it on any machine, it should not come up with issues. If it is blocking things I can understand that the engine behind the software is very good. But it is blocking things that are not required to be blocked. The major challenge was my Linux environment, and that is why I took this product—to get it deployed on my Linux machine. But if I want to deploy it on Linux 1, 2, or 20, or some other Linux distribution, I need to reach out to the support team to get the agents. If I have paid for licenses, they should be on the portal so I can download all the different versions freely. If I want to install it on any machine, I need to give the version of that machine and they will give me the agent. You don't know whether that agent is the latest one or not. And if you face challenges you have to go back to the support team again and say, "I have deployed it and I'm facing this issue." They will give you another version. I can't tell you all the challenges we have faced. I have not deployed it on a single Linux machine, and it was for Linux that I bought this product. I have just put it on Windows, because on Windows I am facing fewer issues compared to Mac and Linux. It is not a straightforward installation or a straightforward configuration, for me or the end-user.
IT Manager of Information Technology Operations Manager at astrafaelcomsys.com
Real User
2020-12-08T05:42:00Z
Dec 8, 2020
A lot of things can be improved. Especially customization could be a lot better. Sometimes there are issues like when I write a policy to block finance sites. It also blocks the banking sites I have not included. Sometimes it also blocks commands I send to the machine while using Matrix software. Whenever this happens, I have to go into the software and choose the packet inspection option or something similar. Then I have to send the command again to the machine, and if it doesn't work, I have to contact the support team. These are some of the issues I have dealt with.
Some CoSoSys features do need to be improved. For example, in Linux a user can remove a getent anytime. There is no control there on the file structure in Linux. So if this solution could give us information on what users removed in the dashboard, it would help us. If CoSoSys applied this sort of improvement, it would help us a lot.
Consultant at a tech services company with 501-1,000 employees
Reseller
2020-11-27T17:16:00Z
Nov 27, 2020
As a host DLP solution, it has granular controls and features. It misses Network level DLP and SaaD DLP offerings. If CoSoSys comes up with a suite of Host DLP, along with Network DLP and SaaS DLP, it will cover all of the aspects of a DLP solution. Various other products provide us a complete suite of solutions covering Host, Network, and SaaS aspects. Examples of these are Forcepoint and Digital Guardian.
Content Aware Protection
Scanning data in motion
Monitor, control and block file transfers. Detailed control through both content and context inspection.
Device Control
USB & peripheral port control
Lockdown, monitor and manage devices. Granular control based on Vendor ID, Product ID, Serial Number and more.
Enforced Encryption
Automatic USB encryption
Encrypt, manage and secure USB storage devices by safeguarding data in transit. Password-based, easy to use and very efficient.
...
Currently, for additional applications that need monitoring by the EPP, a request must be made to their technical support. It would be beneficial to add a feature allowing users to manually add applications for monitoring without depending on the vendor.
The only aspect that prevents it from being a perfect solution is the occasional slower response time.
CoSoSys Endpoint Protector has many predefined classifiers for data identifiers. It needs to improve in terms of policy customization. I observed that fewer policies were available, which needs to be improved so that users can modify and view policies based on their requirements and create their templates. The audit part could be added. With our current architecture, we have a lot of alerts, for example, when a user requests access to a policy temporarily for a business requirement. We can make an automatic request mechanism that would work for this type of scenario, which would help us sleep better at night.
Endpoint Protector, in particular, had some features to be desired for the Mac operating system. The controls it provided were not adequate with Mac machines, especially with the new application registry feature.
They have many predefined classifiers in terms of data identifiers, and they should improve this. As per the market perspectives, the data is driven and the usage is totally modernized. Digitally, there are lots of inventions and the data usage depends on the cloud.
It would be better if they had an inbound restriction feature. For example, I work out of my home from my personal computer. All my policies can be deployed while working. When I am done, I should be able to use my machine as my personal machine, and all these policies should be waived. In the next release, I want time bound restriction of the policies because most of these users were working out of home and using their personal computers.
Endpoint Protector would be improved with more DLP templates.
Because it is only an Endpoint Protector at this point in time, it does not have a network DLP component. There's only an endpoint DLP component. In the future, it would be good if a network DLP component could be embedded and extended to have network DLP capabilities.
We are using it to only apply media restrictions. When we are installing a new agent, we have to install EPP manually on a device. It would be great if the installations can be done from the server instead of me going to each PC or device to implement EPP or using a policy. They should have some sort of system so that a domain admin can install EPP on all PCs from a central manager. After EPP is installed, the upgrade can be done from the EPP console, but they don't always work. Sometimes, there are minor issues with upgrades, but we are able to sort them with the help of their support. The EPP support is great.
Endpoint Protector provides a single platform to support Windows, macOS, and Linux devices. There is some improvement that is needed there. The policies must be created per OS and in a large deployment with the diverse OS platform use case which can get a little bit unwieldy. Room for improvement there could be a way to clone a policy and map the old policy to the new policy on a new OS. Right now, you would just have to open it up on two different screens and map it manually, but a way to clone it to a new OS and map the differences or map the similarities would be room for improvement. I would rate the role-based access features for administrators a six out of ten. There's work to be done on the granularity of roles that can be assigned to an administrator but there is role-based administrator access present. That's why it's not a zero rating. We would probably make better use of tier1 support texts and give them granular abilities within the user interface to help us administer it and then move it to a different tier 2 tech support if the role-based permissions were more granular. A feature request would be treating a deny list as an exit point. We'd also like to have the ability to tie an allow list to a group rather than a policy so that the allow list follows the group of users or computers. Whatever policy they hit they're always allowed certain URLs. That would be a nice feature for management purposes. It could also use some minor UI improvements. There's a little bit of inconsistency in the UI that takes some getting used to.
This product provides zero-day protection for macOS, although I'm currently dealing with an issue on the most recent rollout of the Endpoint client that doesn't seem to be fully functioning. It is absolutely important to me, but it has not been successful. This is something that they are definitely working on resolving. I've had multiple IT consults where we've brought on a couple of developers to try and figure out what's going on with the Mac's most recent update versus their most recent update.
I would like to see an alert feature that when a system is started, it checks to make sure that the client has the most up-to-date policies. Before the policies are updated, nothing can be done on the system.
We are currently facing an issue where it is blocking the Winman software, which is something that we don't want to happen because we use it in our accounts department to pay taxes. There is no option or support available for DriveHQ.
The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery. It's somewhat lacking in terms of the granularity of the policies that you can create. Because this is a Mac environment, you have slim pickings. You have really good detection mechanisms, like Code42, but a lot of those players don't operate at the medium business size. So, in terms of the market segment, CoSoSys is really the only player that will be able to still effectively pick up on it, so they're the only game in town on policy. They don't really have much competition in this segment.
There are times when the server needs to be updated, and it would help if I got a notification for when the newest version comes out, because at the moment, I'm going in every now and then and checking. Sometimes it comes out and I didn't know it had come out. It would be super-helpful if I got a notification saying, "It's time to update the server."
When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind.
I bought it for my Windows, Linux, and Mac platform. Frankly speaking, I'm not happy with the product. The reason is that they have not tested the product in their environment. You can't really install it on any endpoint, because you never know what will happen. I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps. In my experience, they claim their product is very good, but I don't think so. Software should be such that if you deploy it on any machine, it should not come up with issues. If it is blocking things I can understand that the engine behind the software is very good. But it is blocking things that are not required to be blocked. The major challenge was my Linux environment, and that is why I took this product—to get it deployed on my Linux machine. But if I want to deploy it on Linux 1, 2, or 20, or some other Linux distribution, I need to reach out to the support team to get the agents. If I have paid for licenses, they should be on the portal so I can download all the different versions freely. If I want to install it on any machine, I need to give the version of that machine and they will give me the agent. You don't know whether that agent is the latest one or not. And if you face challenges you have to go back to the support team again and say, "I have deployed it and I'm facing this issue." They will give you another version. I can't tell you all the challenges we have faced. I have not deployed it on a single Linux machine, and it was for Linux that I bought this product. I have just put it on Windows, because on Windows I am facing fewer issues compared to Mac and Linux. It is not a straightforward installation or a straightforward configuration, for me or the end-user.
A lot of things can be improved. Especially customization could be a lot better. Sometimes there are issues like when I write a policy to block finance sites. It also blocks the banking sites I have not included. Sometimes it also blocks commands I send to the machine while using Matrix software. Whenever this happens, I have to go into the software and choose the packet inspection option or something similar. Then I have to send the command again to the machine, and if it doesn't work, I have to contact the support team. These are some of the issues I have dealt with.
Some CoSoSys features do need to be improved. For example, in Linux a user can remove a getent anytime. There is no control there on the file structure in Linux. So if this solution could give us information on what users removed in the dashboard, it would help us. If CoSoSys applied this sort of improvement, it would help us a lot.
As a host DLP solution, it has granular controls and features. It misses Network level DLP and SaaD DLP offerings. If CoSoSys comes up with a suite of Host DLP, along with Network DLP and SaaS DLP, it will cover all of the aspects of a DLP solution. Various other products provide us a complete suite of solutions covering Host, Network, and SaaS aspects. Examples of these are Forcepoint and Digital Guardian.