The solution needs to improve its virtual patching capabilities. One area where it could improve is by offering a patch management solution bundled with its security products. This would make it even more competitive against solutions like Kaspersky that offer this feature.
The solution's documentation is not streamlined and is in bits and pieces, which should be in a single format. Trellix Endpoint Security should include the virtual patching feature in the next release.
Senior Technical Engineer at Safezone Secure Solutions Private Limited
Real User
Top 10
2023-11-29T10:19:00Z
Nov 29, 2023
Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.
Network Security & Data Management Admin at Digitaltrack
Real User
Top 5
2023-08-02T07:14:23Z
Aug 2, 2023
Trellix Endpoint Security doesn't support Mac devices. Trellix Endpoint Security doesn't offer full-fledged support for Linux. In the future, I would like the product to support Mac and Linux. When it comes to classification, Trellix has its own DLP solution. They do provide classification in Trellix Endpoint Security, but not at a full-fledged level. It would be good if Trellix Endpoint Security provided a full-fledged classification. The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support. Technical support also lacks in providing proper solutions to issues.
Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator. The solution should provide a more easy way to uninstall it on specific stations.
Currently, Trellix Endpoint Security can't find the running mutexes, while other open-source products can do it. Mutex is something like a malware user. Secondly, the solution should support multiple output formats for the triage image. Currently, the solution has only Mandiant format, where you can't use tools like volatility to analyze the memory image. It would be good if Trellix Endpoint Security had a good visualization like other products, such as SentinelOne and Carbon Black.
I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting.
Assistant Vice President at a financial services firm with 10,001+ employees
Real User
Top 20
2023-02-13T20:28:28Z
Feb 13, 2023
Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product. The solution could provide open XDR in addition to EDR. Adding MDR makes sense instead of just being on the EDR and DXDR fronts.
General Manager at a tech services company with 11-50 employees
Real User
Top 10
2023-01-03T16:18:16Z
Jan 3, 2023
Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing.
The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy. If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal. Technical support needs improvement.
CyberSecurity Engineer at a government with 501-1,000 employees
Real User
2022-10-31T19:28:13Z
Oct 31, 2022
Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.
ITOfficer at U.S. Army Medical Research Unit - Kenya
Real User
2022-08-25T13:37:46Z
Aug 25, 2022
The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good. It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do. The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.
IT Lead Engineer, Information Technology at Banglalink
Real User
2022-05-12T21:46:26Z
May 12, 2022
Some agents become old and then they don't communicate well any longer. They need an update. They need to make sure that older agents on active computers communicate properly. Sometimes the agents stop working, however, we cannot understand why. This is sometimes a problem, especially if some agent is not communicating for one month or two months. We're not sure if there's a backlog or if it got infected. We need to know right away if an agent has stopped working and possibly what has caused it to stop. They have a dashboard. In the dashboard, you can see if a signature is in backlog, and it becomes red. This is also required if new agents or some number of event communications stop.
Senior Engineer at a comms service provider with 10,001+ employees
Real User
2021-10-05T08:44:05Z
Oct 5, 2021
The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place. In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available. McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.
We don't like the solution since it requires much memory consumption and consumes much CPU resources. All the machines becomes very slow whenever it uses its tab scans. For this reason, we consider the solution to not be good nowadays. The newer solutions consume less memory and CPU. We employ the solution for our antivirus needs, for which it is solely suited, and not as an EDR. We are actually looking for an XDR solution. The solution is currently outdated. We are looking for Next-Gen antivirus along with EDR and it should have XDR capabilities as well. This would take care of the network and the properties that are running in the background. They should be protected from cyber threats. The solution should also be faster. McAfee actually offers EDR and XDR capabilities but, based on our experience, it consumes an inordinate amount of memory and CPU and this causes the system to be slow. At present, McAfee does not lead the market when it comes to antivirus security solutions.
There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Shield. It is quite old and is not fully integrated properly and could be improved. In an upcoming release, there could be an improvement in performance. There are times the solution can use a lot of resources on the local machines. This normally happens when the system is scanning, the end-user can really notice the performance change. After every new version that is released, there are improvements made. However, there is still room for improvement.
When it comes to DLP or McAfee Security Encryption, with which I am happy, I like to make use of the solution for Vault, but find that the encryption is problematic. The system needs reforming. Suppose the solution is utilized on a laptop or desktop and the client wishes to make an assignment to another person but forgot his password. The data cannot be archived or backed up.
Senior System Administrator at a computer software company with 501-1,000 employees
Real User
2021-03-25T19:02:54Z
Mar 25, 2021
The solution takes up a high amount of memory and can cause the system to hang. The malware detection, as good as it is, does not seem to be deployed correctly. It's not doing system quarantine. If a system gets attacked by ransomware, it's not going to be quarantined correctly. If someone wants to filter or asks the system, "Please remove that antivirus we don't want it here," due to the fact that we don't want to work on a specific system, we get frustrated as it won't remove itself. It just starts scanning when we don't want it to and it begins to slow down everything when we need to do important work. We would like there to be better reports that we could take to management to have them be able to look at. Recently, we have seen that Ransomware updating is starting with just SQL services. It would be nice if it was offered across the board.
Support Security Engineer at a computer software company with 501-1,000 employees
Real User
2021-02-09T08:02:00Z
Feb 9, 2021
The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually. I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.
The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features. This product requires Microsoft SQL Server as a database and you have to deploy it yourself, then later integrate it with the console.
CISO at a manufacturing company with 10,001+ employees
Real User
2020-12-21T22:27:00Z
Dec 21, 2020
In terms off what could be improved, it is a little bit slow. Additionally, the encryption part definitely needs to be improved. We have faced certain issues recovering the data from systems which could not be fully encrypted by McAfee and then the decryption was a nightmare, it took a lot of time. Some could not even be recovered. That was one issue. The endpoint protection and anti malware features are good. But encryption and decryption are a bit slow and it's a tedious job. The second issue is that the public dashboards are out-of-the box kinds of features, so they need to be configured, which takes a lot of time. Finally, there is an issue with the device timing features for allowing certain devices within the network for what we call USB protection. For master devices or static Bluetooth devices which need to be connected, the white-listing of those devices needs to be more straightforward, it is currently highly technical. The dashboard and encryption should be improved. There is a cloud-based environment available from McAfee which is called MOVE. If the customer has already implemented it on-premises, it should be integratable with the MOVE version. We discussed this with McAfee and they said encryption data can not be moved to cloud. This means if I move my antivirus server to the cloud, I still need to maintain a separate encryption server within my network. That is the challenge. We would like to see all the features available on cloud.
The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand. Its price can also be improved. Its price is higher than its competitors. McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country.
General manager at a tech services company with 201-500 employees
Real User
2020-11-12T13:38:54Z
Nov 12, 2020
I would like to see more integration with third-party products. Pricing is always something that can be improved. In the future, this product should make use of artificial intelligence and machine learning technology.
System Engineer at a comms service provider with 10,001+ employees
Real User
2020-11-02T15:06:08Z
Nov 2, 2020
We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems. The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.
Senior Project Manager at a computer software company with 1,001-5,000 employees
Real User
2020-08-27T10:31:00Z
Aug 27, 2020
We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly. One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected. For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.
VP - Cyber Security at a manufacturing company with 11-50 employees
Real User
2020-06-28T08:51:00Z
Jun 28, 2020
There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging. The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread.
This solution is difficult to implement. There are lots of features but it has to be implemented the right way. I would like this solution to do what Palo Alto traps does because I would only need to run this one product.
On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it.
General Manager at a tech services company with 11-50 employees
Real User
Top 10
2019-07-08T07:42:00Z
Jul 8, 2019
They don't have any gateway solution. In the past, they did. I think they need a gateway solution to control internet traffic. In the next solution, it will improve the total security, on the network security side if they add this. In Turkey, according to regulations, the main platform must stay on on-prem, not on the cloud. Most of the customers are still using the mail gateway solution but McAfee stopped developing mail gateway security. For us, it's one of the missing pieces on McAfee in Turkey. They're right, they saw that mail business is going to cloud but in closed countries, we need a gateway solution. McAfee is missing this. In the next release, they should add something that converts the endpoint business switch for the endpoints. They can integrate side endpoints and try to add them to an existing endpoint, or maybe they can match all these add-ons on a single agent.
In my experience, the main part of McAfee Complete Endpoint Protection that needs to be improved or simplified to make the platform better is the scanning features. Sometimes when it runs in the background of the endpoint, the devices get slowed down for some software applications. The reporting should be used to enhance our analysis. There are some dashboards for user management. There is still improvement required with them.
General Manager (Corporate Services) with 1,001-5,000 employees
Real User
2019-06-24T12:13:00Z
Jun 24, 2019
In our experience, McAfee Endpoint Protection could improve the word control feature. It is absent from the application. I couldn't do that. Everything has been fine with the product. It could use better visuals. The tutorial is very limited. They need better training materials and visuals in reports.
Consultant at a tech services company with 501-1,000 employees
Reseller
2019-06-23T09:40:00Z
Jun 23, 2019
The solution is getting better. The new central console is better than the earlier one. Earlier it was too complex to find out which option was there. So, if there was a search menu for certain things and if I wanted to enable or disable something, I couldn't. Now there's a search menu that I can type into and I can navigate through the menu to where I want to go. There are still too many options but it is better now. Sometimes, while installing the ePO we get many errors and I don't know why they happen. So I just want them to work on that part. So that during the implementation there will be fewer errors. I'm not sure if McAfee supports patching. They could add vulnerability scanning as a feature. I know the setting is already there, but if they could add a feature of vulnerability scanning and patching that would be great.
operador central de monitoreo at a financial services firm with 501-1,000 employees
Real User
2019-02-12T10:09:00Z
Feb 12, 2019
We have a lot of problems with the user experience and it's difficult to implement. MacAfee's better than the ancient anti-virus solutions but it's a little slow to resolve. Many files with malware were destroyed through the network, and MacAfee doesn't detect anything. They should improve the time of response, the time of the detection of malware, and the installation of the service. The features we would want a good endpoint solution to contain are: * Multi-operative system * Better performance * Integration with browsers * Firewall control * Vulnerability detections * Threat protections * Malware detection * Detection of patterns of behavior * Process exception * Automatic authorizations * Control of application reliable * The quarantine of a compromised device
The endpoint has room for improvement because it's restrictive, it's very sensitive. Sometimes it can delete something that you need and so sometimes you have to disable the antivirus.
VP TecnologĂa at a tech services company with 10,001+ employees
Real User
2018-11-22T10:29:00Z
Nov 22, 2018
One of the drawbacks to the solution is that it is not 100% secure. Sometimes it fails. Another thing we have noticed is that it is not easy to get all of the navigation information from a user. There is definitely room for improvement.
ICT Manager at a printing company with 201-500 employees
Real User
2018-09-25T09:23:00Z
Sep 25, 2018
I think they have fantastic product but still kind of in the very early stages at the moment. Because they're just changing from the modular version, where they have a antivirus version and they have a spyware module. They have a different module, although it's managed by a single management console to now single-module called endpoint protection. But still, behind the scenes it seems to be a different product, different traits, with different capabilities and speed. Although they have increased the complexity, it has affected the scanning speed.
Trellix Endpoint Security provides aggressive robust protection for every endpoint in an enterprise organization. Trellix uses dynamic threat intelligence and mounts a superb defense across the complete threat lifecycle. This solution will keep your organization more secure and resistant to any possible threat of risks. Trellix offers an amalgamated suite of next-generation endpoint security tools. These tools give users the benefit of machine learning, intuitive intelligence, and greater...
The solution needs to improve its virtual patching capabilities. One area where it could improve is by offering a patch management solution bundled with its security products. This would make it even more competitive against solutions like Kaspersky that offer this feature.
Patch management can be included as a feature in the solution.
I've encountered minor challenges related to encryption.
The solution's documentation is not streamlined and is in bits and pieces, which should be in a single format. Trellix Endpoint Security should include the virtual patching feature in the next release.
Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.
The tool could provide more advanced protection. It should do a deeper analysis of the files.
Trellix Endpoint Security doesn't support Mac devices. Trellix Endpoint Security doesn't offer full-fledged support for Linux. In the future, I would like the product to support Mac and Linux. When it comes to classification, Trellix has its own DLP solution. They do provide classification in Trellix Endpoint Security, but not at a full-fledged level. It would be good if Trellix Endpoint Security provided a full-fledged classification. The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support. Technical support also lacks in providing proper solutions to issues.
Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator. The solution should provide a more easy way to uninstall it on specific stations.
Currently, Trellix Endpoint Security can't find the running mutexes, while other open-source products can do it. Mutex is something like a malware user. Secondly, the solution should support multiple output formats for the triage image. Currently, the solution has only Mandiant format, where you can't use tools like volatility to analyze the memory image. It would be good if Trellix Endpoint Security had a good visualization like other products, such as SentinelOne and Carbon Black.
I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting.
Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product. The solution could provide open XDR in addition to EDR. Adding MDR makes sense instead of just being on the EDR and DXDR fronts.
Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing.
The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy. If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal. Technical support needs improvement.
Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.
The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good. It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do. The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.
Some agents become old and then they don't communicate well any longer. They need an update. They need to make sure that older agents on active computers communicate properly. Sometimes the agents stop working, however, we cannot understand why. This is sometimes a problem, especially if some agent is not communicating for one month or two months. We're not sure if there's a backlog or if it got infected. We need to know right away if an agent has stopped working and possibly what has caused it to stop. They have a dashboard. In the dashboard, you can see if a signature is in backlog, and it becomes red. This is also required if new agents or some number of event communications stop.
While I cannot recall anything specific at the moment, there are many areas of the solution that I wish to see improved.
Along with improving scalability, I would like DLP features to be added in to the endpoint security.
The software download features could stand improvement. This sometimes must be undertaken manually. The job hosting features should also be improved.
The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place. In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available. McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.
They can make it free, but that's not going to happen.
It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well.
We don't like the solution since it requires much memory consumption and consumes much CPU resources. All the machines becomes very slow whenever it uses its tab scans. For this reason, we consider the solution to not be good nowadays. The newer solutions consume less memory and CPU. We employ the solution for our antivirus needs, for which it is solely suited, and not as an EDR. We are actually looking for an XDR solution. The solution is currently outdated. We are looking for Next-Gen antivirus along with EDR and it should have XDR capabilities as well. This would take care of the network and the properties that are running in the background. They should be protected from cyber threats. The solution should also be faster. McAfee actually offers EDR and XDR capabilities but, based on our experience, it consumes an inordinate amount of memory and CPU and this causes the system to be slow. At present, McAfee does not lead the market when it comes to antivirus security solutions.
There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Shield. It is quite old and is not fully integrated properly and could be improved. In an upcoming release, there could be an improvement in performance. There are times the solution can use a lot of resources on the local machines. This normally happens when the system is scanning, the end-user can really notice the performance change. After every new version that is released, there are improvements made. However, there is still room for improvement.
When it comes to DLP or McAfee Security Encryption, with which I am happy, I like to make use of the solution for Vault, but find that the encryption is problematic. The system needs reforming. Suppose the solution is utilized on a laptop or desktop and the client wishes to make an assignment to another person but forgot his password. The data cannot be archived or backed up.
The solution takes up a high amount of memory and can cause the system to hang. The malware detection, as good as it is, does not seem to be deployed correctly. It's not doing system quarantine. If a system gets attacked by ransomware, it's not going to be quarantined correctly. If someone wants to filter or asks the system, "Please remove that antivirus we don't want it here," due to the fact that we don't want to work on a specific system, we get frustrated as it won't remove itself. It just starts scanning when we don't want it to and it begins to slow down everything when we need to do important work. We would like there to be better reports that we could take to management to have them be able to look at. Recently, we have seen that Ransomware updating is starting with just SQL services. It would be nice if it was offered across the board.
The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually. I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.
The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features. This product requires Microsoft SQL Server as a database and you have to deploy it yourself, then later integrate it with the console.
In terms off what could be improved, it is a little bit slow. Additionally, the encryption part definitely needs to be improved. We have faced certain issues recovering the data from systems which could not be fully encrypted by McAfee and then the decryption was a nightmare, it took a lot of time. Some could not even be recovered. That was one issue. The endpoint protection and anti malware features are good. But encryption and decryption are a bit slow and it's a tedious job. The second issue is that the public dashboards are out-of-the box kinds of features, so they need to be configured, which takes a lot of time. Finally, there is an issue with the device timing features for allowing certain devices within the network for what we call USB protection. For master devices or static Bluetooth devices which need to be connected, the white-listing of those devices needs to be more straightforward, it is currently highly technical. The dashboard and encryption should be improved. There is a cloud-based environment available from McAfee which is called MOVE. If the customer has already implemented it on-premises, it should be integratable with the MOVE version. We discussed this with McAfee and they said encryption data can not be moved to cloud. This means if I move my antivirus server to the cloud, I still need to maintain a separate encryption server within my network. That is the challenge. We would like to see all the features available on cloud.
An area of improvement for this solution is to make it easier to manage.
The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand. Its price can also be improved. Its price is higher than its competitors. McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country.
I would like to see more integration with third-party products. Pricing is always something that can be improved. In the future, this product should make use of artificial intelligence and machine learning technology.
We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems. The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.
It didn't work well for some of the use cases. We have different use cases for each entity. Their support is also not good and needs improvement.
We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly. One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected. For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.
The reporting could be improved, by providing more reporting features. The resolution time should be faster.
There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging. The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread.
This solution is difficult to implement. There are lots of features but it has to be implemented the right way. I would like this solution to do what Palo Alto traps does because I would only need to run this one product.
The solution could use better updates and fewer bugs.
On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it.
They don't have any gateway solution. In the past, they did. I think they need a gateway solution to control internet traffic. In the next solution, it will improve the total security, on the network security side if they add this. In Turkey, according to regulations, the main platform must stay on on-prem, not on the cloud. Most of the customers are still using the mail gateway solution but McAfee stopped developing mail gateway security. For us, it's one of the missing pieces on McAfee in Turkey. They're right, they saw that mail business is going to cloud but in closed countries, we need a gateway solution. McAfee is missing this. In the next release, they should add something that converts the endpoint business switch for the endpoints. They can integrate side endpoints and try to add them to an existing endpoint, or maybe they can match all these add-ons on a single agent.
Business Support some times lazy but once they on board they will get the job done.
In my experience, the main part of McAfee Complete Endpoint Protection that needs to be improved or simplified to make the platform better is the scanning features. Sometimes when it runs in the background of the endpoint, the devices get slowed down for some software applications. The reporting should be used to enhance our analysis. There are some dashboards for user management. There is still improvement required with them.
In our experience, McAfee Endpoint Protection could improve the word control feature. It is absent from the application. I couldn't do that. Everything has been fine with the product. It could use better visuals. The tutorial is very limited. They need better training materials and visuals in reports.
The solution is getting better. The new central console is better than the earlier one. Earlier it was too complex to find out which option was there. So, if there was a search menu for certain things and if I wanted to enable or disable something, I couldn't. Now there's a search menu that I can type into and I can navigate through the menu to where I want to go. There are still too many options but it is better now. Sometimes, while installing the ePO we get many errors and I don't know why they happen. So I just want them to work on that part. So that during the implementation there will be fewer errors. I'm not sure if McAfee supports patching. They could add vulnerability scanning as a feature. I know the setting is already there, but if they could add a feature of vulnerability scanning and patching that would be great.
Its pricing needs to be improved.
We have a lot of problems with the user experience and it's difficult to implement. MacAfee's better than the ancient anti-virus solutions but it's a little slow to resolve. Many files with malware were destroyed through the network, and MacAfee doesn't detect anything. They should improve the time of response, the time of the detection of malware, and the installation of the service. The features we would want a good endpoint solution to contain are: * Multi-operative system * Better performance * Integration with browsers * Firewall control * Vulnerability detections * Threat protections * Malware detection * Detection of patterns of behavior * Process exception * Automatic authorizations * Control of application reliable * The quarantine of a compromised device
The endpoint has room for improvement because it's restrictive, it's very sensitive. Sometimes it can delete something that you need and so sometimes you have to disable the antivirus.
The DAC (Dynamic Application Containment) component of this product needs improvement.
One of the drawbacks to the solution is that it is not 100% secure. Sometimes it fails. Another thing we have noticed is that it is not easy to get all of the navigation information from a user. There is definitely room for improvement.
I think they have fantastic product but still kind of in the very early stages at the moment. Because they're just changing from the modular version, where they have a antivirus version and they have a spyware module. They have a different module, although it's managed by a single management console to now single-module called endpoint protection. But still, behind the scenes it seems to be a different product, different traits, with different capabilities and speed. Although they have increased the complexity, it has affected the scanning speed.