The way that ePolicy launches the updates is very slow. It would be great if that was faster. They need to enhance their vulnerability scanner so we can be more secure. The most tedious part of the product is when you block USBs. To make an exception for a user means you have to deal with a very difficult user interface. It would be better if they fixed that so only the administrator could click it somewhere and give permission. Right now, the user has to send a keyword, then the administrator has to use that keyword to make the exception for the user. It's very complicated for the user to do. They don't know how to do that. They could use some cell phone MDM to control the cell phones and the tablets and stuff. They don't have that. They need better integration with MDM devices.
The solution is difficult to tune to avoid false positives. The product could use a better upgrade path for customers, as there is no clear way for them to update to newer versions.
Cyber Security Consultant at a computer software company with 51-200 employees
Real User
2022-05-18T20:02:00Z
May 18, 2022
McAfee ePolicy Orchestrator requires a lot of manual work. For example, if you use Symantec DLP, only one policy is needed, and you can apply it to all of the channels that are an endpoint, like the web or email. With McAfee, you need to create separate rules for all of those channels. One policy for email, one policy for web, and so on. I would like to see McAfee reduce the amount of manual work required. In the next release, I would like to see an integration with third-party solutions for classification. We find that implementation is limited for some products. I would like an open API that we can integrate with other classification tools.
cybersecurity specialist at a mining and metals company with 10,001+ employees
Real User
2021-12-27T19:30:00Z
Dec 27, 2021
In terms of what could be improved, I would say the impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this. As for what I would like to see in the next release, that is related to the disadvantages, the drawbacks as I would call it. Some tuning of the inheritances for policies and things, so that we can extend policies to a lower level in the organization or in the structure. Inherit and extend rather than break the inheritance and start again on a lower level, because then, when on a higher level, and something changes, it has to be replicated on a lower level, rather than being taken automatically into account which complicates the management. Additionally, some performance tuning on the endpoints to make sure the agent does not take too much resources or it could be further granularly customized. Something like it should not take more than X percent of memory or of CPU in office hours, business hours, and could take more outside of those hours. So some tweaks, improvements, and configuration options in these areas.
Learn what your peers think about McAfee ePolicy Orchestrator. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Chief Information Security Officer at a venture capital & private equity firm with 201-500 employees
Real User
2021-09-17T20:17:35Z
Sep 17, 2021
There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space.
The product could have a single plug-in that would have multiple uses rather than a single plug-in which is used for a single purpose. Each aspect has a separate plug-in. They should concentrate on providing something for all of the options that are available.
Security Analyst at a financial services firm with 201-500 employees
Real User
2020-08-12T07:01:45Z
Aug 12, 2020
The solution sometimes has some false positives on connections from the web control aspect of the product. This needs to be improved. When you have false positive on the firewall, it rarely blocks off some legitimate connections to our network. The reporting could be better. Search or filter on Knowledge base gives broad choices instead of almost specific to your search. agent communication between client and server but products are not deployed.
Senior Manager at a tech services company with 1,001-5,000 employees
Real User
2020-03-09T08:07:50Z
Mar 9, 2020
The solution needs to be more clear about the licensing. They should have a way for users to educate themselves on the costs so that companies can figure out how to reduce costs. There needs to be support for Mac computers. Currently, McAfee does not work on iOS.
There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring.
Information System Security Coordinator at a comms service provider with 501-1,000 employees
Real User
2019-12-05T06:53:00Z
Dec 5, 2019
From my point of view, the solution is good. Even if there are problems we're able to find a resolution quite quickly. There were some issues in earlier versions but after the upgrade to the latest version, we haven't had any issues. I have noticed several times that some viruses were not detected by McAfee ENS and we had to escalate support and modify detection signatures. The detection aspect should be improved so that signatures are updated more quickly. For additional features, there really isn't very much to suggest. The main issue would be to improve detection.
This solution ships with SQL Express, and we have issues related to database corruption in the event of power loss. Especially on this side of the world, we have a lot of power outages and most companies do not have backup power solutions. In most cases, when the power goes out, the database tends to corrupt a lot. For example, clients will be having trouble logging on because the login credentials are corrupt. They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database.
Information Security Analyst at a tech services company
Real User
2019-06-13T05:55:00Z
Jun 13, 2019
McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers. Threat detection capabilities should be increased for both viruses and other threats.
There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates. There have been some problems with monitoring the logs. It's not very user-friendly.
McAfee ePolicy Orchestrator (McAfee ePO) is the most advanced, extensible, and scalable centralized security management software in the industry. Unifying security management through an open platform, McAfee ePO makes risk and compliance management simpler and more successful for organizations of all sizes.
The installation process is quite difficult and requires technical support.
The way that ePolicy launches the updates is very slow. It would be great if that was faster. They need to enhance their vulnerability scanner so we can be more secure. The most tedious part of the product is when you block USBs. To make an exception for a user means you have to deal with a very difficult user interface. It would be better if they fixed that so only the administrator could click it somewhere and give permission. Right now, the user has to send a keyword, then the administrator has to use that keyword to make the exception for the user. It's very complicated for the user to do. They don't know how to do that. They could use some cell phone MDM to control the cell phones and the tablets and stuff. They don't have that. They need better integration with MDM devices.
The solution is difficult to tune to avoid false positives. The product could use a better upgrade path for customers, as there is no clear way for them to update to newer versions.
McAfee ePolicy Orchestrator requires a lot of manual work. For example, if you use Symantec DLP, only one policy is needed, and you can apply it to all of the channels that are an endpoint, like the web or email. With McAfee, you need to create separate rules for all of those channels. One policy for email, one policy for web, and so on. I would like to see McAfee reduce the amount of manual work required. In the next release, I would like to see an integration with third-party solutions for classification. We find that implementation is limited for some products. I would like an open API that we can integrate with other classification tools.
In terms of what could be improved, I would say the impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this. As for what I would like to see in the next release, that is related to the disadvantages, the drawbacks as I would call it. Some tuning of the inheritances for policies and things, so that we can extend policies to a lower level in the organization or in the structure. Inherit and extend rather than break the inheritance and start again on a lower level, because then, when on a higher level, and something changes, it has to be replicated on a lower level, rather than being taken automatically into account which complicates the management. Additionally, some performance tuning on the endpoints to make sure the agent does not take too much resources or it could be further granularly customized. Something like it should not take more than X percent of memory or of CPU in office hours, business hours, and could take more outside of those hours. So some tweaks, improvements, and configuration options in these areas.
As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers.
There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space.
Sometimes agents hang. We have to reinstall the agents. On top of that, we have too many advisories for ePO. There are stability issues.
The product could have a single plug-in that would have multiple uses rather than a single plug-in which is used for a single purpose. Each aspect has a separate plug-in. They should concentrate on providing something for all of the options that are available.
The solution sometimes has some false positives on connections from the web control aspect of the product. This needs to be improved. When you have false positive on the firewall, it rarely blocks off some legitimate connections to our network. The reporting could be better. Search or filter on Knowledge base gives broad choices instead of almost specific to your search. agent communication between client and server but products are not deployed.
The solution needs to be more clear about the licensing. They should have a way for users to educate themselves on the costs so that companies can figure out how to reduce costs. There needs to be support for Mac computers. Currently, McAfee does not work on iOS.
There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring.
From my point of view, the solution is good. Even if there are problems we're able to find a resolution quite quickly. There were some issues in earlier versions but after the upgrade to the latest version, we haven't had any issues. I have noticed several times that some viruses were not detected by McAfee ENS and we had to escalate support and modify detection signatures. The detection aspect should be improved so that signatures are updated more quickly. For additional features, there really isn't very much to suggest. The main issue would be to improve detection.
The Virtual Patching feature needs to be improved. We would also like to have something in the cloud.
This solution ships with SQL Express, and we have issues related to database corruption in the event of power loss. Especially on this side of the world, we have a lot of power outages and most companies do not have backup power solutions. In most cases, when the power goes out, the database tends to corrupt a lot. For example, clients will be having trouble logging on because the login credentials are corrupt. They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database.
McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers. Threat detection capabilities should be increased for both viruses and other threats.
There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates. There have been some problems with monitoring the logs. It's not very user-friendly.