When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required. The tool's support needs to improve in the areas of response it provides to users.
Trellix needs to focus on gaining traction with partners and building trust among users. Many users may have moved on due to the name change, but concerns about resource intensity are more related to endpoint security than EDR itself. Improving its position in Gartner's quadrant and enhancing the product's image are crucial.
Everything is normal, but it's not up to the mark compared to other solutions. It isn't easy to manage. The detection rate is also not reasonable. Trellix does not support Linux and Mac.
Learn what your peers think about Trellix Endpoint Detection and Response (EDR). Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
IT Management Specialist at a computer software company with 10,001+ employees
MSP
Top 5
2024-02-22T16:44:43Z
Feb 22, 2024
The technical support must be improved. We had a problem with the Web Control plug-in with Edge and Chrome. The plug-in was disabled, and the resolution took a lot of time.
Senior Vice President IT at a tech services company with 11-50 employees
Reseller
Top 5
2023-12-19T16:27:28Z
Dec 19, 2023
The product must improve the ability to work with different operating systems like Windows and macOS. The CPU utilization of the product is quite high compared to its competitors. The agent file size is higher. The number of services that run on a system is quite high. Other EDR solutions have only a single service running on it.
In my opinion, Trellix Endpoint Detection and Response (EDR) is one of the best tools that I have worked with till now. One of the issues about the product stems from the failure to work on its administrative scalability. The aforementioned area can be considered for improvement. The interface should be easier to use, and Trellix needs to provide training to explain how to use the solution, as these are areas where the solution lacks and needs to improve.
Trellix purchased McAfee two years ago. At this moment, it may seem a bit difficult if I explain Trellix and McAfee separately. Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint provide endpoint protection. In the future, if Trellix can compile both the products, Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint, into one solution, our company need not install multiple agents, which can reduce the workload for IT and make the tool easy to manage. The solution's downside stems from the fact that Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint are not combined into a single solution, so from an improvement perspective, they need to be combined into a single solution. If both tools are combined into a single solution, it will become easier for a user to manage and deploy such a product.
Security Architect at a tech services company with 1,001-5,000 employees
Real User
Top 10
2023-07-18T08:51:45Z
Jul 18, 2023
The product must focus on improving the appliances. The console has a lot of bugs, and it creates many issues. It is very tedious to troubleshoot the issues sometimes. The support team does not help. We solve our problems by testing things we find on Google and other forums where people give suggestions about the product. The product has very limited options for creating policies. The product could provide more options for creating policies. The options must be customizable according to the user’s requirements.
For Spanish users, it is necessary to have a knowledge base specifically designed for them, which is currently not available. Blocking other browsers should be a feature introduced in the solution. At this time, you can control Safari and Microsoft Edge. But I don't know about the other browsers.
Cyber Security & ICT Director at Polish Security Experts Association
Real User
Top 5
2023-04-11T13:20:22Z
Apr 11, 2023
It is tough to comment on what needs improvement in the solution. At the moment, it is difficult to recall and comment on what needs to improve in the solution. The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms. At this moment, I want the solution to integrate with more XDR tools. The solution should provide its users an ease of administration in future releases. My company has spoken to McAfee about their solution being on the pricier side. So, McAfee is aware that there is room for improvement in its pricing strategy.
IT Security Specialist at Commercial Bank of Ethiopia
Real User
2022-07-29T14:01:02Z
Jul 29, 2022
The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules.
Senior IT Systems Administrator at IndusInd Bank ltd
Real User
2022-07-03T14:37:00Z
Jul 3, 2022
The endpoints and utilization are too high, which impacts the production activity. There are no additional features I would add. The McAfee MVISION Endpoint Detection and Response already has multiple features required for an IT solution.
Sr. Sales Engineer at a tech services company with 11-50 employees
MSP
2022-05-18T03:15:00Z
May 18, 2022
One of their issues is that they were very much based on agents, whereas most of the other solutions are clientless. There were a lot of legacy issues and they needed to evolve to more of the current operating systems of Microsoft for endpoint systems and PCs. If you're clientless, your cloud-based applications sit on top of the operating system and are not built into it.
An area for improvement in McAfee MVISION Endpoint Detection and Response is the historical search. For example: when you have information on the artifact and a precedent, you want to do a search, and that is a bit lacking in the tool. Another area for improvement is in the automation feature of McAfee MVISION Endpoint Detection and Response, because it still needs some work in terms of integration. What I'd like in the next release of McAfee MVISION Endpoint Detection and Response is the ability to use it with a newer security platform. This means that the information you get from network parameters such as IPS and firewalls can be pumped back to the tool, so we can match all the information to do better threat hunting. Threat hunting is only on the endpoints, so if McAfee MVISION Endpoint Detection and Response could cover everything, that would be good.
The main drawbacks are resources and processing time, as it consumes a lot of CPU and RAM. The alert system should be improved. Technical support is in need of improvement. The dashboard should be improved because it needs a fresh look. Improvement in the centralized policy enforcement is needed.
Reduce Alert Noise
Reduce the time to detect and respond to threats. Trellix EDR helps security analysts quickly prioritize threats and minimize potential disruption.
Do More with Existing Resources
Guided investigation automatically asks and answers questions while gathering, summarizing, and visualizing evidence from multiple sources—reducing the need for more SOC resources.
Low-Maintenance Cloud Solution
Cloud-based deployment and analytics enables your skilled security analysts to focus...
When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required. The tool's support needs to improve in the areas of response it provides to users.
I'd like the tool to become more like an XDR, with one management system and endpoint activation.
Trellix needs to focus on gaining traction with partners and building trust among users. Many users may have moved on due to the name change, but concerns about resource intensity are more related to endpoint security than EDR itself. Improving its position in Gartner's quadrant and enhancing the product's image are crucial.
The searching capabilities for the IOCs can be further improved in the product.
Everything is normal, but it's not up to the mark compared to other solutions. It isn't easy to manage. The detection rate is also not reasonable. Trellix does not support Linux and Mac.
The graphical view for nodes must be increased.
The technical support must be improved. We had a problem with the Web Control plug-in with Edge and Chrome. The plug-in was disabled, and the resolution took a lot of time.
Some modules that are doing machine learning and artificial intelligence are blocking our processes.
The product must improve the ability to work with different operating systems like Windows and macOS. The CPU utilization of the product is quite high compared to its competitors. The agent file size is higher. The number of services that run on a system is quite high. Other EDR solutions have only a single service running on it.
In my opinion, Trellix Endpoint Detection and Response (EDR) is one of the best tools that I have worked with till now. One of the issues about the product stems from the failure to work on its administrative scalability. The aforementioned area can be considered for improvement. The interface should be easier to use, and Trellix needs to provide training to explain how to use the solution, as these are areas where the solution lacks and needs to improve.
Trellix purchased McAfee two years ago. At this moment, it may seem a bit difficult if I explain Trellix and McAfee separately. Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint provide endpoint protection. In the future, if Trellix can compile both the products, Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint, into one solution, our company need not install multiple agents, which can reduce the workload for IT and make the tool easy to manage. The solution's downside stems from the fact that Trellix Endpoint Detection and Response (EDR) and McAfee MVISION Endpoint are not combined into a single solution, so from an improvement perspective, they need to be combined into a single solution. If both tools are combined into a single solution, it will become easier for a user to manage and deploy such a product.
The product must focus on improving the appliances. The console has a lot of bugs, and it creates many issues. It is very tedious to troubleshoot the issues sometimes. The support team does not help. We solve our problems by testing things we find on Google and other forums where people give suggestions about the product. The product has very limited options for creating policies. The product could provide more options for creating policies. The options must be customizable according to the user’s requirements.
For Spanish users, it is necessary to have a knowledge base specifically designed for them, which is currently not available. Blocking other browsers should be a feature introduced in the solution. At this time, you can control Safari and Microsoft Edge. But I don't know about the other browsers.
It is tough to comment on what needs improvement in the solution. At the moment, it is difficult to recall and comment on what needs to improve in the solution. The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms. At this moment, I want the solution to integrate with more XDR tools. The solution should provide its users an ease of administration in future releases. My company has spoken to McAfee about their solution being on the pricier side. So, McAfee is aware that there is room for improvement in its pricing strategy.
The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules.
The endpoints and utilization are too high, which impacts the production activity. There are no additional features I would add. The McAfee MVISION Endpoint Detection and Response already has multiple features required for an IT solution.
One of their issues is that they were very much based on agents, whereas most of the other solutions are clientless. There were a lot of legacy issues and they needed to evolve to more of the current operating systems of Microsoft for endpoint systems and PCs. If you're clientless, your cloud-based applications sit on top of the operating system and are not built into it.
An area for improvement in McAfee MVISION Endpoint Detection and Response is the historical search. For example: when you have information on the artifact and a precedent, you want to do a search, and that is a bit lacking in the tool. Another area for improvement is in the automation feature of McAfee MVISION Endpoint Detection and Response, because it still needs some work in terms of integration. What I'd like in the next release of McAfee MVISION Endpoint Detection and Response is the ability to use it with a newer security platform. This means that the information you get from network parameters such as IPS and firewalls can be pumped back to the tool, so we can match all the information to do better threat hunting. Threat hunting is only on the endpoints, so if McAfee MVISION Endpoint Detection and Response could cover everything, that would be good.
The main drawbacks are resources and processing time, as it consumes a lot of CPU and RAM. The alert system should be improved. Technical support is in need of improvement. The dashboard should be improved because it needs a fresh look. Improvement in the centralized policy enforcement is needed.