I would like the solution to be able to prevent unauthorized programs from installing and to block unauthorised URLs which is similar to web filtering product.
Technical Support Engineer at a tech services company with 51-200 employees
Real User
2021-02-25T19:35:30Z
Feb 25, 2021
The solution does not have deep protection. Sometimes you find that you have some virus attacks. Most times we're on the internet. As you search so many websites, chances are high you visit sites that are fraudulent. There could be cases like phishing, where software could be embedded in some websites or some other viruses could come into your PC under Windows Defender. The security is basically limited. It's not so strong, in my understanding. It could be more robust. The solution could use improvement on the interface. Most different Defender software comes with a different graphical user interface and some tend to be a bit complex. They should work to make the interface more user-friendly for basic users. For myself, as an IT person, it's fine, however, for a layperson, the interface might be a bit confusing. It would be nice if they would collect user ratings and feedback. It would help them find ways to better add features and add-ons in the future. The dashboards always have room for improvement.
The central management console should be improved because it provides limited options to configure Windows Defender. It should provide a lot of options and features, in the same way, that Symantec does, or the Kaspersky Central Management Console does. Essentially, we should have a central management console on Azure that can be used to manage Windows Defender on all of our machines.
One area of improvement for this solution is to have a faster turnaround time on updating definition files. Since there are usually various ransomware variants, this solution may not pick it up in time like other commercial antivirus solutions. However, we have not encountered an issue like this yet with definition updates. With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately. In the next release, I would like to see the solution have a backup feature were my data could be saved to a Microsoft OneDrive account or an equivalent cloud platform so that, in the event of a ransomware or malware attack, I can easily retrieve my data.
Learn what your peers think about Microsoft Defender for Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Head Of Information Technology at a financial services firm with 1,001-5,000 employees
Real User
2020-12-16T15:25:49Z
Dec 16, 2020
As I've only used the product for three months, I haven't really had time to explore the entire solution. However, I haven't found anything that is lacking just yet. Currently, we're actually behind on the current feature offerings and need to explore the system quite a bit more. It fits our needs so far. The pricing could be a bit better.
Project Director at a tech services company with 1,001-5,000 employees
Real User
2020-11-30T20:43:58Z
Nov 30, 2020
Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name.
Director, IT at a financial services firm with 201-500 employees
Real User
2020-11-23T15:31:30Z
Nov 23, 2020
I would like to have additional features such as DNS lookup, which would help for detecting malicious sites. This is a key part that I would like to have, and other products already have it implemented.
CRM & IT Head at a computer software company with 201-500 employees
Real User
2020-10-08T07:25:26Z
Oct 8, 2020
I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system.
There is no behavior analytics for devices and endpoints. There is no behavior-based protection. It does not allow us to pull data from ransomware and zero-day attacks.
The product should keep updating its software as to counter incoming threats since threats are becoming more advance with time. The product should be strong in all parts. I would recommend if the product continues to be updated that the way it updates is faster for downloading and updating in our system. The stability is good and should continue to perform well in that way. With increase of cyber threats and cybersecurity issues, I would recommend that the product be developed like an AI product with more features which can counter any threat in the coming eras.
MIS Director at a real estate/law firm with 5,001-10,000 employees
Real User
2019-10-02T11:08:00Z
Oct 2, 2019
There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed. In future releases, it would be helpful if they included something that can control any handset viruses.
I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number. I would like to be able to customize my protection on the dashboard.
Program Manager at a tech services company with 51-200 employees
Real User
2019-09-08T09:50:00Z
Sep 8, 2019
The solution needs to improve its ransomware. It's not so good. It could also use some general performance optimization for the computers the solution operates on, to ensure it does not slow down the devices.
Microsoft Enterprise administrator at a comms service provider with 1,001-5,000 employees
Real User
2019-07-16T05:39:00Z
Jul 16, 2019
I think the console can be better. The end-user also cannot do some advanced actions on it. It's a little bit complicated for our end-user, so it needs to be simplified. I think the solution is complicated. This one is one of the concerns that I like to talk about because some end-users do not know how to navigate through the console and how to work with them. I think this is not such a big deal, but I know that there will be other things that may be important to us like, how we can centrally manage users and reports are really important for us. For example, in Kaspersky, we had a problem where we couldn't detect the attacks that we had in some of our zones in our data center. I think if Microsoft Windows Defender can report these things, it's going to be great.
Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
2019-07-09T05:26:00Z
Jul 9, 2019
There are certain features that do have room for improvement. I think with the analytics engine they're looking at it from the desktop and the server perspective. I think the desktop engine should also include the script analytics — what executed, what's the power shelf or UI commands, or some form of Splunk regex. I know we don't have that functionality with a run-time analytics platform, but it's a JS (JavaScript) based one. So it would be good if they had a regex to JS converter. The biggest problem is they need to take things out of preview. I know that they're developing on the platform service with the analytics engine, but so many services still rate it as a preview after 12 to 18 months, which is stopping adoption with businesses knowing that that solution could be filled and redirected at any time. So that delay is limiting technology to be able to be updated because they don't have to release all production support.
This solution is not perfect. Sometimes it detects something and it's not a threat. The good news is that you can restore something and analyze it better and you can restore the file and copy it or disable the defender and run it again. The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened.
Associate System Engineer - Security Services at a educational organization with 10,001+ employees
Real User
2019-06-30T10:29:00Z
Jun 30, 2019
There were a few detections that are not picked up, and then Microsoft picks up on that and they update it. That's just a normal thing you go through based on every antivirus solution. You're always going to have viruses and signatures that are coming out. So, I wouldn't say it's the perfect solution because if you're looking at next-generation behavioral based things, for example, if you're going to use ATP, that's when you can get more methods out of it. With Defender, if you pay more you can get the ATP component, which is sold separately by Microsoft. We do have some challenges in the reporting aspect of it. There's a lot of manual effort involved to configure what we need. There are also a few issues with policies.
Microsoft Windows Defender doesn't have a game mode. Other antivirus software (like BitDefender) have something known as a game mode. If you want to play a game, just enable the game mode to allow certain traffic without needing to configure it. Windows Defender doesn't have that. There's no Windows Server edition for Windows Defender as part of the distribution.
I'm sure the premium product has extra features, like listing questionable websites. Defender is just an antivirus product. It would be nice to have a paid upgrade that would provide additional screening of the day-to-day activities.
Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.
With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to...
There could be an increase in security for the solution.
I would like the solution to be able to prevent unauthorized programs from installing and to block unauthorised URLs which is similar to web filtering product.
The solution does not have deep protection. Sometimes you find that you have some virus attacks. Most times we're on the internet. As you search so many websites, chances are high you visit sites that are fraudulent. There could be cases like phishing, where software could be embedded in some websites or some other viruses could come into your PC under Windows Defender. The security is basically limited. It's not so strong, in my understanding. It could be more robust. The solution could use improvement on the interface. Most different Defender software comes with a different graphical user interface and some tend to be a bit complex. They should work to make the interface more user-friendly for basic users. For myself, as an IT person, it's fine, however, for a layperson, the interface might be a bit confusing. It would be nice if they would collect user ratings and feedback. It would help them find ways to better add features and add-ons in the future. The dashboards always have room for improvement.
The central management console should be improved because it provides limited options to configure Windows Defender. It should provide a lot of options and features, in the same way, that Symantec does, or the Kaspersky Central Management Console does. Essentially, we should have a central management console on Azure that can be used to manage Windows Defender on all of our machines.
We encountered some issues when we were trying to enable automatic updates from our group policy.
One area of improvement for this solution is to have a faster turnaround time on updating definition files. Since there are usually various ransomware variants, this solution may not pick it up in time like other commercial antivirus solutions. However, we have not encountered an issue like this yet with definition updates. With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately. In the next release, I would like to see the solution have a backup feature were my data could be saved to a Microsoft OneDrive account or an equivalent cloud platform so that, in the event of a ransomware or malware attack, I can easily retrieve my data.
As I've only used the product for three months, I haven't really had time to explore the entire solution. However, I haven't found anything that is lacking just yet. Currently, we're actually behind on the current feature offerings and need to explore the system quite a bit more. It fits our needs so far. The pricing could be a bit better.
It can be more secure.
Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name.
I would like to have additional features such as DNS lookup, which would help for detecting malicious sites. This is a key part that I would like to have, and other products already have it implemented.
I would like to see improvements made to how it secures activities on web pages. Web security in general should be improved.
It could be easier when it comes to managing exceptions. In the future, I would like to see better integration with web browsers.
I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system.
I do not find that there is very much about it that needs to be improved. Everything can be cheaper I am sure. So, it could be less expansive.
I would like to have a dashboard that shows an overview of the results for the enterprise.
The anti-ransomware features need to be improved upon.
There is no behavior analytics for devices and endpoints. There is no behavior-based protection. It does not allow us to pull data from ransomware and zero-day attacks.
The product should keep updating its software as to counter incoming threats since threats are becoming more advance with time. The product should be strong in all parts. I would recommend if the product continues to be updated that the way it updates is faster for downloading and updating in our system. The stability is good and should continue to perform well in that way. With increase of cyber threats and cybersecurity issues, I would recommend that the product be developed like an AI product with more features which can counter any threat in the coming eras.
There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed. In future releases, it would be helpful if they included something that can control any handset viruses.
I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number. I would like to be able to customize my protection on the dashboard.
The solution needs to improve its ransomware. It's not so good. It could also use some general performance optimization for the computers the solution operates on, to ensure it does not slow down the devices.
I think the console can be better. The end-user also cannot do some advanced actions on it. It's a little bit complicated for our end-user, so it needs to be simplified. I think the solution is complicated. This one is one of the concerns that I like to talk about because some end-users do not know how to navigate through the console and how to work with them. I think this is not such a big deal, but I know that there will be other things that may be important to us like, how we can centrally manage users and reports are really important for us. For example, in Kaspersky, we had a problem where we couldn't detect the attacks that we had in some of our zones in our data center. I think if Microsoft Windows Defender can report these things, it's going to be great.
There are certain features that do have room for improvement. I think with the analytics engine they're looking at it from the desktop and the server perspective. I think the desktop engine should also include the script analytics — what executed, what's the power shelf or UI commands, or some form of Splunk regex. I know we don't have that functionality with a run-time analytics platform, but it's a JS (JavaScript) based one. So it would be good if they had a regex to JS converter. The biggest problem is they need to take things out of preview. I know that they're developing on the platform service with the analytics engine, but so many services still rate it as a preview after 12 to 18 months, which is stopping adoption with businesses knowing that that solution could be filled and redirected at any time. So that delay is limiting technology to be able to be updated because they don't have to release all production support.
This solution is not perfect. Sometimes it detects something and it's not a threat. The good news is that you can restore something and analyze it better and you can restore the file and copy it or disable the defender and run it again. The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened.
There were a few detections that are not picked up, and then Microsoft picks up on that and they update it. That's just a normal thing you go through based on every antivirus solution. You're always going to have viruses and signatures that are coming out. So, I wouldn't say it's the perfect solution because if you're looking at next-generation behavioral based things, for example, if you're going to use ATP, that's when you can get more methods out of it. With Defender, if you pay more you can get the ATP component, which is sold separately by Microsoft. We do have some challenges in the reporting aspect of it. There's a lot of manual effort involved to configure what we need. There are also a few issues with policies.
Microsoft Windows Defender doesn't have a game mode. Other antivirus software (like BitDefender) have something known as a game mode. If you want to play a game, just enable the game mode to allow certain traffic without needing to configure it. Windows Defender doesn't have that. There's no Windows Server edition for Windows Defender as part of the distribution.
I'm sure the premium product has extra features, like listing questionable websites. Defender is just an antivirus product. It would be nice to have a paid upgrade that would provide additional screening of the day-to-day activities.