One area for improvement could be the pricing model. Future releases could further enhance integration capabilities with other platforms and simplify the licensing model to compete more with Microsoft's offerings.
Learn what your peers think about Symantec Advanced Threat Protection. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
Director Security Operations at a tech company with 201-500 employees
Real User
Oct 5, 2021
The support for new OSs and older OSs could be a little tighter. They need to be more upfront about what protection services they're going to provide on new OSs. I haven't seen the Windows 11 version out yet. It is either already released in Beta, or the Beta will be released soon. There could be a little bit more advanced updates on what they're doing to help protect Windows 11 environments. They can let us know in advance so that we know it is going to be protected. We can't roll out the new OS without putting end-point protection on it. So, they should tell us what is their support model for that, and what are they doing to protect Windows 11. They're not telling me, and that's a criticism. The same issue is applicable to all the other antivirus tools. It is not just Symantec; all of them have this problem. Solutions like CrowdStrike, ESET, and SentinelOne have really jumped ahead on behavioral and algorithm-based detection capabilities. Symantec is trying to catch up, but they still have some limitations of being an old-school AV protection program and adding AI and behavioral learning and detection algorithm.
Lead IT Security Consultant at Compliance Data Systems Kft.
Consultant
Aug 2, 2020
Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly. Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything. That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on.
Infrastructure Team Lead at a comms service provider with 1,001-5,000 employees
Real User
May 5, 2020
In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions. I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.
CyberSecurity Operations Lead at a computer software company with 1,001-5,000 employees
Real User
Jan 16, 2020
The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others. If they could intercept the detection on the different kill chain analysis that would be great.
The support for this solution can be improved because we are not receiving alerts for maintenance. There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.
The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.
Competitive Engineer at a tech vendor with 1,001-5,000 employees
Real User
Jul 9, 2019
The endpoint protection looks old. Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.
Senior Director of IT Operations at a comms service provider with 10,001+ employees
Real User
Mar 11, 2019
What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens. An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.
Symantec Advanced Threat Protection is a single unified solution that uncovers, prioritizes, and remediates advanced attacks. The product fuses intelligence from endpoint, network, and email control points, as well as Symantec’s massive global sensor network, to stop threats that evade individual security products. It leverages your existing Symantec Endpoint Protection and Symantec Email Security.cloud investments, so it does not require the deployment of any new agents. You can deploy a new...
One area for improvement could be the pricing model. Future releases could further enhance integration capabilities with other platforms and simplify the licensing model to compete more with Microsoft's offerings.
They could enhance the solution to work across all devices, including Android, iOS, and Mac, and make it more user-friendly.
The product's support services need improvement.
The security features need to be improved.
Usually, the technical support was very good, with proper guidance and help figuring out stuff. The support has dropped down to a five out of ten.
The support team needs improvements. There should be next-generation antivirus features in the next release.
Scalability could be better.
The support for new OSs and older OSs could be a little tighter. They need to be more upfront about what protection services they're going to provide on new OSs. I haven't seen the Windows 11 version out yet. It is either already released in Beta, or the Beta will be released soon. There could be a little bit more advanced updates on what they're doing to help protect Windows 11 environments. They can let us know in advance so that we know it is going to be protected. We can't roll out the new OS without putting end-point protection on it. So, they should tell us what is their support model for that, and what are they doing to protect Windows 11. They're not telling me, and that's a criticism. The same issue is applicable to all the other antivirus tools. It is not just Symantec; all of them have this problem. Solutions like CrowdStrike, ESET, and SentinelOne have really jumped ahead on behavioral and algorithm-based detection capabilities. Symantec is trying to catch up, but they still have some limitations of being an old-school AV protection program and adding AI and behavioral learning and detection algorithm.
Symantec appliances need improvement. The whole appliance environment is a robust system and it needs a massive amount of storage space. If you have to increase or speed up the background storage it's a pretty complicated process. The scalability and sizing is critical, and if you do it wrong you run into issues pretty quickly. Symantec ATP doesn't offer add-ons or anything of that nature. It's a closed architecture, a closed system. It's based on a Linux OS, and we haven't got a lot of privileges to change anything. That said, if you are integrated with content analysis, then you have to use a lot of very good add-ons for the content analysis to find and analyze and investigate. If you only have ATP it's not enough to be effective. You have to use other solutions from Symantec, like its content analysis. You have to integrate the messaging gateway or email security and so on.
In general, improvements can be made but nothing specific. I think SonicWall and McAfee are better solutions. I think this is a good solution for someone looking for endpoint protection but not so great if you're looking for advanced threat protection.
The cloud platform needs to have improvement in terms of the user interface and the different capabilities it has available. It needs to match the other leading next-gen EDR products that are available in the market. That's the reason why we are stepping away from Symantec. Their cloud environment is just generally lacking in comparison to others. If they could intercept the detection on the different kill chain analysis that would be great.
The support for this solution can be improved because we are not receiving alerts for maintenance. There are limits with respect to blocking files by hash value or blocking IP addresses, and these limits should be removed. For example, you can only block three thousand IPs.
The administration interface needs a lot of improvement. It should be UI-based and simple. They need to improve it. It's not that friendly compared to what we were using at BitDefender before. It's okay but is improving, actually.
The endpoint protection looks old. Another issue is in the deployment requirement for the ATP single instance. They should work on lowering, for example, the storage requirements which is around one terabyte but only for one ATP instance. The whole product works for more complex infrastructures and is designed to work with more than one instance, so you can imagine the requirements. It's a strange situation where the infrastructure of the consumer or customer is behind some kind of firewall and they have always used some kind of customized proxy. In this situation, the ATP has a very tough time to pass the information to the cloud and back. To fix, it requires a more elaborate and complex configuration for that particular case.
What we want to do is be able to customize some of this on the administrative side. Right now, it is pretty much turnkey. Therefore, it would be nice if we have more customization. We would also like alerting, not to just to the end users, but to the administrators, when something happens. An improvement could be made on the reporting because then it would be easier to collect information and submit it for compliance.