VMware Carbon Black Endpoint Reviews

Name: VMware Carbon Black Endpoint
Brand: VMware
Rating: 3.9 (63 reviews)

3.9 out of 5

63 reviews
88% willing to recommend

What is VMware Carbon Black Endpoint?

VMware Carbon Black Endpoint provides comprehensive endpoint security against ransomware, spyware, malware, and viruses, catering to both cloud and on-premise environments.

Get the VMware Carbon Black Endpoint Buyer's Guide and find out what your peers are saying about VMware Carbon Black Endpoint, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!

VMware Carbon Black Endpoint is the #2 ranked solution in top Security Incident Response solutions, #6 ranked solution in top Ransomware Protection solutions, #20 ranked solution in EDR tools, and #27 ranked solution in endpoint security software. PeerSpot users give VMware Carbon Black Endpoint an average rating of 7.8 out of 10. VMware Carbon Black Endpoint is most commonly compared to CrowdStrike Falcon: VMware Carbon Black Endpoint vs CrowdStrike Falcon. VMware Carbon Black Endpoint is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 14% of all views.

Buyer's Guide

VMware Carbon Black Endpoint

June 2025

Get the report

Helped 862,499 peers since 2012

Featured VMware Carbon Black Endpoint reviews

Nikunj Kamboj

Cybersecurity Analyst at OnX Canada

The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it. The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization. Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.

Read full review

Durai Singh

Business Owner at ARARAT TECHNOLOGIES

I have worked with traditional antivirus solutions like Symantec, McAfee, Trend Micro, Kaspersky, Sophos, and F-Secure. Broadcom acquired Symantec, and Trellix acquired McAfee. The market is disturbed as other solutions are acquiring the traditional leaders. Getting support is becoming a challenge. Carbon Black provides endpoint detection and response. CrowdStrike provides vulnerability assessment and application testing features. It gives additional threat prevention to the customer. So, I prefer CrowdStrike over Carbon Black. Carbon Black and CrowdStrike provide very good market strategies.

Read full review

KarthikR1

Consultant at NCR Corporation

The compatibility of Carbon Black CB Defense with operating systems is the only issue. Certain OS are not supported, resulting in an inability to install PDC. The deployment of sensors requires extensive fine-tuning, which should be a simple process. To streamline this process, they should create deployment packages with customized options based on policies and other factors. Creating these packages ourselves is time-consuming, which can impede our productivity. There is also a bypass issue that needs to be considered. Improvements are needed to address the compatibility issues between operating systems and Carbon Black CB Defense. Sometimes, the sensor enters a block state for unknown reasons. To prevent this, it would be helpful if they added a feature to ensure that it does not cause any problems. Additionally, there are issues with collecting events from machines due to sensor problems. We are working with Gateway to connect to all PCI or DMZ environments, and it would be beneficial to have a simpler configuration at the architecture levels. In reality, the deployment process is more complicated. We must add a script to customize the deployment process and deploy it on Mission C. Afterward, we install the sensor, which requires a company code, policy name, and other essential details. Furthermore, we are experiencing other issues, such as VMs pausing applications due to CBC. Troubleshooting these problems is time-consuming, and we usually must report the problem to the vendor, whose analysis can take an hour or longer. By that time, critical business functions may have already been impacted. Container protection is still in the initial stage, where they have integration in the market, but there's a lot of room for improvement, and there are a lot of changes required.

Read full review

VMware Carbon Black Endpoint mindshare

Product category:

As of July 2025, the mindshare of VMware Carbon Black Endpoint in the Endpoint Protection Platform (EPP) category stands at 1.6%, down from 2.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

PeerResearch reports based on VMware Carbon Black Endpoint reviews

Type	Title	Date
Category	Endpoint Protection Platform (EPP)	Jul 19, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 19, 2025	Download
Comparison	VMware Carbon Black Endpoint vs Microsoft Defender for Endpoint	Jul 19, 2025	Download
Comparison	VMware Carbon Black Endpoint vs CrowdStrike Falcon	Jul 19, 2025	Download
Comparison	VMware Carbon Black Endpoint vs SentinelOne Singularity Complete	Jul 19, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	10.6%	96%	132 interviews Add to research
Microsoft Defender for Endpoint	4.1	10.4%	94%	197 interviews Add to research

Valuable Features

VMware Carbon Black Endpoint excels in offline networking, centralized cloud control, dynamic grouping, threat analysis, and intelligent learning. It offers simplified policy management, historical data features, robust protection, easy setup, live response, sandboxing, customizable settings, effective endpoint detection, and scalability. The platform integrates well with other systems, provides continuous monitoring and powerful APIs, and supports remote work. It is highly stable, provides comprehensive security, and offers extensive online documentation.

"It significantly speeds up incident response times by alerting analysts immediately upon detecting potential issues."
"The portal is easy to use and manage."
"VMware Carbon Black Endpoint is a highly stable solution."

Room for Improvement

VMware Carbon Black Endpoint needs to enhance endpoint performance, streamline deployment, and improve educational resources for users. It should offer better mobile support, refine the alert system, and increase compatibility with other products. Enhancements in user interface explanations, report generation, and cloud console responsiveness are necessary. They must also address slow query processing, improve Mac support, and integrate with existing firewalls. Pricing could be made more competitive.

"The product cannot perform an on-demand scan. They could add this particular feature."
"Certain settings have limitations. For example, I cannot manually block some malware activities."
"Performing a malware scan usually takes a lot of time, more than 24 hours."

ROI

Users found significant ROI with VMware Carbon Black Endpoint, often noticing improvements within six months. Many companies avoided costly malware attacks after implementation. ROI is sometimes difficult to quantify precisely in antivirus contexts, but users highlighted reduced security incidents and stated a 10% cost saving against other vendors.

Pricing

VMware Carbon Black Endpoint's pricing is generally seen as high, with annual subscription models common. Users report inflexible licensing requiring a minimum of 100 licenses, even for smaller offices needing fewer. While some find the costs competitive, others consider them higher than similar solutions. License costs range from $15 per node to $28 per employee, with typical payments between $5,000 to $7,000 for monitoring agents, and expressed dissatisfaction with the lack of flexibility for existing customers.

"The platform is expensive."
"The product is quite reasonable."
"The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution."

Popular Use Cases

VMware Carbon Black Endpoint is used by organizations for endpoint protection, detecting malware, blocking ransomware, threat hunting, securing servers, and monitoring endpoint activity. It helps stop spyware, viruses, and provides EDR capabilities. Companies use it for advanced threat defense, integrating with existing security measures, and ensuring compliance. It is deployed on both cloud and on-premises environments, providing robust security by intelligent learning and machine learning, widely utilized by MSPs and distributors.

Service and Support

Customers often find VMware Carbon Black Endpoint's support responsive and knowledgeable, with good support available locally and globally. Some note slow response times and the need for tier escalation. Several highlight good support but encounter delays, particularly for documentation and portal communication. There's mixed feedback about local support, with some satisfied and others noting slow responses. Many users have not needed to contact support, trusting self-help resources and documentation.

Deployment

Many users find VMware Carbon Black Endpoint's initial setup straightforward, although some mention complexity due to extensive configuration options. Deployment time varies from a few minutes for a single endpoint to several months for larger environments. Common challenges include the need for thorough testing and policy tuning. Adequate training and knowledge are essential for smooth implementation, and the cloud version is generally perceived as easier to set up than the on-premises version.

Scalability

VMware Carbon Black Endpoint is highly scalable, accommodating various company sizes ranging from small to enterprise levels. Users report ease of scalability with cloud deployment, successful large-scale implementations with thousands of endpoints, and no significant issues. Trained staff can manage numerous endpoints efficiently. While some experience limitations, particularly in regulated environments or with specific OS support, users generally find it effective and adaptable. Ratings frequently range from eight to ten out of ten for scalability.

Stability

Users report VMware Carbon Black Endpoint as generally stable with minimal resource use. Some note occasional issues with sensors and slow performance in specific scenarios. Stability is rated highly by many, with no significant bugs or crashes observed. Regular updates and proper configuration help improve performance. However, some users mention fluctuations in stability between versions and instances of the software interrupting installations. It is commonly used daily without major problems and is found to be reliable.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our VMware Carbon Black Endpoint Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

12%

Government

Manufacturing Company

Retailer

Comms Service Provider

Energy/Utilities Company

Real Estate/Law Firm

University

Educational Organization

Healthcare Company

Construction Company

Performing Arts

Insurance Company

Non Profit

Hospitality Company

Legal Firm

Media Company

Wholesaler/Distributor

Transportation Company

Outsourcing Company

Recreational Facilities/Services Company

Logistics Company

Security Firm

Consumer Goods Company

Compare VMware Carbon Black Endpoint with alternative products

Learn more about VMware Carbon Black Endpoint

VMware Carbon Black Endpoint facilitates endpoint detection and response, threat hunting, application control, antivirus support, and protection for virtual and physical machines. Features include intelligent learning, whitelisting, and integration with other security tools, making it suitable for distributors, MSPs, and enterprises seeking advanced threat defense and real-time monitoring. With its capability to detect and stop malicious executables, it supports both offline and online environments and offers tools like command shell access for deeper investigation.

What are the key features of VMware Carbon Black Endpoint?

Intelligent learning: Improves detection capabilities over time.
Whitelisting: Allows only approved applications to run.
Integration with other security tools: Enhances overall security posture.
Centralized cloud control: Manages endpoints from a single interface.
Command shell access: Offers deeper investigation capabilities.
Dynamic grouping: Facilitates organized endpoint management.
Simplified policy management: Streamlines security policy implementation.
API for system remoting: Allows remote system access and management.
Twenty-four-seven support: Provides continuous assistance and response.

What are the benefits of VMware Carbon Black Endpoint?

Real-time monitoring: Offers constant vigilance against threats.
Threat hunting: Identifies and mitigates threats proactively.
Historical data analysis: Assists in understanding past incidents and patterns.
Improved endpoint protection: Enhances overall endpoint security.
Enhanced threat detection: Reduces exposure to advanced threats.

VMware Carbon Black Endpoint is implemented across various industries including technology, healthcare, and finance. Organizations utilize it in cloud and hybrid environments, enhancing their security frameworks with real-time monitoring, intelligent learning, and robust threat detection capabilities tailored to their specific industry needs.

VMware Carbon Black Endpoint was previously known as Carbon Black CB Defense, Bit9, Confer.