No more typing reviews! Try our Samantha, our new voice AI agent.

Malwarebytes Teams vs VMware Carbon Black Endpoint comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 15, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Malwarebytes Teams
Ranking in Endpoint Protection Platform (EPP)
26th
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
37
Ranking in other categories
No ranking in other categories
VMware Carbon Black Endpoint
Ranking in Endpoint Protection Platform (EPP)
31st
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
65
Ranking in other categories
Security Incident Response (6th), Endpoint Detection and Response (EDR) (31st), Ransomware Protection (8th)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of Malwarebytes Teams is 1.7%, down from 2.0% compared to the previous year. The mindshare of VMware Carbon Black Endpoint is 2.0%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
Malwarebytes Teams1.7%
VMware Carbon Black Endpoint2.0%
Other92.5%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2594097 - PeerSpot reviewer
Chief Executive Officer at a wholesaler/distributor with 11-50 employees
Exceptional malware protection with regular updates and behavior-based detection
There are no built-in backups or integrated backup options, which could be an opportunity. The free version is effective, however, the paid version is pricey compared to it. Other customers have mentioned issues with false positives. It lacks enterprise-level management and more enterprise functionality. CrowdStrike and SentinelOne are much more enterprise-grade solutions. Malwarebytes has limited integration with cybersecurity tools and lacks enterprise integrations because it is not an enterprise product.
PM
CTO at Microsoft
Improved incident investigation has supported response while core protection still needs progress
VMware Carbon Black Endpoint does not have easy integration, as there are many complexities with the Ribitava API, which is very deep. I rate this solution overall as a five or six on a scale from one to ten. I have integrated VMware Carbon Black Endpoint with other tools that are helpful. I think this solution should be targeted at small clients, because adoption will grow more with small businesses tomorrow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
"Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"It detected stuff that other things wouldn't detect."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The solution has helped to increase staff productivity by ten percent."
"This solution helps us by providing central management of anti-malware and anti-exploit functionality."
"The endpoint protection and response that allows us to restore a machine back to a pre-infected state are the most valuable features."
"It gets the job done, and they are consistently updating it monthly."
"The most valuable features of Malwarebytes are the EDR and the complete feature set provided."
"We have a small IT team, and being able to manage even a small fleet of devices that are out in the field and being able to respond and remediate really quickly from the cloud-based console has been really helpful for us."
"From our experience, it provides 100% visibility and detects hundreds of infections."
"Being able to carry out a full scan on your system."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"The product's most valuable feature is its ability to be fully integrated with the VMware environment."
"I found the offline scanning to be particularly useful."
"It is stable and easy to set up."
"The threat analysis functionality is good."
"It significantly speeds up incident response times by alerting analysts immediately upon detecting potential issues."
"The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
"The triage feature that shows you the whole kill chain of the attack or malware is useful because it shows how the malware gets into the endpoints and what it has done, and the solution is easy to use and easy to deploy as it is a cloud solution with no appliance needed on-premise."
 

Cons

"There are some default policies which sometimes affect our applications and cause them to run around."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"Cortex XDR could be improved with more GUI features."
"The connection to the internet has not performed as expected."
"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response."
"It takes time to scan the servers and devices."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The product's stability needs improvement."
"We had a little performance problem with the solution, but that's been resolved. Since then, it's been running well."
"They should make it faster, less taxing on the processor."
"The online reporting needs to be improved. Currently, we have to look at it online, and if we want to download a report, it just downloads as an Excel file. It's just raw information. There needs to be some way to better display it when it's downloaded."
"My clients have frequently encountered some tech support scams where when you go to a particular website, it throws up a fake warning to you and states that you need to call this number."
"There's no indication on the system as to when the software is doing a scan."
"The EPP solution lacks the sophisticated artificial intelligence required for automating reports and letting you know about things in real-time. It stops a suspicious activity in real-time, but it doesn't let you know in real-time. You have to look at a report, and then you find out that something is wrong. You have to manually kick off a scan. With the Advanced EDR solutions, Malwarebytes has the ability to alert you in real-time, but they still don't do automatic remediation or quarantining of devices. That is something that you still have to do manually. So, the endpoint protection piece, which is just like their basic endpoint protection, lacks AI. For the advanced detection and response piece, there is an add-on that comes with it, but it still doesn't go far enough in terms of automatic remediation of viruses. It won't separate that virus from your network if something happens. You have to manually go there and do it."
"The product update capability needs to be improved."
"I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
"The pricing could always be a bit better. They could work to make it less expensive."
"The solution has to mature on container security and a lot of cloud environment security."
"A search bar in the investigation page and some AI-related tasks like outgoing alerts, or recent tactics that are being used in the market, must be embedded in the tool so that it's easier to find alerts."
"The endpoint machines need improvement."
"In the next release, it would help if we can get better control over containers."
"The feature set for the firewall needs improvement."
 

Pricing and Cost Advice

"The pricing is a little high. It is per user per year."
"It is "expensive" and flexible."
"It has reasonable pricing for the use cases it provides to the company."
"It's about $55 per license on a yearly basis."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"On a scale of one to ten, where one is a low price and ten is a high price, I rate the product's pricing a seven."
"The licensing is per seat, with clients being a little less expensive than servers. If we need more licenses, we can accomplish that within a day. As Malwarebytes adds new features to their product, such as DNS filtering and a patching module, they want to charge us more even though we're a premium user, which isn't ideal."
"The price of Malwarebytes is in the middle range compared to other vendors."
"The platform pricing is competitive with other antivirus products."
"Its licensing is annual. There are no additional costs beyond the standard licensing fee."
"Yearly, it is around $50 per client."
"Its cost is around $60 a machine. The cost of the total solution for 250 people is about $8,500 a year. If we add EDR to it, it will bring that cost up to about $15,000. The cost for Carbon Black is about $25,000, which is $10,000 more, but you get all AI functions with it."
"It is really expensive. We've got between 30 and 40 licenses every year, and for the number of licenses that we have, we're finding that Malwarebytes on average costs between $900 and $1,000 more per year than comparable options. We're paying about $3,300 per year for these licenses. There are no additional costs beyond the standard licensing fee."
"It's reasonable in price"
"The product’s price is less expensive than other vendors."
"I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
"Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription."
"The platform is expensive."
"Its pricing was very good, which is one of the reasons I went to it as an alternative. It is on a yearly basis. There are no additional fees."
"The pricing is very high."
"The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
11%
Financial Services Firm
9%
Construction Company
7%
University
7%
Financial Services Firm
10%
Construction Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business22
Midsize Enterprise8
Large Enterprise6
By reviewers
Company SizeCount
Small Business31
Midsize Enterprise9
Large Enterprise33
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Malwarebytes?
I really hate the automatic rebilling without officially confirming it with me. It's an annoyance and they should at ...
What needs improvement with Malwarebytes?
It takes up too much space when it's trying to run in the background.
What is your primary use case for Malwarebytes?
My primary use case is that it's protecting me against malware.
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...
What is your experience regarding pricing and costs for Carbon Black CB Defense?
My rating for the pricing of VMware Carbon Black Endpoint is that it is not cheap, but it is also not as inexpensive ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Carbon Black CB Defense, Bit9, Confer
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Knutson Construction
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Find out what your peers are saying about Malwarebytes Teams vs. VMware Carbon Black Endpoint and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.