"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"The most valuable feature is signature-based malware detection."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"Being able to cloud manage it from just a cloud login is valuable. We can get to it from anywhere, which is really helpful. The fact that we can remediate from the cloud console is one of our favorite features."
"I like the solution's ability to detect potentially unwanted programs. For some reason, it seems superior to other solutions, or at least in comparison to McAfee."
"When it comes to frontend protections, it has some of the best definitions. In addition, they do traditional signature and heuristic detection a lot better than Microsoft and some other players in that space."
"The protection is really good with Malwarebytes. It's also user friendly and quite easy to set up."
"The endpoint protection and response that allows us to restore a machine back to a pre-infected state are the most valuable features."
"The pricing of the product is very good."
"Provides successful ransomware shut down operations."
"It is intuitive and easy to use. For the most part, it does a good job of catching things. It is good at stopping stuff. I did a couple of tests with a password cracker. I tried to load that on, and Malwarebytes didn't let me do that, which was pretty good. It has a rollback feature that I haven't seen with any other company. If one of your endpoints are hit with mass ransomware, you could actually roll it back. I watched a demo of them do that, and it was pretty sweet."
"The stability keeps getting better and better."
"The most valuable features are that it is flexible, and it is integrated with Microsoft products."
"The EDR feature is most valuable."
"The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection."
"I am using it for very simple purposes. It is perfect and quite effective. I have been using it for a while, and I have never had any virus infection, data leak, or other security breaches. It works fine for standalone purposes. If you log on to OneDrive, it has ransomware protection."
"In terms of the installation, ease of use, and user interface, Defender has been great so far."
"It is easy to install and use requiring little maintenance but applying updates."
"Coming from an organization where the EDR wasn't strong, it has always been a case of basically searching through the information you already have and looking for something. It was basically trying to find the needle in a haystack. What the Defender platform does is that it reduces the size of the haystack, and it'll say that the needle is over here. Minutes matter, and it certainly zeros you in on the events that are concerning. It also simplifies the effort of trying to get some kind of correlation of behaviors or actions you see in the environment and confirming if something is benign or a threat."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The GUI needs improvement, it's not good."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"Malwarebytes is too simplistic. From a SOC IR perspective, it doesn't give you very much data around it. It doesn't tie things or provide SHA-1 and SHA-256 detection information, which makes it hard to do an additional investigation."
"They could come up with better reporting capabilities."
"Requires increased efficiency in terms of detecting false positives."
"I would like to see a little more detail in the log. So, when an event occurs, I'd like to know not just when it happened and on what device, but what activity was taking place on the machine at the time so that we can drill down. If we get a false positive, we have to do a lot of research and go back and forth with our end-users to know why it was a false positive. So, having a little more detail around detections and events would probably be my most asked feature."
"If they want to compete with bigger players, they should consider adding items like threat detection and website warnings."
"The EPP solution lacks the sophisticated artificial intelligence required for automating reports and letting you know about things in real-time. It stops a suspicious activity in real-time, but it doesn't let you know in real-time. You have to look at a report, and then you find out that something is wrong. You have to manually kick off a scan. With the Advanced EDR solutions, Malwarebytes has the ability to alert you in real-time, but they still don't do automatic remediation or quarantining of devices. That is something that you still have to do manually. So, the endpoint protection piece, which is just like their basic endpoint protection, lacks AI. For the advanced detection and response piece, there is an add-on that comes with it, but it still doesn't go far enough in terms of automatic remediation of viruses. It won't separate that virus from your network if something happens. You have to manually go there and do it."
"They can include advanced scanning and improve reporting. I scan malware on the pen drive. Some more reports need to be added for that. It should also provide better protection because we have a new version of the malware."
"We have noticed that when the solution is doing the scanning, all the scanning activities make the device heavier. It slows down your machine."
"Microsoft support could be more knowledgeable."
"The solution could use improvement on the interface."
"It could be easier when it comes to managing exceptions."
"The solution can be more user-friendly."
"Lowering the price would be an improvement."
"Microsoft Defender for Endpoint can improve by providing more and different types of reports."
"I would like to see better integration with their other security products to give better visibility from a higher level."
"The central management console should be improved because it provides limited options to configure Windows Defender."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Malwarebytes is ranked 22nd in Endpoint Protection for Business (EPP) with 9 reviews while Microsoft Defender for Endpoint is ranked 3rd in Endpoint Protection for Business (EPP) with 114 reviews. Malwarebytes is rated 7.8, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Malwarebytes writes "I can access it from anywhere and remediate quickly from the cloud console, but there should be a little more detail around detections and events and better pricing". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". Malwarebytes is most compared with SentinelOne, CrowdStrike Falcon, Sophos Intercept X, Cortex XDR by Palo Alto Networks and Symantec Endpoint Security, whereas Microsoft Defender for Endpoint is most compared with CrowdStrike Falcon, Symantec Endpoint Security, Sophos Intercept X, Cortex XDR by Palo Alto Networks and Trellix Endpoint Security. See our Malwarebytes vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
