Microsoft Defender for Endpoint vs Trellix Advanced Threat Defense comparison

Microsoft and Trellix are both solutions in the Advanced Threat Protection (ATP) category. Microsoft is ranked #2 with an average rating of 8.3, while Trellix is ranked #22 with an average rating of 9.0. Microsoft holds a 9.2% mindshare in ATP, compared to Trellix’s 1.8% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution, compared to 83% of Trellix users who would recommend it.

Microsoft Defender for Endp...

Read 194 Microsoft Defender for Endpoint reviews

2,028 Views
1,591 Comparison Views

94% willing to recommend

Trellix Advanced Threat Def...

Read 8 Trellix Advanced Threat Defense reviews

391 Views
251 Comparison Views

83% willing to recommend

Microsoft Defender for Endp...

Trellix Advanced Threat Def...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 1, 2024

Trellix Advanced Threat Defense and Microsoft Defender for Endpoint compete in the cybersecurity market, focusing on defending against advanced cyber threats. Data analysis shows Microsoft Defender for Endpoint has an upper hand due to its broad feature set, despite Trellix offering advantageous pricing and support.

Features: Trellix Advanced Threat Defense excels in real-time sophisticated threat detection, automated incident responses, and strong threat analysis capabilities. Microsoft Defender for Endpoint stands out with integrated threat intelligence, multi-platform support, and high-quality threat analytics.

Room for Improvement: Trellix could enhance user interface intuitiveness, expand integration capabilities, and optimize threat intelligence updates. Microsoft Defender for Endpoint could improve its initial cost structure, enhance feature customization, and streamline cross-platform interoperability.

Ease of Deployment and Customer Service: Trellix Advanced Threat Defense offers a streamlined deployment process with rich support options, although it can be complex due to customization needs. Microsoft Defender for Endpoint benefits from easy integration within Microsoft environments, backed by comprehensive support documents, making its deployment more straightforward.

Pricing and ROI: Trellix Advanced Threat Defense provides competitive pricing and substantial ROI for budget-conscious organizations. Microsoft Defender for Endpoint, while carrying a higher initial cost, justifies this through its extensive features and long-term integration benefits, making the investment worthwhile in the long run.

To learn more, read our detailed Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense Report (Updated: April 2025).

Buyer's Guide

Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense

April 2025

Download the complete report

Helped 850,028 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Endp...

Ranking in Advanced Threat Protection (ATP)

2nd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

194

Ranking in other categories

Endpoint Protection Platform (EPP) (1st), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (5th)

Trellix Advanced Threat Def...

Ranking in Advanced Threat Protection (ATP)

22nd

Average Rating

7.8

Reviews Sentiment

6.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of May 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Endpoint is 9.2%, down from 11.4% compared to the previous year. The mindshare of Trellix Advanced Threat Defense is 1.8%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP)

Featured Reviews

AnuragSrivastava

Information Security Engineering Lead at a energy/utilities company with 10,001+ employees

Provides detailed visibility into threats but the ability to add exceptions needs improvement

One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to. The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices. Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.

Read full review

HossamSelim

Vice- Head Of Math Department at a non-tech company with 5,001-10,000 employees

Easy to set up and use with a nice interface

The scalability could be better. We'd like them to be better at dealing with script threats. In sandboxing, the time to respond is slower than we would like. We'd like them to be able to process faster. For example, Fortinet, they are doing 18,000 files per hour. For Wildfire, it is elastic. It can support as many files as you get. McAfee doesn't react like that. It does not support interfaces with HTTPS.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It's free. There is no additional cost. It's part of Windows."

"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."

"Microsoft Defender for Endpoint is a comprehensive and scalable solution for protecting on-premises and hybrid infrastructure."

"The most valuable features are that it's easy to use and the updates are very simple."

"There are some competitive products on the market, but the best is Microsoft Defender because it's very easy to integrate. That's one reason a lot of clients want Microsoft Defender. It's also very easy to implement compared to other solutions."

"Defender provides useful alerts and groups them. It sends an alert to your portal if it detects any malicious activity, and you can group multiple alerts to form an incident."

"You have endpoint security to keep your devices safe. That's the feature that we're interested in."

"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."

More Microsoft Defender for Endpoint pros

"Provides good exfiltration, and is an all-in-one product."

"I recommend this solution because of its ease of use."

"It is very scalable."

"The most valuable features are the administration console and its detection and response module."

"It is stable and reliable."

"Its greatest strength is the DXL client which can rapidly disseminate attack information to all clients via the McAfee Agent instead of going through the ePO server."

"It stops in excess of twenty-five malware events per month, all of which could be critical to the business."

Cons

"The product development team makes frequent changes that affect the stability of the solution."

"Microsoft Defender for Endpoint could improve by providing more user-friendly dashboards. They may be complicated for some."

"It's not easy to create special allowances for certain groups of users. It can be a little heavy-handed in some areas where Microsoft has decided to lock a feature out, meaning they make it hard to make an exception... One company we work with needed to use about 20 different thumb drives for about 20 users. To make that exception for them was very difficult. In fact, you can't really make an exception. But what you can do is allow them to use it and, while it will still alert, you can actually suppress those alerts."

"The biggest issue I had with Microsoft Defender for Endpoint was the antivirus and ransomware. I wanted central visibility over all the machines that we operate."

"I would like to see integrations with other products, such as Spunk and other CM solutions. That would create possibilities for me, and for a SOC, to consolidate all events in an older console, not one provided by Microsoft but provided by a third party, and use it to create more insights."

"Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms."

"In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too."

"The scalability could be improved - I would rate it between a seven and an eight."

More Microsoft Defender for Endpoint cons

"I would like to see future versions of the solution incorporate artificial intelligence technology."

"Make the ATD system a part of the whole product and take the whole thing onto the cloud. While it is there already, it is not to the same level as the on-premise version."

"This solution needs to be made "cloud ready"."

"There could be a tool that automatically updates all-new Microsoft IPs, which are available for free to connect to the client."

"Lacks remote capabilities not dependent on the internet."

"We'd like them to be better at dealing with script threats."

"The initial setup was industry standard complex. It takes awhile and has a lot of planning involved. It could be simplified with product redesign."

Pricing and Cost Advice

"The pricing is competitive."

"It is free. It is included in Windows 10."

"Pricing can always be lower."

"I pay for it through the Windows Professional or Standard license. It is a one-time cost for me, and I use the same license."

"The solutions price could be cheaper."

"Even if you are not registered as a not-for-profit, the offering that they have is definitely worth consideration. This is in the sense that the E5 stack just gives you so many benefits. You get your entire productivity suite through Microsoft 365 apps. You get all your security and identity protection. You get the Defender for Endpoint and Defender for Identity. You get the cloud access security broker as well. You get Azure Active Directory Premium P2, which gives you so many good things that you can configure and deploy. You don't have to configure them on day one, but you have access to so many different tools that will protect your data, security, endpoints, and identities that you could build out a security strategy 18 months long, and slowly work your way through it, based on what you have available to you through your license."

"Microsoft Defender for Endpoint is more affordable compared to some other endpoint solutions."

"Microsoft has different plans for buying this product. The price depends on the configuration of the full set of products that you buy and on the licensing program in your contract."

More Microsoft Defender for Endpoint pricing and cost advice

"Our licensing fees for this solution are approximately one million dollars per year."

"The product is expensive, but it is better than the rest of them in the industry."

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

850,028 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

25%

Computer Software Company

12%

Government

Financial Services Firm

18%

Government

15%

Manufacturing Company

14%

Computer Software Company

12%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...

See all answers

Which offers better endpoint security - Symantec or Microsoft Defender?

We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...

See all answers

How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?

The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...

See all answers

What do you like most about McAfee Advanced Threat Defense?

I recommend this solution because of its ease of use.

See all answers

What needs improvement with McAfee Advanced Threat Defense?

There could be a tool that automatically updates all-new Microsoft IPs, which are available for free to connect to the client.

See all answers

What is your primary use case for McAfee Advanced Threat Defense?

We use the solution for client management and security. We used the whole suite for client Firewall, antivirus, and everything provided by Trellix.

See all answers

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Endpoint

Compared 8% of the time

Microsoft Intune vs Microsoft Defender for Endpoint

Compared 5% of the time

Symantec Endpoint Security vs Microsoft Defender for Endpoint

Compared 4% of the time

F-Secure Total vs Microsoft Defender for Endpoint

Compared 4% of the time

HP Wolf Security vs Microsoft Defender for Endpoint

Compared 4% of the time

More Microsoft Defender for Endpoint Competitors

Microsoft Defender for Identity vs Trellix Advanced Threat Defense

Compared 56% of the time

Fortinet FortiSandbox vs Trellix Advanced Threat Defense

Compared 44% of the time

More Trellix Advanced Threat Defense Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Endpoint

April 2025

Download Microsoft Defender for Endpoint product report

Buyer's Guide

Advanced Threat Protection (ATP)

May 2025

Download Trellix Advanced Threat Defense product report

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus

McAfee Advanced Threat Defense

Interactive Demo

Microsoft

Demo not available

Trellix

Overview

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Microsoft

Powerful advanced threat detection

Uncover Hidden Threats

Combine in-depth static code analysis, dynamic analysis (malware sandboxing), and machine learning to increase zero-day threat and ransomware detection.

Threat Intelligence Sharing

Immediately share threat intelligence across your entire infrastructure—including multi-vendor ecosystems—to reduce time from threat encounter to containment.

Enable Investigation

Validate threats and access critical indicators of compromise (IoCs) needed for investigation and threat hunting.

Trellix

Sample Customers

Petrofrac, Metro CSG, Christus Health

The Radicati Group, Florida International University, MGM Resorts International, County Durham andDarlington NHS Foundation Trust

Buyer's Guide

Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense

April 2025

Free Report: Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense

Find out what your peers are saying about Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense and other solutions. Updated: April 2025.

DOWNLOAD NOW

850,028 professionals have used our research since 2012.

See our Microsoft Defender for Endpoint vs. Trellix Advanced Threat Defense report.

See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.