No more typing reviews! Try our Samantha, our new voice AI agent.

SonicWall Capture Client vs Trellix Endpoint Detection and Response (EDR) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.8
Cortex XDR reduces costs, minimizes incidents, improves ROI, and enhances efficiency with automation and seamless system integration.
Sentiment score
1.0
SonicWall Capture Client offers cost savings, improved security, reduced manual work, lower infection rates, and easy deployment for better productivity.
Sentiment score
6.2
Trellix EDR enhances detection, efficiency, and trust, supporting business goals with cost-effectiveness and improved security despite integration needs.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cyber Security Manager at Welab bank
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
Detection and Response Consultant at Inovasys
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
Network Security Engineer at Cyberwell Solution
The advanced detection and mitigation capabilities ensure the highest level of protection and proper detection for command and control and bot attacks.
Business Development Manager at a retailer with 10,001+ employees
I have seen a return on investment with Trellix Endpoint Detection and Response (EDR); a lot of time is saved as it minimizes the efforts of manual work.
Security Engineer at LTI Mindtree
 

Customer Service

Sentiment score
7.0
Cortex XDR's adaptable customer service excels in problem-solving, fast response, and professionalism, despite varying quality and log analysis suggestions.
Sentiment score
4.9
SonicWall Capture Client support is mixed, with some satisfied but many seeking faster response and improved escalation processes.
Sentiment score
6.6
Trellix EDR support receives mixed reviews, with praise for effectiveness and criticism for response times and support quality.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
Head of data centers at a non-profit with 10,001+ employees
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
Senior Process Expert at A.P. Moller - Maersk
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
Chief of IT Architecture at a financial services firm with 10,001+ employees
Partners can purchase single endpoints at prices equivalent to 1,000-endpoint deals, providing an advantage for managed security service provider partners.
Product Manager at wahana piranti teknologi
While their escalation process is understandable, it can be time-consuming as all logs need to be provided multiple times across different service levels.
Product Manager at a tech services company with 11-50 employees
I have contracted support and also have an operating control so I can get various types of support.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
On our servers, we do not want it to touch our resources, so we deployed Sophos XDR on the server.
Security Administrator at a insurance company with 1,001-5,000 employees
Customer support is a critical component of any enterprise EDR deployment.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable management and deployment capabilities for organizations, though affordability for smaller enterprises may be challenging.
Sentiment score
8.5
SonicWall Capture Client delivers scalable licensing, easy installation, cloud management, and an accessible interface, favored by small to medium businesses.
Sentiment score
7.1
Trellix EDR is scalable and favored for flexibility in endpoint management across diverse industries despite speed and support issues.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Assistant Security Architect at Cloudnomics
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Junior Security Analyst at ITSEC Asia
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Head of data centers at a non-profit with 10,001+ employees
There are no restrictions on the scalability of SonicWall Capture Client.
Product Manager at a tech services company with 11-50 employees
SonicWall Capture Client is accessed via cloud-based management console.
Product Manager at a tech services company with 11-50 employees
The installation process is straightforward, requiring only five pilot installations to enable customers to complete the remaining installations independently.
Product Manager at wahana piranti teknologi
Trellix Endpoint Detection and Response (EDR) is built on top of the ePO (ePolicy Orchestrator) management architecture, which is globally recognized as the most scalable endpoint management platform in cybersecurity history.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
Trellix Endpoint Detection and Response (EDR) is really scalable, allowing easy deployment with its agent across all devices and servers within the organization.
Security Engineer at LTI Mindtree
 

Stability Issues

Sentiment score
8.0
Cortex XDR is reliable and stable, with minor issues outweighed by consistent performance and highly rated dependability.
Sentiment score
8.6
SonicWall Capture Client's stability divides opinion, praised for threat prevention but critiqued for high resource consumption and slowdowns.
Sentiment score
7.9
Trellix EDR is generally stable but can be resource-intensive, with improvements noted in newer versions and experienced user advantages.
Cortex remains fast and responsive, even with increasing data and alerts.
Final Year Student at Gitam University
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Senior Process Expert at A.P. Moller - Maersk
Cortex XDR by Palo Alto Networks can be trusted completely.
Soc Analyst at Softcell Technologies Limited
So I have to use Sophos XDR on servers because Sophos XDR does not consume resources.
Security Administrator at a insurance company with 1,001-5,000 employees
 

Room For Improvement

Cortex XDR needs improved UI, integration, affordability, monitoring, false positive handling, Mac OS support, and better AI features.
SonicWall Capture Client suffers from performance issues, outdated interface, high RAM use, and lacks robust threat detection and support.
Trellix EDR needs AI upgrades, resource optimization, interface improvements, better integration, and refined alerts for enhanced performance.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
Final Year Student at Gitam University
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Pre Sales Architect at network techlab
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cyber Security Information Security Specialist at MHM Holding GmbH
One of the drawbacks is that I cannot use Advanced and Premier licenses within a single tenant, which can be problematic when users need to deploy different licenses.
Product Manager at a tech services company with 11-50 employees
XDR cannot be used unless MDR services are purchased with SonicWall.
Product Manager at a tech services company with 11-50 employees
A significant limitation is that SonicWall Capture Client cannot be installed on smartphones, as there is no mobile version available.
Product Manager at wahana piranti teknologi
I am seeing, for workflows, some sort of ethical hacking to test our environment.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
Trellix Endpoint Detection and Response (EDR) scores highly because of its sheer depth of endpoint visibility, the precision of its behavior-based detection, and the massive time savings we get from its AI-guided investigations.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
Trellix Endpoint Detection and Response (EDR) is interesting and is a very good entry point that has been evolving through the last years.
Committee Of IT Cybersececurity at a energy/utilities company with 51-200 employees
 

Setup Cost

Cortex XDR is pricier than some rivals but offers flexible pricing and robust features, costing $55-$90 per endpoint monthly.
SonicWall Capture Client pricing receives mixed reviews for cost-effectiveness, varying by business size, region, and additional costs.
Trellix EDR offers competitive pricing with volume discounts, but requires a three-year contract and advanced features can be costly.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
Consultant at a tech services company with 1,001-5,000 employees
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Senior Process Expert at A.P. Moller - Maersk
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
Soc Analyst at Softcell Technologies Limited
SonicWall Capture Client offers a cost-effective solution that's cheaper compared to other vendors like CrowdStrike.
Product Manager at a tech services company with 11-50 employees
For the license requirement, we worked with the vendor to secure the minimum price for Trellix endpoint solutions, with no additional costs charged by the vendor.
Security Engineer at LTI Mindtree
Trellix is highly competitive in the enterprise market because they offer aggressive volume-tiered discounting levels, such as levels A through D.
Especialista Sr Seguridad Endpoint at Total Cyber Sec
My experience with pricing, setup cost, and licensing is very cost-effective.
Business Development Manager at a retailer with 10,001+ employees
 

Valuable Features

Cortex XDR by Palo Alto Networks provides AI-driven threat detection, automation, and seamless integration, simplifying security for analysts.
SonicWall Capture Client provides robust protection features, including rollback, machine learning, and dual-agent real-time threat detection.
<p>Trellix EDR enhances threat detection with AI-driven analytics, behavior monitoring, centralized management, and seamless MITRE ATT&amp;CK integration.</p>
It incorporates AI for normal behavior detection, distinguishing unusual operations.
Cyber Security Manager at Welab bank
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
Pre Sales Architect at network techlab
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Final Year Student at Gitam University
Machine learning is particularly effective due to SonicWall sandboxing's threat intelligence database of approximately 7.1 billion entries.
Product Manager at wahana piranti teknologi
One is that users can use the sandbox of SonicWall, which is called Capture ATP for free.
Product Manager at a tech services company with 11-50 employees
Trellix Endpoint Detection and Response (EDR) has very good threat hunting capability.
Security Administrator at a insurance company with 1,001-5,000 employees
Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network.
Business Development Manager at a retailer with 10,001+ employees
Trellix Endpoint Detection and Response (EDR) has positively impacted my organization by allowing us to protect our servers from malware and attacks, ensuring we can safeguard our clients.
Senior Information Security Specialist at a consultancy with 51-200 employees
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
SonicWall Capture Client
Ranking in Endpoint Detection and Response (EDR)
46th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
11
Ranking in other categories
Endpoint Protection Platform (EPP) (41st)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
14th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
29
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of SonicWall Capture Client is 0.8%, up from 0.6% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Trellix Endpoint Detection and Response (EDR)1.0%
SonicWall Capture Client0.8%
Other94.6%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HT
Product Manager at wahana piranti teknologi
Has consistently delivered double-layer protection and simplified policy application while needing mobile compatibility and better MacOS support
A significant limitation is that SonicWall Capture Client cannot be installed on smartphones, as there is no mobile version available.Occasionally, the Sentinel engine becomes unresponsive, particularly when customers do not properly restart or shutdown their systems. This requires a hard restart after installation to resolve the issue. Installation on Mac OS can be challenging, requiring multiple attempts due to version compatibility requirements. We must ensure the SonicWall Capture Client version is stable for Mac OS. The RAM usage is higher compared to SentinelOne, utilizing approximately 150 megabytes of memory. This is a common concern from customers, and reducing RAM consumption would be beneficial.
Duncan  Kims - PeerSpot reviewer
Business Development Manager at a retailer with 10,001+ employees
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network. SOAR integration has assisted our security team and management in trusting the product.
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
11%
Computer Software Company
8%
Government
8%
Manufacturing Company
8%
Financial Services Firm
15%
Construction Company
7%
Manufacturing Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business11
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise3
Large Enterprise14
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for SonicWall Capture Client?
SonicWall Capture Client offers a cost-effective solution that's cheaper compared to other vendors like CrowdStrike.
What needs improvement with SonicWall Capture Client?
A significant limitation is that SonicWall Capture Client cannot be installed on smartphones, as there is no mobile v...
What is your primary use case for SonicWall Capture Client?
The solution is used primarily in hospitality, specifically hotels, and manufacturing sectors. Approximately 70% of u...
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure abou...
What needs improvement with McAfee MVISION Endpoint Detection and Response?
Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trell...
What is your primary use case for McAfee MVISION Endpoint Detection and Response?
My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behav...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Luton College
Sutherland Global Services
Find out what your peers are saying about SonicWall Capture Client vs. Trellix Endpoint Detection and Response (EDR) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.