No more typing reviews! Try our Samantha, our new voice AI agent.

ThreatLocker Zero Trust Platform vs VIPRE Endpoint Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 17, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
ThreatLocker Zero Trust Pla...
Ranking in Endpoint Protection Platform (EPP)
5th
Average Rating
9.4
Reviews Sentiment
7.1
Number of Reviews
79
Ranking in other categories
Network Access Control (NAC) (4th), Advanced Threat Protection (ATP) (4th), Application Control (1st), ZTNA as a Service (5th), ZTNA (5th), Ransomware Protection (1st)
VIPRE Endpoint Security
Ranking in Endpoint Protection Platform (EPP)
52nd
Average Rating
7.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of ThreatLocker Zero Trust Platform is 1.3%, up from 0.8% compared to the previous year. The mindshare of VIPRE Endpoint Security is 0.6%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
ThreatLocker Zero Trust Platform1.3%
VIPRE Endpoint Security0.6%
Other94.3%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Santo Joy - PeerSpot reviewer
Head Of Cyber Security at a outsourcing company with 201-500 employees
Security controls have been strengthened with granular application, ringfencing, and access policies
The features of ThreatLocker Zero Trust Endpoint Protection Platform that I like the most are the Ringfencing, elevation control, storage control, and application whitelisting functionality. For examples of how these features benefit my company, we were looking for a solution across various vendors to actually implement application whitelisting controls. ThreatLocker's agent, which is very lightweight and does not use much CPU or RAM, helped us achieve that solution. Ringfencing was an add-on that ticked off a lot of Australian framework security controls, which is the reason we chose it. My impression of the allowlisting feature in terms of managing which software, scripts, and libraries run on my devices is that ThreatLocker's community page has a lot of information around this, which is very helpful. Not only that, the Cyber Hero support that ThreatLocker provides gives us insights and best practices, helping us achieve that solution and guiding us to the right platform. The impact of Ringfencing on controlling the behavior of approved applications has been a big winner for us because it is something that many other platforms do not provide as a functionality. Having that allowed us to identify what applications talk to each other, which is something that many other platforms do not do. The network control feature impacts my ability to manage network traffic across my endpoints and servers. We have not used this widely across all our partners, but wherever required, we use it. It has been an easy solution for those customers to get that control implemented. The elevation feature's role in facilitating just-in-time administrative access for approved applications shows that elevation control helps in many use cases involving remote control platforms, door usage, and security system platforms that require local admins. There are many solutions that provide this functionality, but the licensing cost seems to be expensive, and it also adds another solution into the mix. Rather than doing that, we try to use ThreatLocker Zero Trust Endpoint Protection Platform to achieve that control. Regarding the storage control feature, I have used it. The primary function is USB blocking, which is very widely adopted, and also just locking down and allowing certain users to access certain file locations helps us there. When it comes to enforcing policy-driven access over various storage devices, it depends on the business risk adapted by the companies that we support, but generally the use case is USB and external storage devices where companies know that is a risk, but they do not have appropriate solutions. There are EDR platforms that claim to do this, but ThreatLocker Zero Trust Endpoint Protection Platform does it at an advanced level. My assessment of the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant sites leads me to think that Web Control is another functionality within ThreatLocker Zero Trust Endpoint Protection Platform that is an add-on on top of the current set. That is another solution that we use based on what is required for the company, but again, that is not widely adapted yet for our partners.
SS
IT Security Analyst at a healthcare company with 11-50 employees
Easy to upgrade and manage but needs better reporting
There just was a lot about it that I didn't like. For blocking certain items, such as USBs, we felt like it was slowing down the network too much. Therefore we utilized a GPO for blocking things like that instead. Our environment was big and I didn't feel like the console did a good enough job. We outgrew the product. I've been asking for a change for a couple of years now, and it finally got approved. In terms of the console, I had over 2000 endpoints in there and there wasn't even a search feature for me to look through them. If I had to find where a policy was I had to sort in alphabetical order to find an endpoint that I wanted. They need to offer a search function within the console - maybe something that shows a "last connected" notice. That way, it's easier to manage obsolete machines that you don't need anymore. They had a very vague setting, like after so many days, when do you want us to remove these, you'd see them. I just wish the console was a little more responsive when I would do commands. The reports could have been better. The product would show a lot of endpoints as not communicating. That was another pain point. We constantly had to run an SQL query to clean up the database as I would know immediately when I was in the console, that it just wasn't being responsive. I could tell I was being given bad data and that we had to clean up the database. As soon as I would clean up that database, it was like a purging of the SQL database and it would become a lot more responsive. The problem was that our environment was too big. We're going through a growth spurt right now. In the end, the solution is small and much better suited for a small business. We would get a lot of false positives and instead of them fixing the false positive, they would just want us to put in an exception, which I didn't care for. The product is based on an older model of signature files. It doesn't use any artificial intelligence or anything. It was slow to refresh the policies and computer scans. The larger we got, the more it became an issue. If a company stayed small, I'm not sure if they would have noticed.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Monitoring is most valuable."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised."
"I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market right now."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"It is a simple platform to use."
"While it can be frustrating at times, we appreciate the low-level security provided by the application whitelist."
"Overall, I would rate ThreatLocker Zero Trust Endpoint Protection Platform a ten out of ten."
"Our assessment of Elevation Control's role in facilitating Just-In-Time administrative access for approved applications is that we are loving it so far."
"ThreatLocker’s support has been second to none."
"The customer service and technical support of ThreatLocker Zero Trust Endpoint Protection Platform are phenomenal, top-notch and top drawer, always willing to help and showing exactly where we need to look to ensure we can have the tools we need for the next time, reducing the need to call into support."
"The most valuable feature is its learning capability."
"The customer service is excellent, ten out of ten."
"ThreatLocker Zero Trust Endpoint Protection Platform has helped reduce the incidents of clients getting exploits or ransomware put on their devices by 110 times."
"In general, it was pretty easy to manage."
"Technical support was always very helpful and responsive."
"It has low overhead as far as machine resources are concerned. Everything runs faster with VIPRE installed versus some of the competitors. It has also been pretty easy to use. It just runs and gives us reports. It also sends us alerts when there is something that we need to look at. It does its job, and you just look at the reports. In other ways, you just forget that it is there."
"It has improved the way our organization functions, made things run faster in our company, and has done a fantastic job of keeping our networks free of virus."
 

Cons

"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well."
"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"The deployment is pretty hard."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant."
"One of the things I would really like is the ability to create custom groups and assign machines to them."
"It would be beneficial to have a tighter integration into PSA systems so that approvals can be done directly without having to leave the PSA."
"My experience with the pricing, setup cost, and licensing of ThreatLocker Zero Trust Endpoint Protection Platform is that it replaced some tools, making it seem more competitive value-wise, but it is the flagship tool doing what it does, which means it is quite expensive."
"The reporting could be improved."
"More visibility in the built-ins would be nice."
"I have several clients in the last few months that have definitely caused a problem where a domain controller completely destroyed replication once Network Control was put in place, and now our AVD servers in Azure also lose domain trust occasionally and it is intermittent, making it rather hard to prove to ThreatLocker Zero Trust Endpoint Protection Platform that they really need to look at when there is a VPN in the middle of a domain controller."
"There are some times when applications get submitted, the hashes don't really line up."
"I think ThreatLocker Zero Trust Endpoint Protection Platform can be improved with an identity and multi-factor authentication module so that it can help manage situations when you elevate a command prompt to run as an administrator by incorporating its own MFA into that process."
"We would get a lot of false positives and instead of them fixing the false positive, they would just want us to put in an exception, which I didn't care for."
"Their management interface is a little buggy as it will hang up and crash from time to time."
"Their management interface is a little buggy. It requires a few system resources on the management interface. Its reporting can also be better. Overall, the reports are pretty good. They patch some third-party software, but if they can expand what they do for reporting and patch enterprise software, it would be handy."
 

Pricing and Cost Advice

"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"The solution is expensive. It's pricing is on a yearly-basis."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"I don't have any issues with the pricing. We are satisfied with the price."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The price is on the higher side, but it's okay."
"Our customers have expressed that the price is high."
"It has reasonable pricing for the use cases it provides to the company."
"The pricing is fair and there is no hard sell."
"The price is very reasonable, and we have been able to integrate ThreatLocker with all of our clients."
"We have not had any real issues with the pricing. As they have added more features, due to the way our contracts are structured with our customers, we have had to hold off on adopting the new features because they do add costs."
"Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools."
"Others say ThreatLocker is too expensive, and I tell them they're dreaming. It's well-priced for what it does."
"The price of ThreatLocker Allowlisting is reasonable in the market, but it is not fantastic."
"The pricing is pretty fair, considering other solutions. Licensing-wise, it did not take long."
"I can't complain. Cheaper would always be nice, but I think it's reasonable compared to other software in the cybersecurity market."
"Its price point has been phenomenal. Our previous solution from Trend Micro was triple the cost of it."
"Its price point has been phenomenal. Our previous solution from Trend Micro was triple the cost of it."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Computer Software Company
13%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
7%
Comms Service Provider
16%
University
9%
Computer Software Company
8%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business53
Midsize Enterprise14
Large Enterprise11
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
My experience with pricing, setup cost, and licensing for ThreatLocker Zero Trust Endpoint Protection Platform is goo...
What needs improvement with ThreatLocker Allowlisting?
My experience with ThreatLocker Zero Trust Platform has been fairly good with not a lot of complaints. If I have to s...
What is your primary use case for ThreatLocker Allowlisting?
I currently work in the Enterprise GitLab platform for Scania where we have a lot of users using our GitLab platform ...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Protect, Allowlisting, Network Control, Ringfencing
VIPRE Cloud, VIPRE Endpoint Security Cloud Edition, VIPRE Endpoint Security Server Edition
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
College Station ISD, Mid-West Companies, Guardian Network Solutions
Find out what your peers are saying about ThreatLocker Zero Trust Platform vs. VIPRE Endpoint Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.