No more typing reviews! Try our Samantha, our new voice AI agent.

Trellix Endpoint Detection and Response (EDR) vs Zscaler Client Connector comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
14th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
29
Ranking in other categories
No ranking in other categories
Zscaler Client Connector
Ranking in Endpoint Detection and Response (EDR)
24th
Average Rating
8.8
Reviews Sentiment
5.9
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 1.0%, down from 1.1% compared to the previous year. The mindshare of Zscaler Client Connector is 0.7%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Trellix Endpoint Detection and Response (EDR)1.0%
Zscaler Client Connector0.7%
Other94.7%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Duncan  Kims - PeerSpot reviewer
Business Development Manager at a retailer with 10,001+ employees
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network. SOAR integration has assisted our security team and management in trusting the product.
DA
IT Support Admin at Kuehne & Nagel Inc.
Client activity has been monitored efficiently through in-depth log analysis and traffic filtering
I use the Zscaler speed test, and it is very nice. We use some logs from Zscaler Client Connector to collect data and see what is happening, such as if there is an interruption or something. There is a specific tunnel version that we have to use because, depending on the internet provider, some of them have lower speed, so we have some issues. This is because of the provider, not from Zscaler. We use Office 365 services and Office applications, and because some connections are slow and they do not have full coverage from the internet provider, we have some issues. If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down. This may be because they put some policy. Of course, if you use Office 365 services such as Outlook, the minimum bandwidth is 5 megabits and more, so this causes issues if the users do not have a good remote connection. This depends on the companies and the users, so they need to fix it. This is not from us or our company. It is very useful, and the logs are very helpful. When we go to logs, we understand what is happening.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"Traps pays for itself within the first 16 months of a three-year subscription."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"I recommend this solution to others because it is easy to manage, reliable, and overall good to use."
"The solution helps find bugs, and it is safe to use to prevent attacks by hackers."
"The initial setup is pretty easy."
"The user interface of the solution is sophisticated and straightforward."
"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."
"The product provides a one-click recovery of encrypted files."
"Trellix Endpoint Detection and Response (EDR) is valuable because we have a Wide Area Network with many sites, and the EDR is cross-site since it is installed and managed from the cloud."
"It is a stable solution. Stability-wise, I rate the solution a nine out of ten...I rate the solution's technical support team a nine and a half or ten out of ten."
"The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus."
"My advice for others considering Trellix Endpoint Detection and Response (EDR) is to use it, or any other Trellix products, as I believe they are excellent."
"What we're using the most and what we found valuable in McAfee MVISION Endpoint Detection and Response are Web Control, Advanced Threat Protection, and Threat Prevention features."
"The most valuable feature I found in McAfee MVISION Endpoint Detection and Response is the guided analytics or guided EDR investigation."
"I'd rate the solution nine out of ten."
"Zscaler Client Connector has eliminated VPN bottlenecks and outages, improved user productivity with instant secure access, and reduced help desk tickets related to VPN issues, overcoming 60% of VPN-related problems while allowing faster onboarding of remote users and better enforcement of zero-trust security policies."
"It is very useful, and the logs are very helpful; when we go to logs, we understand what is happening."
"The real-time analytics feature in Zscaler Client Connector is another valuable feature called Digital Experience, or ZDX, which can easily identify the root cause of issues accessing public or internal resources and provide good analysis so relevant teams can quickly resolve them, making it a very good tool that helps customers."
"The best features of Zscaler Client Connector are that it gives the client a much more transparent experience, as they don't have to worry about connecting to a VPN."
"Zscaler Client Connector is quite scalable, and I would rate its scalability as nine or ten out of ten."
"It is very important to see what is happening between the user and the applications that we have, and to filter the traffic from outbound traffic and inside traffic."
"The solution operates in the background seamlessly without the user noticing."
 

Cons

"The technical support is not very good. I find the process difficult."
"The main issue I could point out is the offline agents and the way that it is missing."
"If they had pulse rate detection, it would be better."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"The graphical view for nodes must be increased."
"The console has a lot of bugs, and it creates many issues."
"The dashboard is split across different platforms. For example, if you want information on Incident Detection, you have to access one dashboard, and for DLP reporting, there's a separate platform. This fragmentation means you can't access everything from a single dashboard."
"Trellix does not support Linux and Mac."
"One of their issues is that they were very much based on agents, whereas most of the other solutions are clientless."
"The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually. Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months. The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans. McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules."
"The searching capabilities for the IOCs can be further improved"
"The endpoints and utilization are too high, which impacts the production activity."
"There is room for improvement regarding the price of Zscaler Client Connector, as it is one of the most expensive solutions available."
"There is a hard learning curve for Zscaler Client Connector; their support isn't the greatest all the time."
"Zscaler Client Connector is not low in cost; it is definitely on the higher side."
"If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down."
"I rate this product nine out of ten because I have seen some minor instability issues after updates and some room for UI improvement for deeper analytics, with instances of major issues after updating the GCC that required rollbacks."
"The stability of Zscaler Client Connector needs improvement, as it often disconnects and reconnects."
 

Pricing and Cost Advice

"Our license will require renewal in August, after which the maintenance will continue as usual."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"It has a yearly renewal."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"The price of the solution is high for the license and in general."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"Cortex XDR’s pricing is very reasonable."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The price is reasonable."
"McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users."
"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."
"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."
"The pricing is always high."
"The product’s pricing is reasonable."
"The cost is okay, compared to other products."
"On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten."
Information not available
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
15%
Construction Company
7%
Manufacturing Company
7%
Computer Software Company
7%
Manufacturing Company
21%
Financial Services Firm
10%
Government
9%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise3
Large Enterprise14
By reviewers
Company SizeCount
Small Business3
Large Enterprise5
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure abou...
What needs improvement with McAfee MVISION Endpoint Detection and Response?
Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trell...
What is your primary use case for McAfee MVISION Endpoint Detection and Response?
My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behav...
What is your experience regarding pricing and costs for Zscaler Client Connector?
My experience with pricing, setup cost, and licensing is that the pricing is fair, though it is a bit costly. It oper...
What needs improvement with Zscaler Client Connector?
For Zscaler Client Connector, I would appreciate more granular control over the client update rollout and slightly fa...
What is your primary use case for Zscaler Client Connector?
My main use case of Zscaler Client Connector is to provide secure, seamless access to the internet and internal appli...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Sutherland Global Services
Information Not Available
Find out what your peers are saying about Trellix Endpoint Detection and Response (EDR) vs. Zscaler Client Connector and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.