I would like to see a little more detail in the log. So, when an event occurs, I'd like to know not just when it happened and on what device, but what activity was taking place on the machine at the time so that we can drill down. If we get a false positive, we have to do a lot of research and go back and forth with our end-users to know why it was a false positive. So, having a little more detail around detections and events would probably be my most asked feature.

Its price can also be improved. It is really expensive.

The EPP solution lacks the sophisticated artificial intelligence required for automating reports and letting you know about things in real-time. It stops a suspicious activity in real-time, but it doesn't let you know in real-time. You have to look at a report, and then you find out that something is wrong. You have to manually kick off a scan.

With the Advanced EDR solutions, Malwarebytes has the ability to alert you in real-time, but they still don't do automatic remediation or quarantining of devices. That is something that you still have to do manually. So, the endpoint protection piece, which is just like their basic endpoint protection, lacks AI. For the advanced detection and response piece, there is an add-on that comes with it, but it still doesn't go far enough in terms of automatic remediation of viruses. It won't separate that virus from your network if something happens. You have to manually go there and do it.

I know of more than ten critical cases with clients which affect their use of the product adversely. We work with the Malwarebytes company a lot and have discussed the existing problems with the manager of Research and Development. He would not just say "You are right." But even though he knows that there are issues, there have been no changes in the results and improvements with the product even up until now.  

I want to help secure the environments of the clients I work for. I want to benefit a lot of people, a lot of clients and a lot of users. I have specific things, technical details for each feature and each use case that I have worked on. But the company is not making the broader changes they need to in the product to make it an effective solution.  

The most obvious problem is that basically the product comes up with a lot of false positives. This needs to be resolved.  

There are other particular pain points with the current solution which have to do with the reporting and the problems with difficulty of installation. But these are still not the biggest problems for people using the product.   

An additional feature I would like to see is a randsomeware roll back for 72 hours and for 100 GB of files. It is supposed to be a feature in the EDR to defend against randsomeware. But we cannot stop ransomware with EDR. We are supposed to be able to roll back the encrypted files. But it is a fact that, in production, we can not effectively roll back the ransomwares and encrypted files after this kind of attack. The company fails to say we can not go back. It is an important feature in these products and to the clients. But it is not effective.  

Malwarebytes is too simplistic. From a SOC IR perspective, it doesn't give you very much data around it. It doesn't tie things or provide SHA-1 and SHA-256 detection information, which makes it hard to do an additional investigation. It should give you more hash information, IOC-based information, etc. It also gives a lot of false positives. That's one of our biggest beefs. 

The interface could be improved. Currently, you need to really dig around to find the elements you need. It would be ideal if they could make it easier to navigate. The minimalistic design could be better.

Mainly from an enterprise point of view, they could probably get involved a little bit more with the firewall aspect. That said, Microsoft is doing quite a good job in this area. 

As long at they keep pace with the threats, we're pretty happy with them.

We have noticed that when the solution is doing the scanning, all the scanning activities make the device heavier. It slows down your machine. Alternatively, sometimes when it's scanning the application fast, you find that your applications will be slow in response. If you compare it to, for example, Trend Micro, this slow down doesn't happen when you use that solution.  

Basically, this solution seems to have issues with CPU and Memory. If you have got a good, high spec machine, then you won't feel it. If you go running SSDs and other stuff, you won't feel that performance issues. We have got customers in Fiji who are using 5,400 RPM hard disks, so they feel the pinch.

The solution is a bit expensive.

I'd like to see increased efficiency in terms of detecting false positives because we sometimes have cases where detections are repeated despite requests for them to be identified as false positives. It creates a problem for our security department and is annoying to deal with. Once you mark it as a false positive that should be it. 

It would be helpful if they were to introduce more flexibility in terms of cloud management because there are certain things that could be more granular or specific. It sometimes lumps three or four cases into one group. 

The pricing could be improved.

In terms of general improvement, I can't think of any features that are lacking. It's a pretty solid solution.

If they want to compete with bigger players, they should consider adding items like threat detection and website warnings.

Overall, I haven't found any ways the solution lacks in features or usability.

They could come up with better reporting capabilities.

If the company was going to do something, it would be great if they could open up the free version to an app blocker that would block malicious applications. I don't think they would do that because they need to make money but it's what I would suggest they do. There's no indication on the system as to when the software is doing a scan.

Additional features they could include would be notifications. The solution doesn't let you know that it's scanning the system, it's all done in the background and it might be helpful if a little icon popped up and said, I'm just running a scan for you.

The online reporting needs to be improved. Currently, we have to look at it online, and if we want to download a report, it just downloads as an Excel file. It's just raw information. There needs to be some way to better display it when it's downloaded.

It would be helpful if the solution could integrate with Unbuntu.

They can include advanced scanning and improve reporting. I scan malware on the pen drive. Some more reports need to be added for that. 

It should also provide better protection because we have a new version of the malware.