No more typing reviews! Try our Samantha, our new voice AI agent.
Trellix Active Response Logo

Trellix Active Response Reviews

Vendor: Trellix
3.5 out of 5
Leave a review

What is Trellix Active Response?

Trellix Active Response is designed for efficient endpoint protection and incident handling, with features like advanced analytics and user behavior monitoring. It allows swift identification of vulnerabilities and supports effective incident management through seamless system commands.

Get the Endpoint Detection and Response (EDR) Buyer's Guide and find out what your peers are saying about Trellix Active Response, CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and more!
Trellix Active Response is the #49 ranked solution in EDR tools. PeerSpot users give Trellix Active Response an average rating of 7.0 out of 10. Trellix Active Response is most commonly compared to CrowdStrike Falcon: Trellix Active Response vs CrowdStrike Falcon. Trellix Active Response is popular among the small business segment, accounting for 39% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 18% of all views.
Buyer's Guide
Endpoint Detection and Response (EDR)
April 2026
Get the category report
Helped 892,678 peers since 2012

Featured Trellix Active Response reviews

Read more reviews

Trellix Active Response mindshare

As of May 2026, the mindshare of Trellix Active Response in the Endpoint Detection and Response (EDR) category stands at 0.6%, up from 0.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Trellix Active Response0.6%
CrowdStrike Falcon7.7%
Microsoft Defender for Endpoint6.0%
Other85.7%
Endpoint Detection and Response (EDR)
 
 
Key learnings from peers

Valuable Features

Trellix Active Response offers enhanced analytics, user behavior analysis, and lightweight operation, unlike its CPU-intensive predecessor. Alerts notify of vulnerabilities promptly, aiding swift response deployment and operational efficiency enhancement. It enables network disconnection and system shutdown during incidents. Continuous monitoring supports MDR launch, correlating incidents and providing quick investigation reports. It's valuable for incident detection and response, offering visualization and logging capabilities.
  • "We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home."
  • "The solution is scalable."
  • "With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version, such as analytics, user behavior analytics, triaging, and meaningful reporting."

Room for Improvement

Trellix Active Response should enhance its lightweight nature and improve whitelisting and blacklisting capabilities. There is a need for advanced analytics and AI features. Users experience resource consumption issues and seek better cloud and on-prem integration. A more analytical user interface and improved dashboard visibility are desired, along with optimization for operational technology devices. Technical support and performance in handling engineering automation systems could also be improved.
  • "I expected Active Response's user interface to be much more analytical."
  • "While the product is good, we are currently facing support issues."
  • "The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer."

ROI

Users highlighted significant improvements in threat detection and response times with Trellix Active Response, noting a measurable drop in incident resolution timeframes. Several users observed enhanced operational efficiency and cost savings attributed to proactive threat management capabilities. They also commended the intuitive interface and robust integration features, emphasizing its impact on streamlining cybersecurity workflows. An increase in the security team's productivity and a more effective allocation of resources were frequently mentioned benefits.

Pricing

Trellix Active Response typically offers a transparent pricing model with no setup costs, ensuring a smooth integration process for users. Pricing methods usually involve subscription-based models, accommodating per-user or per-endpoint licensing options. The pricing range varies based on the specific features and level of support required, catering to diverse organizational needs and budgets.

  • "Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."

Popular Use Cases

Organizations utilize Trellix Active Response primarily for endpoint protection on corporate-issued laptops and desktops. It supports remote workers by monitoring tools used daily, ensuring quick incident response. Trellix Active Response collects and correlates logs through the ePO dashboard, providing visibility for threat hunting and defense. Currently, it is replacing older systems, aiming to protect around 1,300 endpoints upon full deployment while maintaining parallel implementations for smoother transitions.

Service and Support

Trellix Active Response technical support is considered satisfactory by users. Engineers managing it report good experiences, although finding engineers quickly can sometimes be challenging. Interaction with partners and resellers usually occurs without issues, though the pandemic has slowed partner visits. Feedback on McAfee's support indicates room for improvement, with one user rating it seven out of ten. Companies handle support issues directly with McAfee and have not experienced significant technical problems.

Deployment

Trellix Active Response's initial setup was considered straightforward by various companies. Organizations used global policies and a combination of scans for deployment. Challenges included handling older versions, which required uninstalling before updates. Deployment was typically phased, with some using Microsoft SCCM. Teams often included engineers and specialists for managing operations. The separation of on-premises and cloud components simplified configuration, and the setup process generally lasted three to six months with user acceptance tests before production.

Scalability

Users mention Trellix Active Response as highly effective in handling large volumes of data with seamless integration. They appreciate its ability to easily scale for growing business requirements, noting strong performance and reliability. Some also highlight quick setup and straightforward deployment, making it a valuable tool for extensive security frameworks.

Stability

Users feel Trellix Active Response provides reliable performance and remains stable even under heavy use. They appreciate its consistent uptime and note that it rarely crashes. Some find it performs well in complex environments, handling large datasets efficiently. However, a few mention occasional delays during peak usage. The general sentiment emphasizes its robustness and dependability in various operational contexts.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Endpoint Detection and Response (EDR) Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Financial Services Firm
18%
Construction Company
16%
Comms Service Provider
13%
Performing Arts
7%
Healthcare Company
6%
University
4%
Aerospace/Defense Firm
4%
Non Profit
4%
Marketing Services Firm
3%
Computer Software Company
3%
Transportation Company
3%
Educational Organization
3%
Government
1%
Outsourcing Company
1%
Hospitality Company
1%
Pharma/Biotech Company
1%
Real Estate/Law Firm
1%
Recreational Facilities/Services Company
1%
Insurance Company
1%
Legal Firm
1%
Logistics Company
1%
Manufacturing Company
1%

Compare Trellix Active Response with alternative products

Go!

Learn more about Trellix Active Response

Focused on enabling secure corporate workstations, Trellix Active Response offers quick incident responses, comprehensive threat hunting, and defense visualization. The system prioritizes rapid log collection and correlation via the ePO dashboard, aiming to protect approximately 1,300 endpoints, especially on remote worker desktops and laptops. While it brings robust monitoring and investigation capabilities, the solution seeks improvements in analytics, interface clarity, and memory performance. There is a need for enhanced integration with on-premises deployments and AI functionalities.

What are the key features of Trellix Active Response?
  • Advanced Analytics: Facilitates proactive threat detection and rapid correlation.
  • User Behavior Monitoring: Provides insight into potential threats through continuous monitoring.
  • Efficient Alert System: Identifies endpoint vulnerabilities swiftly, enabling immediate action.
  • Incident Management Commands: Supports network disconnection and system shutdown.
  • Visualization and Logging: Ensures efficient threat detection with minimal CPU impact.
What benefits should users look for in reviews?
  • Rapid Incident Response: Quick collection and correlation of logs for effective threat management.
  • Comprehensive Threat Hunting: Enhanced visualization capabilities and threat defense insights.
  • Minimal CPU Strain: Maintains performance while processing complex analytics.
  • Enhanced Protection: Regular updates and integration with existing security setups.

In corporate settings, Trellix Active Response is deployed for endpoint security, particularly for remote workstations that require robust protection. Companies transitioning from existing setups to Trellix benefit from its integration capabilities and threat hunting efficiency, supporting better management of active response tasks. Industry users appreciate the visual dashboard for improved threat response.

Trellix Active Response was previously known as McAfee Active Response.

Trellix Active Response customers

Liquor Control Board of Ontario

Related questions

  • 320
What is the biggest difference between EPP and EDR products?
  • 103
What is the difference between EDR and traditional antivirus?
  • 77
What is your recommendation for a 5-star EDR with low resource consumption for a financial services company?
  • 80
Which is the best EDR for a logistics company with 500-1000 employees?
  • 153
What is the best EDR or XDR product for a company with 9000 employees?
  • 180
What to choose: an endpoint antivirus, an EDR solution or both?
  • 269
Do we need to use both EDR and Antivirus (AV) solutions for better protection of IT assets?
  • 86
How does EternalBlue work?
  • 87
What are the best on-premise Endpoint Security solutions for a Tech Services company with 10,000 employees?
  • 192
Which is better for Endpoint Security: EDR or XDR solutions?

Product Categories

Product Categories
Endpoint Detection and Response (EDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Trellix Active Response Logo
CrowdStrike Falcon vs Trellix Active Response
Cortex XDR by Palo Alto Networks vs Trellix Active Response Logo
Cortex XDR by Palo Alto Networks vs Trellix Active Response
Microsoft Defender for Endpoint vs Trellix Active Response Logo
Microsoft Defender for Endpoint vs Trellix Active Response
IBM Security QRadar vs Trellix Active Response Logo
IBM Security QRadar vs Trellix Active Response
Huntress Managed EDR vs Trellix Active Response Logo
Huntress Managed EDR vs Trellix Active Response
Tanium vs Trellix Active Response Logo
Tanium vs Trellix Active Response
Trellix Endpoint Security Platform vs Trellix Active Response Logo
Trellix Endpoint Security Platform vs Trellix Active Response
Microsoft Defender XDR vs Trellix Active Response Logo
Microsoft Defender XDR vs Trellix Active Response
WatchGuard Firebox vs Trellix Active Response Logo
WatchGuard Firebox vs Trellix Active Response
Fortinet FortiEDR vs Trellix Active Response Logo
Fortinet FortiEDR vs Trellix Active Response
TrendAI Vision One vs Trellix Active Response Logo
TrendAI Vision One vs Trellix Active Response
Cisco Secure Endpoint vs Trellix Active Response Logo
Cisco Secure Endpoint vs Trellix Active Response
Lookout vs Trellix Active Response Logo
Lookout vs Trellix Active Response
Stellar Cyber Open XDR vs Trellix Active Response Logo
Stellar Cyber Open XDR vs Trellix Active Response
Red Canary vs Trellix Active Response Logo
Red Canary vs Trellix Active Response
See all alternatives
 
Trellix Active Response Reviews Summary
Author infoRatingReview Summary
Senior Manager Operational Technology and Cyber Security at Eskom Ltd4.0We use Trellix Active Response primarily for desktop endpoints, benefiting from its alerts that enhance threat detection and response efficiencies. Improvement is needed for operational technology devices. We see an ROI but didn't evaluate alternatives or use prior solutions.
Information Security Engineer at Nhq Distribution Ltd4.0I've used Trellix Active Response for nine years; it offers strong incident response, quick investigation reporting, and threat visualization, though the dashboard could be clearer. Setup has improved, and I rate it an eight out of ten.
IT Security Manager at Telecommunications Services of Trinidad & Tobago Limited (TSTT)3.0I'm in early stages with Active Response, hoping for automation and remote visibility. Setup was easy, but I found the UI not analytical enough and the price higher than expected. My initial rating is 6/10, and I advise thorough testing.
IT Security Manager at Telecommunications Services of Trinidad & Tobago Limited (TSTT)3.5We find McAfee improved with better analytics and a lighter footprint than older versions. However, it's not truly lightweight, lacks some features, and we're ultimately seeking a more advanced, unified next-gen AV solution with stronger AI.
Senior Manager Information Technology at a pharma/biotech company with 10,001+ employees3.0I find this EDR solution good, stable, and scalable, with straightforward setup. However, I am experiencing support issues and find its high resource consumption, especially memory, a significant concern.