Trellix Endpoint Detection and Response (EDR) Reviews

The product provides a one-click recovery of encrypted files. Threat hunting is marvelous.

The product must improve the ability to work with different operating systems like Windows and macOS. The CPU utilization of the product is quite high compared to its competitors. The agent file size is higher. The number of services that run on a system is quite high. Other EDR solutions have only a single service running on it.

I have been working with the product from the day of inception. I am using the latest version of the solution.

The stability is good. I rate the stability a nine and a half out of ten.

I rate the tool’s scalability a ten out of ten. The solution is suitable for small, medium, and large enterprises.

The support is great.

Positive

The initial setup is simple. It can be done in a couple of days. The solution is cloud-based.

The product’s aggressiveness in competing with the competitor's pricing is almost nil. The pricing is always high. I rate the pricing a three and a half out of ten.

We can compare the tool with SentinelOne and CrowdStrike. Kaspersky and Trend Micro cannot compete against the solution.

People must always evaluate the product first. They must see the difference in manageability and flexibility of the licenses. They must also consider the manageability and flexibility of the software before making a decision. Overall, I rate the solution a nine out of ten.

It has been helpful in terms of identifying unknown threats. The file is available on the endpoint, and the information is retrieved to identify any unknown or malicious file and then converted to a known file.

The endpoints and utilization are too high, which impacts the production activity. 

There are no additional features I would add. The McAfee MVISION Endpoint Detection and Response already has multiple features required for an IT solution.

We have been using this solution for two years, and it is deployed on-premises.

From a solution point of view, it is a stable solution.

It is a scalable solution and very easy to use in terms of hardware or sizing.

In terms of the number of users, because we are a banking environment, the IT department, bankers and people on the business side use this solution. Therefore, a minimum of five people is required to manage the environment. We currently use it to its full extent but plan to replace it.

The technical support is very good, and we have never had problems with them.

Neutral

We used a different solution for more than 15 years before we migrated to McAfee MVISION Endpoint Detection and Response.

The initial setup was very straightforward. I rate the initial setup experience an eight out of ten. We used a third-party tool, and the deployment took a couple of months. 

Regarding ROI, I do not have precise numbers, but I rate it a four out of ten. 

We have a perpetual license that is renewed annually. I do not know the specific price in terms of costs, but I rate the cost a six out of ten. We also get the whole package for this solution in a bundle.

Before we chose McAfee MVISION Endpoint Detection and Response, there were other options available like Carbon Black, Cisco and Trend Micro.

If I were to advise on this solution, it would be that irrespective of the endpoint a company uses, it should have a good endpoint configuration. I would rate this solution a nine out of ten.

I've used Trellix EDR to improve endpoints and servers' security and feed into MDR solutions.

The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly.

I'd like the tool to become more like an XDR, with one management system and endpoint activation.

I have been using the solution for seven years. 

Sometimes, stability issues come from incorrect partner deployments, not Trellix EDR itself.

I rate the tool a seven out of ten. To improve it, I'd like a cloud-based management system where I only need to put a correlator at the client's site, as CyberArk does. The best setup would be cloud management, a manager in a VM, and super agents on endpoints.

My opinion about technical support might be biased because I have direct access to top-level senior staff. I know some people struggle with support if they go through normal channels.

Positive

Setting up the solution is easy for me because I've been in cybersecurity for almost 30 years, but new users might find it hard. Depending on the client's needs, it can be set up on-premises, in a private or hybrid cloud, or fully in the cloud. Setting it up can take a few days for small environments or months for big companies with thousands of endpoints.

Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand.

Our clients are usually medium-sized and enterprise businesses. Overall, I would recommend Trellix EDR to others. I'd rate it eight and a half out of ten. No EDR or XDR solution gets a nine from me right now because they all have room for improvement. 

We're looking at the logs, and the customer defines the solution's use cases.

Trellix Endpoint Detection and Response is a user-friendly solution. The biggest strength of the solution is that it's an integrated product that includes EDR and antivirus. It's not like you have different technologies for different solutions.

Some modules that are doing machine learning and artificial intelligence are blocking our processes.

I have been using Trellix Endpoint Detection and Response for one year.

Overall, I rate Trellix Endpoint Detection and Response an eight out of ten.

As a user, I didn't have any concerns about technical aspects where I was working previously. Working together. So, we sell licenses of McAfee. We had a promotional activity in which when you buy a cell phone, you get a McAfee subscription for mobile, and we used to offer a license of McAfee with an internet connection.

Blocking browser navigation is a feature of the solution with which we have experienced success.

The fact that it is easy to manage by consumers, families, small businesses, or parents while blocking traffic is a valuable feature of the solution.

For Spanish users, it is necessary to have a knowledge base specifically designed for them, which is currently not available.

Blocking other browsers should be a feature introduced in the solution. At this time, you can control Safari and Microsoft Edge. But I don't know about the other browsers.

I have been using McAfee MVISION Endpoint Detection and Response for five years. We use the solution on mobile and in the cloud. Also, my company is a reseller.

There are issues with the solution on the other browsers. So, I don't know if any feature is enabled in the solution to resolve the issues.

We have been providing a lot of licenses, and we never had a problem. So, it is a scalable product. For personal use in my family, I may have plans to use it.

I rate the technical support a ten out of ten.

Positive

The solution's initial setup process was simple.

There has been a return on investment since it is a good business. Hence, we embedded the solution in our services. So, I know that this is a good investment.

My company does provide the solution at a good price for our customers. The solution needs to support their Spanish customers. Overall, I rate the solution a nine out of ten.

The product works as a preventive tool. It checks for signatures as well as behaviors.

If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts. It creates reports on the incidents and provides the details to us. The product is very easy to scale and implement.

The product must focus on improving the appliances. The console has a lot of bugs, and it creates many issues. It is very tedious to troubleshoot the issues sometimes. The support team does not help. We solve our problems by testing things we find on Google and other forums where people give suggestions about the product. The product has very limited options for creating policies. The product could provide more options for creating policies. The options must be customizable according to the user’s requirements.

I have been using the solution for more than two years.

I rate the tool’s stability an eight out of ten.

The tool is scalable. We have implemented it across the organization. I would recommend the tool for both small and large companies.

The support team is the worst. The support team must improve its knowledge.

Negative

We used an anti-malware solution before we started using Trellix.

The solution is deployed on the cloud. The initial setup was simple.

The deployment took nearly a month. Trellix’s team helped us deploy the product. They were helpful during the purchasing and implementation process. Four or five people in the organization manage and maintain the solution.

The product’s pricing is reasonable. However, we have to have a minimum contract of three years. The licensing model is not so good. Advanced threat intelligence features are very expensive.

We are planning to change the vendor. We have one more year of contract on the product. Companies must use EDR, but they must research before choosing vendors. Overall, I rate the solution an eight out of ten.

My company's clients use the solution to detect the early stages of attacks and to react to the strange things that happen on the endpoints.

Visualization of cyberattacks is one of the most valuable features of the solution.

It is tough to comment on what needs improvement in the solution. At the moment, it is difficult to recall and comment on what needs to improve in the solution.

The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms. At this moment, I want the solution to integrate with more XDR tools. The solution should provide its users an ease of administration in future releases.

My company has spoken to McAfee about their solution being on the pricier side. So, McAfee is aware that there is room for improvement in its pricing strategy.

I have been using McAfee MVISION Endpoint Detection and Response for over two years. So, my company has a partnership with McAfee. Though I don't remember the version of the solution I am working on, it is the latest one since it is a common security practice to use the updated version of the tool.

It is a stable solution. Stability-wise, I rate the solution a nine out of ten.

I won't be able to comment on the solution's scalability since, at the moment, we do not need to consider scalability or expansion. However, it is probably easy to scale up since the solution is deployed on AWS. My company has clients who run small, medium, and enterprise-sized businesses. The number of uses using the solution depends upon the company or business size. So, there have been times when a client using the solution has over 1000 users using the tool.

I rate the solution's technical support team a nine and a half or ten out of ten.

Positive

The solution's initial setup process was easy and straightforward. On a scale of one to ten, where one is difficult and ten is very easy, I rate the solution's initial setup a ten out of ten. The solution is usually deployed on the cloud platform.

The solution is usually deployed on the cloud platform. Though unsure, I feel the solution is deployed using AWS since I am referring to the users in Europe. The deployment process took place over a few days. The deployment process is covered by the client and distribution services team. The deployment process involves fire and forget, wherein the agent is sent to the user. All the settings are within the agents, and only the installation needs to be done for the deployment process to be completed.

On a scale of one to ten, where one is low and ten is high, I rate the solution's pricing an eight out of ten. McAfee MVISION Endpoint Detection and Response is pricey compared to other solutions in the market.

Though I cannot remember the approximate licensing cost of the solution, it would definitely depend upon the customer, the overall pricing of the solution, and the additional features.

One needs to incur retention costs in addition to the standard licensing fees paid for the solution.

I would tell those planning to use the solution in the future that if they already have McAfee products, then they should go for it since the solution integrates well with other McAfee tools and with some endpoint protection platforms or DLP that are deployed on-premises.

The software will have bugs in them at some point, and bug-related issues are to be taken care of by technical support. Our company reports such issues, and the technical support team tries to resolve them. Presently, this process works well for us. Overall, I rate the product an eight out of ten.

I'm a consultant. One of my clients was experiencing attacks on one of his endpoints, so we installed McAfee MVISION Endpoint Detection and Response, and we used it to check if the other endpoints were also being attacked. This is one of the uses cases of the solution: threat hunting.

Another use case is that McAfee MVISION Endpoint Detection and Response consolidates all the information back to the MVISION Insights, so that's threat intelligence information, and we match whatever IOC we have, together with the current attack campaign data in the McAfee databases.

The most valuable feature I found in McAfee MVISION Endpoint Detection and Response is the guided analytics or guided EDR investigation. Normally, when you use an EDR solution, you need to have an analyst to understand all the artifacts, then you come up with the question and come up with the answers. With the guided investigation feature in McAfee MVISION Endpoint Detection and Response, DoD is easier, because the tool does the analysis itself, based on the artifact, then it maps back into the MITRE Framework and gives us all the answers.

An area for improvement in McAfee MVISION Endpoint Detection and Response is the historical search. For example: when you have information on the artifact and a precedent, you want to do a search, and that is a bit lacking in the tool.

Another area for improvement is in the automation feature of McAfee MVISION Endpoint Detection and Response, because it still needs some work in terms of integration.

What I'd like in the next release of McAfee MVISION Endpoint Detection and Response is the ability to use it with a newer security platform. This means that the information you get from network parameters such as IPS and firewalls can be pumped back to the tool, so we can match all the information to do better threat hunting. Threat hunting is only on the endpoints, so if McAfee MVISION Endpoint Detection and Response could cover everything, that would be good.

We've been using McAfee MVISION Endpoint Detection and Response for a year, and we're using its latest version.

The stability and performance of McAfee MVISION Endpoint Detection and Response are quite good, especially because it's still using the same agent. It doesn't require hardware, as long as there's good internet connectivity, for example: the bandwidth of the customer in the office is quite good, so the tool seems okay. I don't see anything lacking in terms of its performance. It's quite a good tool.

Because McAfee MVISION Endpoint Detection and Response is deployed on cloud, scalability is not an issue. You have to look at scalability in terms of the endpoint agent. If the endpoint control panel is good enough or is large enough, scalability is good enough, so it won't be much of an issue.

McAfee technical support has been not that great in the past two months, and it could be because they just merged with another company. Their level of support was high previously, but now it's not so good, and it's not on par with what I expect. On a scale of one to five, I would rate their support a three.

We already have the baseline for the current endpoint, so deploying McAfee MVISION Endpoint Detection and Response was simpler.

I was the one who did the deployment for a customer, and it was quite straightforward. Because we already have the baseline and we used the same engine and the same integration, deployment of McAfee MVISION Endpoint Detection and Response took less than two days.

Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses.

There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period.

We don't use any backup protection, but previously, we used Commvault for backups.

In terms of maintaining the tool, you don't have to do a lot of fine tuning, because the fine tuning will happen on the endpoint protection, in particular, the tool will do all the hunting. What we just need to do is to monitor the data location and the database.

My rating for McAfee MVISION Endpoint Detection and Response is eight out of ten.