Trellix Endpoint Security Platform Reviews

We primarily use the solution as a basic antivirus. It's for protection. We centralize the management of 50 computers. 

The solution offers us more security and less chance of getting a virus. So far, we have had no viruses. 

So far, the experience has been positive. 

The pricing is good. It is very reliable. 

It offers good centralized management.  

The solution is scalable.

It is stable. 

I found the initial setup to be easy. 

We'd like better UI on the management screen. It could be a bit simplified, which would make it easier to use. 

I've used the solution for a while. I've used it for two years so far. 

The solution has high stability. It doesn't crash or freeze. There are no bugs or glitches. The solution has been reliable. 

The solution has a high level of scalability. It is easy to expand as needed. 

I've never used technical support at all. I cannot speak to how helpful or responsive they would be. 

I also used Kaspersky. I used it for two years and then replaced it with McAfee. 

The setup was straightforward. I did not find the process to be complex at all. 

I have not measured any ROI at this time. 

The pricing is reasonable. I'd rate it nine out of ten. It is quite affordable. 

I am an end-user. 

I'm using the latest version of the solution. 

The pricing has been very useful so far. I'd rate it nine out of ten. 

We use Trellix Endpoint Security for pattern-based scanning. We use it on all our handsets. We also use it for behavior-based adaptive threat prevention; it's a solution that will recognize malicious behavior.

I like trap prevention DNS and threat prevention.

I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting.

I have been working with Trellix Endpoint Security for about 15 years.

Trellix Endpoint Security is mostly stable. I haven't had any false positives in the last few years.

On a scale from one to ten, I would give stability a nine.

Trellix Endpoint Security is very scalable. Our company has three users, but we have more than 3000 devices.

Technical support is good, and that's an important thing to have. They are very helpful and care about our needs. The best thing is that they speak German, and we can talk to them naturally in our language.

The initial setup is quite straightforward.

Trellix Endpoint Security is best suited for large companies. I would tell potential users to find an excellent partner to configure and build a basic policy setup. A third-level contact is also essential if it's not part of your daily responsibility. 

On a scale from to ten, I would give Trellix Endpoint Security a nine.

We use Trellix to secure our customers' endpoint devices and the cloud. It was a McAfee solution before the Trellix acquisition. Trellix has a full portfolio for local and cloud protection. McAfee MVISION products are managed on the cloud, but some customers need an on-premise local management console.

The central management console is powerful. You can manage endpoints, DLP, encryption, and all the other features from a single console. 

Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing. 

I have used Endpoint Security for more than 10 years.

I rate Trellix nine out of 10 for stability. 

I rate Trellix 10 out of 10 for scalability. 

I rate Trellix support nine out of 10. 

Positive

I have always used McAfee, but I know a little about Symantec. I used it more than a year ago. 

I rate Trellix seven out of 10 for ease of setup. It is a complex tool, but you can use many of the new features while you're installing it. The deployment time varies depending on the number of endpoint accounts and how the client is distributed. It typically takes less than a day for a large enterprise. If nothing goes wrong, you can finish in a few hours. One person is enough to deploy and maintain it. 

I rate Trellix five out of 10 for affordability. It isn't cheap, but not expensive.

I rate Trellix Endpoint Security nine out of 10. 

It covers the AV and malware security piece.

It's mainly for compliance. In terms of products in the market, it's probably not the best, but it's the one that is already paid for under the corporate buy. It basically checks the box that we're doing malware threat prevention and antivirus protection.

It can be deployed quickly, and it's scalable. Those are the two advantages of it.

Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.

It has probably been about a year since we rolled it out.

There are no issues. They continue to put out updates weekly or daily. The platform seems to be fairly mature.

It's definitely scalable.

Their tech support is average.

It's pretty straightforward. It can be automated from the central ePolicy orchestrator server. So, the installation is fairly easy because you can automate it with the deployment of your virtual machines and things like that.

I would rate it a three out of five in terms of cost.

I would rate it a seven out of ten. That's mainly because it seems like there are additional security features that could be built into it, or from the signature-based model, it could move to a different model.

Our use case is pretty straightforward. We have the central ePO that's running, and clients connect to it. All the clients connect to the ePO for updates and the ePO is able to go out and get updates, so it's pretty much like a star topology where you have the ePO sitting at the middle and handling all the requests from the clients and the servers.

We really like the dashboard from Trellix and we've found that it's pretty informative. Also, the reporting is pretty much immediate, so if there's any activity on the network, you're able to get notifications immediately. That's something that we really like about this product.

The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good.

It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do.

The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.

I have been working with this solution for about three years.

If you've given the solution the resources that it needs, it's pretty much stable and it's able to continuously run uninterrupted. I've never seen any down times, so I'd say it's pretty much stable and it's built well.

As far as scalability, I think the solution is able to handle quite a bit. We have around three admins who interact with the product. Then we have the rest of the organization who interface with it, which is around 300 to 500 employees.

The tech support was pretty responsive and I believe all my questions were answered within the stated timeline. I can't remember what my questions were about, but I spoke with the technical team and got the help that I deserved. I would rate the support as a five out of five.

Positive

From a technical side, it's not so complicated. Of course, you need to set up your server correctly, and then deploying it to the agent is pretty simple. The setup on the server is the one that is a bit technical. You can't have a default deployment, so once you do your deployment you need to set up rules that work within your environment to be able to safeguard it against suspect files or potentially unwanted programs. You need to know exactly what to do, and that's the point that may not be very friendly to admin, because they might not know all of the threats that are out there. You can't really foresee a threat that you don't know about, or rather you don't know if you'd block it or not. The initial setup is pretty much straightforward if you're an IT person, but the configuration side has a learning curve. It takes quite some bit of time to really know exactly what you're doing.

We handled implementation in-house because when we got the licensing, we also got training modules from Trellix. Trellix has KB articles, which are pretty much straightforward and really helped quite a bit. I'd say it took about four hours to deploy from the time we started with a clean machine to the time that we started pulling updates and deploying to client machines.

On a scale of one to five, I'd give the setup a four, because the product pretty much does what it says it does, but it's not perfect. If you're an IT person, you'll be able to deploy it, and sending the Agent file to clients is pretty much a no-brainer.

The maintenance bit is okay as well. There's not a high amount of maintenance because you can automate many activities. You just need to make sure that your server is able to pick up the updates that are necessary, and make sure the databases are running okay. It's nothing new if you're in the IT environment, just making sure everything is running properly. I've never landed on an update that broke the application.

I believe for organizations that are looking for what Trellix is offering right now, there is a definite return on investment.

I think Trellix is more on the higher side of the market, just on a general scale, but I also think it depends on what particular package you choose. Different packages have different rates. I would give the pricing a three out of five. It depends on your usage because if the product works for you, then you might say the price is right. At one point it worked for us, but we have shifted our goals.

We currently considering switching from Trellix to Bitdefender mainly because Trellix isn't really focused on malware, and right now most threats are coming from within the organization as malware. Malware is something that can stop business continuity, so that's one of our main areas of focus, and Trellix is not doing really well within that perspective.

I would recommend Trellix to someone as long as they know exactly what they're looking for within the organization. For instance, Trellix is very granular, so if you have a dedicated security department that can customize policies and XML documents at a very fine level and specifically work on this product, then I would say, go for it. The solution is going to serve them well, because what it does, it does really well. You're able to experience possibly what's among the best products in the market. I would recommend it as long as the people know exactly what they're getting into and they're ready to handle the challenge.

On a scale of one to ten, I would give Trellix an eight.

It can be used for ransomware detection and data exfiltration. It is also able to detect Remote Access Trojan (RAT).

It is easy to use, flexible, and stable. Because it is a cloud-based solution and it integrates all endpoints of the cloud, we can do an IOC-based search. It can search the entire enterprise and tell us the endpoints that are possibly compromised.

It has a feature called Isolation. If a device is compromised, we can connect it to our SOC, and no one would be able to access it. This way we can limit the damage to the network while we are investigating.

Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.

It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.

They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.

I have been using this solution for two years.

It is stable. The FireEye team monitors it, and in case it goes down, we get an alert saying that the device is down. We either get their help or troubleshoot it ourselves to get it up and running.

It is quite scalable. We have scaled it according to their sizing recommendations. They have devices for different bandwidths, models, and offices.

We have about 4,000 people who are using this product. In terms of our plans to increase its usage, we are currently studying two options. One of them will basically scale up to about 40,000 instances.

Their technical support is good. For each region, they seem to have got local support that takes care of all problems. They have support teams in Singapore, India, and North America.

Its initial setup was straightforward. I have done one installation that took about 90 minutes. Virtual installations are straightforward. Physical installations have got some networking interfaces, and one needs to go through the documentation to do it. If you have got the right configuration, it is straightforward.

We have about five people within SOC. We manage the engineering and deployment aspects of it. It is not very resource-hungry.

For its deployment, we just needed about four people. We deployed about 14 appliances and one cloud-based instance. We have automated the deployment. We deployed it via Puppet, so the installation was fast.

We also use CrowdStrike Falcon, which is also endpoint security. At that time, we chose the best option based on our study. Both Falcon and FireEye were doing good in the market, so we basically went ahead with what was the best at that time. We buy the licenses for both of these and then do the deployment.

We also use Sophos, but it is signature-based. We have licenses for the normal management control software of Sophos and the agents. We have not used Sophos Intercept X. My understanding is that it is an EDR, and we look forward to doing a study on it.

Based on my two years of experience with this solution, I would comfortably recommend this solution.

I would rate FireEye Endpoint Security an eight out of ten.

Trellix Endpoint Security is a cloud-based solution in which all the servers are installed with a McAfee Trellix agent, and that agent manages the server for any potential damage or threat.

It's crucial to always keep the antivirus and anti-malware software updated, which is implemented automatically by the agent of Trellix Endpoint Security. The agent, as part of the solution, continuously monitors the system and transmits data to the central server, where the latest antivirus definitions and remedy features are implemented across the systems. 

I have been using Trellix Endpoint Security for a year. 

The solution is stable enough and implements monitoring requirements effectively. In some applications, it has been found that the solution can make a system lag in pace and thus impact the performance. If the aforementioned scenario occurs, then an administrator needs to run a benefits vs. risks analysis to decide whether to continue with the antivirus or not. 

I would rate the scalability a ten out of ten. The product can be installed in almost any environment, you just need to purchase a license and install the product. The licenses should be procured as per the user needs. 

For a paid version of Trellix Endpoint Security, satisfying customer support can be experienced. 

The setup of Trellix Endpoint Security is extremely easy. The deployment process involves installing an agent on the system. The moment the antivirus agent's service commences, it immediately connects to the central server and becomes completely operational. 

The website of Trellix Endpoint Security conveys a deployer about which agent should be used as per the operating system; if it's Windows, then the Windows agent needs to be installed. 

There is an international virus database and all products like Trellix Endpoint Security have to sync the virus definition data with the international database. As part of the vulnerability assessment, the antivirus software developing companies have to keep their data synced with the centralized database.

Whenever any vulnerability or an attack is identified, immediately a vulnerability report is generated and uploaded. Following the aforementioned incident, all the antivirus companies immediately update their virus eradicating tools so that new or unknown attacks can be easily mitigated. New viruses, Trojans, or attacks are being invented and circulated all the time, so companies have to consistently keep updating their system. 

The antivirus agent keeps running and analyzing the system it's installed in, but there is no effective data regarding the analysis or detection. For instance, suppose a virus intervened in your system at 12:00 AM and immediately it was detected, then you can claim the antivirus solution to be the most effective.

I would definitely recommend that others use Trellix Endpoint Security; in an enterprise environment, they must have an antivirus, including the local and remote systems, if used. I would overall rate Trellix Endpoint Security as nine out of ten. The solution doesn't need to be integrated with other tools to function effectively. 

Trellix Endpoint Security (ENS) is useful as an endpoint security software.

The most valuable feature of the solution is its dashboard.

The dashboard provided by the solution needs to be improved. The customization capabilities of the solution are an area where it lacks, so it would be great if our company could customize the solution to meet the demands of our customers.

In the future, I would like technical support for the solution and its UI to be more efficient.

I have been using Trellix Endpoint Security (ENS) for two years. I usually deal with a product's latest version. My company has a partnership with Trellix.

Stability-wise, I rate the solution an eight out of ten. The solution is mostly stable, but sometimes, there is a need to do some troubleshooting.

Scalability-wise, I rate the solution a seven out of ten.

I rate the technical support an eight out of ten.

Positive

Currently, I work with CrowdStrike since my company has a partnership with it. CrowdStrike is better than Trellix Endpoint Security (ENS). CrowdStrike offers functionalities like machine learning and DLP.

I have used the solution on the cloud and on-premises. Currently, the solution is deployed on the cloud services offered by Trellix, which I feel is a public cloud.

I don't think there are any extra expenses besides its licensing costs.

Maintenance of the solution is required, including some troubleshooting parts managed by five to six engineers in our company.

I recommend the solution to those planning to use it.

Not all solutions in the market are good, though I found Trellix Endpoint Security (ENS) to be a good product.

I rate the overall solution a seven out of ten.