Trellix Endpoint Security Platform Room for Improvement
There are a few areas where Trellix Endpoint Security can improve. Firstly, the high CPU utilization when agents are installed can negatively impact client systems. Another issue is with end-users outside the network, where the agent handler sometimes fails to deploy the product properly. Improvements are needed in forensic analytics to detect specific vulnerabilities. It would also help if detection specifics were identified more quickly and the problem-solving process accelerated, especially to meet larger clients' expectations.
View full review »
HA
HameedAhmed
Sr. Deputy Director Information Technology at Pakistan Airpot Authority
Trellix Endpoint Security needs some improvement in the dashboards. Artificial intelligence also requires improvement to further enhance the product.
View full review »VK
VenkatKrishnan
VP - Cyber Security at Olam International
The main area for improvement is the integration with Microsoft Windows Hello, which includes Face ID or fingerprint-based authentication. Currently, they don't support either, so users have to type in the username and password. It doesn't support Microsoft Windows Hello authentication.
View full review »
Buyer's Guide
Trellix Endpoint Security Platform
June 2025

Learn what your peers think about Trellix Endpoint Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.
KS
KarthiS
Technical Associate at VSecure Networks
Some customers feel that the Trellix Endpoint Security (ENS) agent consumes more memory and resources in their environment, which is a major issue we are facing. This causes their endpoints to consume more CPU under subscription, resulting in a feeling of slowness in their processes.
View full review »What needs improvement in Trellix Endpoint Security is the reduction of resource consumption by the scanning feature. There should be daily signature updates for protection.
Additionally, scalability should be improved as it presents challenges such as needing downtime.
View full review »The solution needs to improve its virtual patching capabilities. One area where it could improve is by offering a patch management solution bundled with its security products. This would make it even more competitive against solutions like Kaspersky that offer this feature.
View full review »I cannot really point to any areas that need improvement at this moment. Continued available training is important for people coming in to use it.
View full review »
Automation and overall complexity need improvement. The product does not seem to be cloud-native.
View full review »
The technical support needs some improvement. When product distribution errors occur, we have to contact technical support, which is a very tedious and time consuming task. After raising the call onto the technical support portal, usually receive a notification after 24 hours. It usually takes 3 to 4 days to conclude and resolve the issue. If 24/7 online support or a phone line where we could speak directly with technical support for real-time troubleshooting, that would be very helpful.
Licensing is another aspect where trellix should look into. Different purchases are grouped together in single user account get mixed up. Categorization of purchases and their grant numbers is not available to end user.
There is room for improvement in the pricing. The price should be improved, it's high.
View full review »AS
Archie Scorgie
Information Security Senior Advisor at Eskom Ltd
Trellix provides a data view of the Alpha systems with Trellix installs and makes small changes to the central management console. Nothing on the endpoints themselves works, but it focuses more on the management side.
View full review »The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy.
If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal.
Technical support needs improvement.
View full review »MD
Mohit Dhingra
Senior Vice President IT at AS IT Consulting Pvt. Ltd.
The agent is very heavy, so we have to ensure that we have a lightweight agent for Windows systems.
View full review »Patch management can be included as a feature in the solution.
View full review »Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.
View full review »
The only challenge we found is the integration with its product modules. It has a DPP. That integration, we felt, is slightly complex. The complexity of advanced modules can be improved. They could do some improvements so that it is easier to deploy the advanced modules.
We would like more in their advanced modules or ATP.
View full review »DM
Durai M
IT Head at a comms service provider with 51-200 employees
If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration.
I'm somewhat satisfied, but there's an issue I recently encountered. When attempting to scan a suspected host machine, Symantec Endpoint Security did not provide any alerts. However, when we installed Malwarebytes and ran a scan, it detected a threat that wasn't identified by Symantec. We raised this concern with the team for resolution, and the investigation is still ongoing.
Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product.
The solution could provide open XDR in addition to EDR.
Adding MDR makes sense instead of just being on the EDR and DXDR fronts.
View full review »It is a bit technical. The user interface has some significant limitations, mainly when using HIPS on the server side, to protect files from being changed or deleted by hackers, users, or administrators. The UI only allows for the inclusion of files using wildcards.
For example, it can protect an entire directory or a subdirectory, but it doesn't let you select specific files within a directory.
View full review »The product is consolidating its portfolio into one product. It is difficult at the moment.
View full review »Trellix Endpoint Security doesn't support Mac devices. Trellix Endpoint Security doesn't offer full-fledged support for Linux.
In the future, I would like the product to support Mac and Linux.
When it comes to classification, Trellix has its own DLP solution. They do provide classification in Trellix Endpoint Security, but not at a full-fledged level. It would be good if Trellix Endpoint Security provided a full-fledged classification.
The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support. Technical support also lacks in providing proper solutions to issues.
You do not have access to all the features when you use the Trellix web interface. For example, you cannot do device or drive encryption from the web interface. Also, when we're working with customers, it's sometimes challenging to get sales support. Delays mean we might lose an opportunity. Lastly, Trellix lacks some documentation about custom features.
I would like to see Trellix add database activity monitoring. They don't have a plan for this, and there isn't a significant roadmap around it. They have an enterprise service manager, which is sort of like a SIEM, but there is no roadmap. I want to see a clearer roadmap for integrating specific critical solutions like PAM and other things, too.
View full review »The detection and response capabilities need to be improved. The product is not sharp enough in catching viruses, and we often have to use additional components alongside the pure endpoint security. Symantec, for example, might be better in this area.
View full review »BS
Bhupesh-Sharma
Large account Manager at Softcell Technologies Limited
Sometimes, one might face issues with the scalability of the product. The aforementioned area can be considered for improvement.
View full review »The solution's documentation is not streamlined and is in bits and pieces, which should be in a single format.
Trellix Endpoint Security should include the virtual patching feature in the next release.
View full review »The product could be flexible and offer better pricing. They should make it free, open-source software.
View full review »DS
Doug Splett
IT Services Network Analyst at Saskatchewan Workers' Compensation Board
The product is not easy to use. Moving around in it is cumbersome. I have heard other users saying that it is cumbersome to find things. Creating and deploying policies with DLP can be really cumbersome. It can be difficult if we don’t know how to use it. Sometimes, we have difficulty in communicating with clients. Sometimes, we have to go through troubleshooting to fix it.
View full review »Performance is a problematic area in the solution needing improvement. There are some weird problems in the endpoint protection or security of the solution.
View full review »IA
Iancu Alexandru
Chief Technology Officer at S.C. Vault Apps S.R.L
Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator.
The solution should provide a more easy way to uninstall it on specific stations.
McAfee MVISION Endpoint could improve by an overall simplification of the solution.
View full review »I've encountered minor challenges related to encryption.
View full review »The tool could provide more advanced protection. It should do a deeper analysis of the files.
View full review »I'm not feeling any critical care is missing in the solution.
It is a very heavy tool, unfortunately.
It could always be a bit more stable.
View full review »RS
Rahul Sawhney
Group Manager at HCL Technologies
The solution can be expensive.
If it could provide a little more in terms of automating things, for example, in response and automatic playbooks wherein you define whatever it is if you see this kind of a threat. You define the actions that need to be followed. If a playbook could be automated and run without even requiring manual involvement, that is the future we want, and they should look into how to make that happen. That is the kind of capability we want them to build.
In terms of reporting, also, if they could provide a little bit more information from where it started, how it progressed; a complete workflow, how that had progressed from where it was picked up; what was the target stage, what was the next stage, and what was the final stage, that would be very helpful. If they could pick up in a simple pictorial way of representing analysis just like the Cisco ASA Packet Analyzer used to do, that would be really helpful.
View full review »It's not very user-friendly as sometimes you have to install the agents and then the agents do not get deleted from the database. Due to this, we have to manually delete it from the nodes and then again we have to install it again. When distributing the product, sometimes things get confused and we need to clean up the temporary folder.
The initial setup isn't so easy. You need to know what you are doing.
The products are getting obsolete too early. That's one of the issues we have with McAfee. They're coming up with new products too early. We installed 10.5 in 2016, and then in 2019, or 2020, we got 10.7. Now, 10.5 is obsolete. They are upgrading the versions too fast. Due to the fact that we have a subscription, we have to upgrade it to the next level which creates some maintenance issues.
View full review »DN
DuyNguyen4
Presales and product manager at Mi Mi Informatics Joint Stock Company
The platform needs improvement in terms of handling heavy databases. We encounter database unavailability for a prolonged period. Its integration capabilities with security platforms like FireEye could be enhanced.
View full review »HD
Hitesh Dand
Manager- Process Excellence at Datamatics Business Solutions
The solution should respond faster. Whenever Trelix runs, the system slows down.
View full review »AV
AjaiVictoria
Information Technology Consultant at a outsourcing company with 501-1,000 employees
Currently, Trellix Endpoint Security can't find the running mutexes, while other open-source products can do it. Mutex is something like a malware user. Secondly, the solution should support multiple output formats for the triage image. Currently, the solution has only Mandiant format, where you can't use tools like volatility to analyze the memory image.
It would be good if Trellix Endpoint Security had a good visualization like other products, such as SentinelOne and Carbon Black.
View full review »We'd like better UI on the management screen. It could be a bit simplified, which would make it easier to use.
View full review »DM
David Mueller
Client Engineer at KSB
I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting.
View full review »Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing.
View full review »Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.
WM
Wilfred Mwigio
ITOfficer at a educational organization with 201-500 employees
The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good.
It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do.
The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.
Looking at the current ePolicy orchestrator, and the transition of most vendors to the cloud, they need to do an improvement with the current dashboard or the overall aesthetic of their GUI. They need to just keep up with the current trends. It's still a bit old-looking. That said, with the CASB, their other solutions their cloud solutions, they're already on the way with that. They are working on improving things.
The initial setup can be a bit difficult.
They should offer further application control. The way of doing the application control is based on an inventory scan. It would be great and it would be at par with other solutions if they would be able to improve that into a category-based application control.
The dashboard provided by the solution needs to be improved. The customization capabilities of the solution are an area where it lacks, so it would be great if our company could customize the solution to meet the demands of our customers.
In the future, I would like technical support for the solution and its UI to be more efficient.
Trellix tends to get in the way and really impacts the performance of the servers quite negatively.
MB
Marty_Barron
Regional Cyber Security Manager
The solution needs to work on memory consumption. It is too high. EDRs are notorious for this.
Technical support could be improved a bit. They are doing a lot with the acquisition and rebranding, and things may take a while to settle.
View full review »The quality of the dashboard could be improved, and the central monitoring dashboard needs improvement. At first, we thought we were getting multiple views. One was a wholly summarized view, and the other was a more detailed view of an endpoint device. Digging into one device's detail is sometimes difficult. Additionally, the granularity of reporting can be improved. The next release could also include an extended mobile connection for the solution.
The email protection isn't efficient enough, and I'd like to see DLP features in the next release.
View full review »The price of McAfee MVISION Endpoint could improve.
View full review »Some agents become old and then they don't communicate well any longer. They need an update. They need to make sure that older agents on active computers communicate properly.
Sometimes the agents stop working, however, we cannot understand why. This is sometimes a problem, especially if some agent is not communicating for one month or two months. We're not sure if there's a backlog or if it got infected. We need to know right away if an agent has stopped working and possibly what has caused it to stop.
They have a dashboard. In the dashboard, you can see if a signature is in backlog, and it becomes red. This is also required if new agents or some number of event communications stop.
View full review »There should be better integration between the ePolicy Orchestrator and FireEye console. The integration of both consoles should be better.
View full review »Along with improving scalability, I would like DLP features to be added in to the endpoint security.
View full review »The solution is not really stable.
Every time we open a ticket with McAfee, their response differs and they are not consistent. For example, they might say the issue will be addressed in the next release. Then, the release comes, and it is not available. Basically, we don't get a resolution from support.
This version is not very effective in our region.
The functionality of the product needs to improve the way it addresses zero-day threat levels.
SK
Sabari Kumar
Senior Engineer at a comms service provider with 10,001+ employees
The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place.
In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available.
McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.
View full review »We have had some of our clients not happy with McAfee Endpoint Security because it blocks some of the applications they are trying to use. They should make it easier to unblock applications.
In a future release, McAfee Endpoint Security and all other endpoint solutions should reduce the number of resources needed to run their solution, such as hard drive space and CPU processing. The fewer resources the solution uses the better the performance of the hosting computer will have.
View full review »CM
Craig Meads
Managing Director at Computer Wise
We're still looking for weaknesses. The product is still quite new for us. That said, so far, every time I have thought, "I wonder if it can do this or it can do that." I've been able to do it.
McAfee has also asked us for feedback, and we noticed when we gave them suggestions, they worked to implement them. For example, we asked for the ability to leverage Windows Defender instead of creating an endpoint. They've just put that in so you can choose now what you want to do. You can change that deployment and push it out without any intervention by the client as well.
The initial setup can be a bit complicated for those unfamiliar with the product.
OA
Obaseun Awoyinfa
Security Consultant at CS Africa
It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well.
View full review »We don't like the solution since it requires much memory consumption and consumes much CPU resources. All the machines becomes very slow whenever it uses its tab scans. For this reason, we consider the solution to not be good nowadays. The newer solutions consume less memory and CPU.
We employ the solution for our antivirus needs, for which it is solely suited, and not as an EDR. We are actually looking for an XDR solution.
The solution is currently outdated. We are looking for Next-Gen antivirus along with EDR and it should have XDR capabilities as well. This would take care of the network and the properties that are running in the background. They should be protected from cyber threats.
The solution should also be faster. McAfee actually offers EDR and XDR capabilities but, based on our experience, it consumes an inordinate amount of memory and CPU and this causes the system to be slow. At present, McAfee does not lead the market when it comes to antivirus security solutions.
View full review »AM
Aggry Motlhwa
IT Security Specialist at Commercial Bank of Ethiopia
Currently, we have the threat prevention as well as the web protection, and the McAfee firewall, which we were using before, however, we have not installed it on any of our machines. We have disabled it due to the fact that a lot of stuff was being blocked, it was blocking a lot of internal stuff, which meant it needed some fine-tuning. We were supposed to fine-tune it so that we can recognize our items, however, we're still working on that.
We wanted an EDR solution, and our first option was McAfee as the EDR would go hand in hand with the Endpoint integration. We'd like McAfee to offer stronger security. It's not that it isn't strong right now, however, it needs to continue to improve as attacks are always evolving. We are concerned some attacks may be able to find a way to bypass McAfee. If the solution offered something that could detect better, it would be ideal. It would add more value to what is already in place.
I know that they have application control and all the like. The one feature that maybe is lacking is a different module for the antivirus, however, we have a lot of applications that are running in our environment that were not authorized.
Users can just install software into their computers. We need some sort of application control system that, if there are any pieces of software that are not whitelisted, then the solution could flag it or maybe alert the administers. That would be very helpful.
VK
VenkatKrishnan
VP - Cyber Security at Olam International
There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging.
The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread.
View full review »There are certain shortcomings in the features concerning DLP in Trellix, where certain additions must be made in the future.
View full review »PP
Prashant_Pawar
Project Manager at LTIMINDTREE
Upgrading to new versions isn't easy and it can take a long time. Also, other solutions' tamper protection features are better than FireEye's. Clients should have access to our local information, but they shouldn't change settings on the system itself.
View full review »I'd like McAfee to include device control on MVISION. The solution currently lacks mobile device management. The cost of the solution is comparatively high and I'd like to see that reduced.
So far, McAfee MVISION Endpoint ticks off all of our boxes, but its pricing could always be better.
I'd like to see the searches enhanced because when I hand over the product to someone without experience, it should be user-friendly to them as well. If the feature was enhanced, and the amount of data that comes in reduced, it would simplify the process for anyone.
The way that signatures work when using this solution could be improved. They could be more user friendly. We would like the ability to select a client's signature from a menu or file share to save time.
FireEye allows three releases per day which are automated. If the automation fails for some reason, the release fails. FireEye does not allow manual releases. This is why we are moving away from using this solution.
MC
Manoj Chitgopeker
Region Head - S1@Dimension Data India at a computer software company with 51-200 employees
I would like to see more local integration for the applications that we use. We are looking forward to having more unified management.
View full review »JM
John Matos
Senior Associate at a tech services company with 11-50 employees
They can make it free, but that's not going to happen.
SF
Syed Faisal
ICT Manager at SecurEyes
Most of these types of solutions including others, such as Carbon Black and FortiEDR, all have the same features. However, Carbon Black is the leader when it comes to being robust and user-friendly and this solution should improve in those areas to stay more competitive.
View full review »There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Shield. It is quite old and is not fully integrated properly and could be improved.
In an upcoming release, there could be an improvement in performance. There are times the solution can use a lot of resources on the local machines. This normally happens when the system is scanning, the end-user can really notice the performance change. After every new version that is released, there are improvements made. However, there is still room for improvement.
View full review »An area in need of improvement involves the overview, which usually does not enable one to get the value in reports.
Upon receipt of the incident, the review is important. Based on this it is possible to construct a workflow for closing the case.
It is crucial to keep the data inside the department. Receipt of the incident is a pain point since there is a need to engage one's system administrator as part of the data loss protection consent requirements and this involves sensitive information. However, nothing will be accomplished with a system administrator, only with a compliance administrator who is fully knowledgeable.
View full review »Malware detection can be better. It doesn't have support and detection for the recent malware, but it has a compensatory control where it can do the behavior-based assessment and alert you when there is something malicious or unexpected. For example, when a certain user is executing the privilege command, which is not normal. These dynamic detections are good, and they compensate for malware detection.
It has very good integrations. However, its integration with Palo Alto was not good, and they seem to be working on it at the backend. It is not very resource-hungry, but it can be even better in terms of resource utilization. It could be improved in terms of efficiency, memory sizing, and disk consumption by agents.
They have something called Managed Detection and Response. They get intel from their customers, and that intel is shared with the rest of FireEye's customers. I want to subscribe to their intel, but that is not available to us.
RS
Rajesh-Singh
CEO & MD at Gurjartech
When it comes to DLP or McAfee Security Encryption, with which I am happy, I like to make use of the solution for Vault, but find that the encryption is problematic. The system needs reforming. Suppose the solution is utilized on a laptop or desktop and the client wishes to make an assignment to another person but forgot his password. The data cannot be archived or backed up.
View full review »McAfee has several MVISION products. It will be really amazing if they could be consolidated into one dashboard. As of now, I know that this is on the roadmap and is expected to be released very soon. It'll unify the management of the various MVISION portfolios. It will be a great tool for improvement.
Instead of needing separate management consoles to manage some of the products in the portfolio, a unified console for MVISION Cloud, MVISION EDR, MVISION Endpoint, MVISION DLP, and the remaining MVISION portfolio would be great. I believe that McAfee is addressing this at present.
A drawback with the cloud MVISION ePO is that you can't push agents from the cloud portal. You need to download that agent, and you need to figure out a way to install that agent into the machines.
I'd like to see MVISION Endpoint for other platforms because MVISION Endpoint is only compatible with Windows 10 and Windows 2016 and above. If I were using a Linux operating system, I would not be able to use MVISION Endpoint.
I'd like to see it in the Mac operating system as well. I'd like to see cross-compatibility, which would be great. Even though McAfee has a simpler product for Androids and the iOS, it would be great to see the ease of use of MVISION Endpoint across the portfolio.
View full review »KP
Kuldeep Patel
Senior System Administrator at a computer software company with 501-1,000 employees
The solution takes up a high amount of memory and can cause the system to hang.
The malware detection, as good as it is, does not seem to be deployed correctly. It's not doing system quarantine. If a system gets attacked by ransomware, it's not going to be quarantined correctly.
If someone wants to filter or asks the system, "Please remove that antivirus we don't want it here," due to the fact that we don't want to work on a specific system, we get frustrated as it won't remove itself. It just starts scanning when we don't want it to and it begins to slow down everything when we need to do important work.
We would like there to be better reports that we could take to management to have them be able to look at.
Recently, we have seen that Ransomware updating is starting with just SQL services. It would be nice if it was offered across the board.
MO
Manuel Ochoa
Support Security Engineer at a computer software company with 501-1,000 employees
The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually.
I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.
View full review »Technical support is an area that can be improved because sometimes, the response time is a bit slow and the explanation is short.
View full review »JD
Juan Davila
Managing Director at eyeT GmbH
The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand.
Its price can also be improved. Its price is higher than its competitors.
McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country.
View full review »SM
Syed Mohsin Ali
Team Leader Network and Mail Team at a energy/utilities company with 10,001+ employees
We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems.
The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.
View full review »We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly.
One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected.
For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.
View full review »PV
Prasanna VA
Senior Technical Manager at Incedo Inc.
The biggest problem we had with this product was when the DDoS (Distributed Denial of Service) did not respond well to a threat. We experienced one virus attack that the product did not catch. I do not know the exact CDC (Communication Device Class) details. That time, we did an analysis, but the systems crashed. We could not even access the infected file servers.
Because we could not access the servers in that attack, we could not even remove all the threats. Eventually, what we had to do is find out which servers got infected and then we had to roll back those servers to a previous backup. It left us in a little bit of a vulnerable situation. It ended up not being what we hoped for in an endpoint solution.
Because McAfee was infected, other endpoint protections were also affected that made the situation more difficult to resolve.
Improvements that I would like to see in MVISION would be to provide some additional features for the cloud to make their product a one-stop solution. For example, every organization is going into hybrid-cloud. That may allow part of a solution on-site. That can be part of multi-tier platforms and would be more flexible.
What they can do is offer more in order to be a leader in innovation for different architectures rather than for enterprise only. For example, the endpoint security product uses every desktop like service. They have the features for the hardware detection and the platform access, then on the application layers. These three layers are a part of the firewall. So these are the firewall and then there are other things they could be offering as a single source to create a more secure environment as a proactive solution.
This is something that definitely could be improved, especially with intrusion detection and intervention. It is very important to do more to cover the security of these more invasive practices. So, they could improve things with a web application firewall, and improve intrusion detection and prevention. Those should be the key areas which they are focusing on right now to improve the utility of the product moving forward.
If you have a look into the Gartner report, there are many companies that are making advances in this category of product and it means competition for McAfee.
View full review »A policy-editing console should be added.
Having automatic updates would be helpful.
View full review »RC
Ritchelle Cortez
Technical Presales Consultant - Solutions Architect at Nexus Technologies,Inc.
Endpoint resource utilization causes high levels of instability and that is something that needs improvement. Our clients are concerned about how it can affect their endpoints and do not want the CPU overburdened.
View full review »DJ
DavidJuste
IT Manager at a retailer with 10,001+ employees
On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it.
View full review »JB
Jorgen Bergstrom
Teamleader 2:nd line Security at Cygate AB
From an improvement perspective, I want everything in the solution to be free. I don't consider myself to be so sophisticated when it comes to Trellix Endpoint Security (ENS).
View full review »SR
Siddhika Rane
Talent Acquisition Specialist at Nine A Business Connect
One suggestion is they should reduce the constant notifications. Whenever I open my laptop, there are too many notifications from McAfee, and it gets annoying.
I would like to see less notifications.
View full review »MA
Miguel Vergel Adajar
Systems Engineer at First Datacorp
With Trellix Endpoint Security, adding a device as a data source can be done one by one. Whenever I try to add a device like a firewall or a server, the accounts are enrolled one by one per added data source. It would be a lot easier if I could add multiple user accounts within a single device.
View full review »I would like to see more automation.
View full review »In some cases, the detection part was not accurate enough. We opened a few cases for the vendor to help us with some miscategorized findings on the endpoints. There were some false positive detections, and we had to work with the vendor to get them tested. We even had some incidents that were not detected. It was a black box type of solution for us.
While I cannot recall anything specific at the moment, there are many areas of the solution that I wish to see improved.
We would like to solution to offer better security.
View full review »The security of this solution needs improvement.
View full review »MV
Madhav Vishwakarma
Software Engineer at a computer software company with 10,001+ employees
It would be nice if the solution was a bit more stable.
View full review »While we are pleased with the endpoint solution, there should also be a separate one for the firewall.
The solution needs to offer better local technical support.
I would like to see Endpoint Vulnerability Assessment included in the solution in the future.
View full review »RT
Roberto Taborga
Manager at a tech company with 1,001-5,000 employees
In my personal and professional view, I think the reports need more development. They need more details on the reports and more details taking the executive view into consideration.
These reports contain the information that is gathered at the intake solutions. They are more geared for the technician and I think they need more executive information because it is important to talk to the main executives, and for them to see what is happening related to some of those suspicious activities.
An area of improvement for this solution is to make it easier to manage.
View full review »MT
Milos Tolpa
IT Engineer at FormatPC
The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features.
This product requires Microsoft SQL Server as a database and you have to deploy it yourself, then later integrate it with the console.
View full review »In terms off what could be improved, it is a little bit slow.
Additionally, the encryption part definitely needs to be improved.
We have faced certain issues recovering the data from systems which could not be fully encrypted by McAfee and then the decryption was a nightmare, it took a lot of time. Some could not even be recovered. That was one issue.
The endpoint protection and anti malware features are good. But encryption and decryption are a bit slow and it's a tedious job.
The second issue is that the public dashboards are out-of-the box kinds of features, so they need to be configured, which takes a lot of time.
Finally, there is an issue with the device timing features for allowing certain devices within the network for what we call USB protection. For master devices or static Bluetooth devices which need to be connected, the white-listing of those devices needs to be more straightforward, it is currently highly technical.
The dashboard and encryption should be improved.
There is a cloud-based environment available from McAfee which is called MOVE. If the customer has already implemented it on-premises, it should be integratable with the MOVE version. We discussed this with McAfee and they said encryption data can not be moved to cloud. This means if I move my antivirus server to the cloud, I still need to maintain a separate encryption server within my network. That is the challenge.
We would like to see all the features available on cloud.
I would like to see more integration with third-party products.
Pricing is always something that can be improved.
In the future, this product should make use of artificial intelligence and machine learning technology.
View full review »It didn't work well for some of the use cases. We have different use cases for each entity.
Their support is also not good and needs improvement.
The Linux support is very poor. I use base detection. Currently, they are providing malware protection and logon track features in Windows and Mac. These features aren't available in Linux. It will be helpful to extend these capabilities to Linux.
We would also like assets grouping and device lock protection features, which are included in their roadmap.
SS
Suresh Sudarsenan
Senior Consultant at SCPD
This solution is difficult to implement. There are lots of features but it has to be implemented the right way.
I would like this solution to do what Palo Alto traps does because I would only need to run this one product.
View full review »MK
Muhanad Khader
IT Security Engineer at MILLENNIUM TECHNOLOGIES
Something that needs to improve is the interface. I would also like to see simple processing and reporting online.
View full review »MO
Technicalconsult568
product manager at MCS
They could use a Host Intrusion Prevention System (HIPS) and application control module.
If you have another endpoint product running on the same machine, you have to fine tune functions from FireEye to avoid performance and user experience issues.
View full review »HL
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
We had a very large problem that has, unfortunately, not been solved. Simply put, when we start the computer the program will not start. We have encouraged FireEye to solve this problem because we have to manually start this product each and every time, and it affects almost thirty percent of our environment. From a security perspective, this is not stable.
After using various components in this solution, I get the feeling that not every part of the whole FireEye suite works perfectly with the other parts. Sometimes you have this functionality where the product has the ability to take data from one part of the solution and use it in different parts. Sometimes, however, you don't have this luxury. The solution needs more suitable dashboards that handle things from different perspectives. For example, a CEO and a technician from operations are completely different. The integration and display of the dashboards have to be done better.
View full review »They don't have any gateway solution. In the past, they did. I think they need a gateway solution to control internet traffic. In the next solution, it will improve the total security, on the network security side if they add this.
In Turkey, according to regulations, the main platform must stay on on-prem, not on the cloud. Most of the customers are still using the mail gateway solution but McAfee stopped developing mail gateway security. For us, it's one of the missing pieces on McAfee in Turkey. They're right, they saw that mail business is going to cloud but in closed countries, we need a gateway solution. McAfee is missing this.
In the next release, they should add something that converts the endpoint business switch for the endpoints. They can integrate side endpoints and try to add them to an existing endpoint, or maybe they can match all these add-ons on a single agent.
View full review »The solution could use better updates and fewer bugs.
View full review »DT
Deepti Tewari
Consultant at a tech services company with 501-1,000 employees
The solution is getting better. The new central console is better than the earlier one. Earlier it was too complex to find out which option was there. So, if there was a search menu for certain things and if I wanted to enable or disable something, I couldn't. Now there's a search menu that I can type into and I can navigate through the menu to where I want to go.
There are still too many options but it is better now.
Sometimes, while installing the ePO we get many errors and I don't know why they happen. So I just want them to work on that part. So that during the implementation there will be fewer errors.
I'm not sure if McAfee supports patching. They could add vulnerability scanning as a feature. I know the setting is already there, but if they could add a feature of vulnerability scanning and patching that would be great.
View full review »Business Support some times lazy but once they on board they will get the job done.
View full review »In my experience, the main part of McAfee Complete Endpoint Protection that needs to be improved or simplified to make the platform better is the scanning features.
Sometimes when it runs in the background of the endpoint, the devices get slowed down for some software applications.
The reporting should be used to enhance our analysis. There are some dashboards for user management. There is still improvement required with them.
MG
CompleteEnd677
General Manager (Corporate Services) with 1,001-5,000 employees
In our experience, McAfee Endpoint Protection could improve the word control feature. It is absent from the application. I couldn't do that.
Everything has been fine with the product. It could use better visuals. The tutorial is very limited. They need better training materials and visuals in reports.
View full review »Its pricing needs to be improved.
View full review »I hope the solution can be used in cloud systems going forward.
View full review »AJ
Alvaro Jiménez
operador central de monitoreo at a financial services firm with 501-1,000 employees
We have a lot of problems with the user experience and it's difficult to implement. MacAfee's better than the ancient anti-virus solutions but it's a little slow to resolve. Many files with malware were destroyed through the network, and MacAfee doesn't detect anything.
They should improve the time of response, the time of the detection of malware, and the installation of the service.
The features we would want a good endpoint solution to contain are:
- Multi-operative system
- Better performance
- Integration with browsers
- Firewall control
- Vulnerability detections
- Threat protections
- Malware detection
- Detection of patterns of behavior
- Process exception
- Automatic authorizations
- Control of application reliable
- The quarantine of a compromised device
The endpoint has room for improvement because it's restrictive, it's very sensitive. Sometimes it can delete something that you need and so sometimes you have to disable the antivirus.
View full review »AN
Andrew Njagi
Communications and Networks Engineer at a transportation company with 1,001-5,000 employees
The DAC (Dynamic Application Containment) component of this product needs improvement.
View full review »JD
Jitu Mani Das
Information Security Manager at SPXFLOW
- AV management based on manual scan
- Manual scan feature is not easily done
- A long way of setting hostname set, and
- Scheduling over policy which is time taking and I don't feel comfortable.
One of the drawbacks to the solution is that it is not 100% secure. Sometimes it fails. Another thing we have noticed is that it is not easy to get all of the navigation information from a user. There is definitely room for improvement.
View full review »I think they have fantastic product but still kind of in the very early stages at the moment. Because they're just changing from the modular version, where they have a antivirus version and they have a spyware module. They have a different module, although it's managed by a single management console to now single-module called endpoint protection. But still, behind the scenes it seems to be a different product, different traits, with different capabilities and speed. Although they have increased the complexity, it has affected the scanning speed.
View full review »We experienced some bad behavior when we first installed the product. The system also starts slowly in some instances. If for some reason this solution crashes, we could lose all our data.
View full review »The VirusScan needs to improve in order to detect ransomware and other advanced threats.
View full review »Signatures to protect against new attacks.
View full review »We’re facing remote installation issues sometimes: Installation may have been broken by something and installation is corrupted. It’s so hard to uninstall or repair the installation in that case.
View full review »I think it would be nice if Dynamic Application Control would come together with McAfee Endpoint Security. The Dynamic Application Control works well against ransomware as well as other viruses.
View full review »McAfee GW Security and McAfee Child Safety need some improvement as they are relatively new.
View full review »The virus scanning in Enterprise V8 needs improvement. Also, the spyware protection needs to be be more expansive.
View full review »They need to improve the anti-virus engine which, although fast and efficient, sometimes uses too much hardware resources. The scanning engine should be designed in a way that it doesn’t slow down the PC while it's running scheduled scans.
View full review »We’ve had issues when upgrading to updated versions of the product two times already. A single sign-on functionality would be good to have in the future.
View full review »The client-side interface is out of date, and has not been updated over the last few years. Additionally, the interfaces of different modules do not integrate common settings. This should be reworked in the next-gen version of the product (EndPoint Security 10.)
Larger updates like service packs are sent to all clients at once and can potentially cause network saturation. The product does not have built-in bandwidth control for avoiding this.
View full review »One thing I could have used was a more detailed description of the HIPS signatures. When selecting a HIPS configuration, I would have liked to see exactly what access will change on the system. My organization did not have much room for testing, and many issues did not come up until days or weeks after changes were made.
View full review »It would be nice to have the ability to change Safeboot passwords from within the OS as there is a delay in the boot process and password changes can take time.
View full review »They could improve it by providing better manageability for administrators. I need to spend too much time on this right now.
View full review »I think encryption needs to move to an all hardware-based solution. Software encryption is less efficient than hardware-based. Intel purchased McAfee a few years ago, so this company is set up from the chipset point-of-view.
View full review »It needs much better control on zero-day viruses and easier submission of threats to McAfee. They also need to improve the DLP rules since loads of false positives and patch releases are not quick enough when a new OS hits the market. Because of this, there are incompatibility issues which cause slowness on end-user devices.
View full review »I would like the product deployment to be made simpler. The current deployment requires creating tasks to install each component.
View full review »We have reports by users of machines being slow when the on-demand scan starts.
Recently, some cases of ransomware have been reported on managed systems without VSE detecting them.
View full review »There are a few things I wish the folks at Intel would fix.
The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.
A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier.
Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.
View full review »A quicker turnaround with patches and updates would be good. Say there is a new patch or update, such as a new Apple OS, there is a bit of a lag between hot fixes. They are really good with Windows, so it may be an Apple thing more than Intel. If they are quicker with hot fixes with Apple OS, that would be an improvement.
View full review »All the improvements I thought were needed, were implemented over time by the vendor.
View full review »Improvements are made all the time as the threats change.
I think the improvements on speed are the most important after actually finding the threats.
They could provide better integration capabilities for the product with other services.
View full review »The interface is complex.
The product could provide more web or application controls in future releases.
SA
Sayed Ahmed
I-Security Engineer at Nhq Distribution Ltd
The software download features could stand improvement. This sometimes must be undertaken manually.
The job hosting features should also be improved.
View full review »If we go to, for example, scanning data from text to just pictures, then the loader goes really high. It might sometimes become impossible to cover all these fixes because the data that are gathered and are processed are very big, and the resources can run out.
It can be quite complicated to learn McAfee Endpoint Security and to feel comfortable with the environment.
The technical support can be improved.
View full review »They can improve its resource consumption, such as memory, and maybe provide better or smaller updates. It always takes a lot of resources, but it has been getting better. I have been using McAfee products for the last 20 years or so, and I know it is getting better.
It should probably have some kind of consolidation. DLP is big now. Instead of installing DLP, Endpoint Antivirus, and the EDR components separately, there probably should be a consolidation of different products into one agent itself. It should maybe have more of bundling of everything.
View full review »The reporting could be improved, by providing more reporting features.
The resolution time should be faster.
View full review »Maybe the performance could be better. I noticed that it slows down a bit when I start it up in the morning.
View full review »MF
Mohd Fadhil
Security Engineer at Mavisco Resources Sdn Bhd
The product needs to reduce the usage of RAM and CPU.
View full review »RE
Rajini MohanElanjselvan
Solution Architect at PentechSolution Sdn Bhd
The product’s on-premise version is costly in terms of extra charges for SQL database and Windows server licenses. It would be easier to deploy if included in the package as a virtual appliance.
View full review »Buyer's Guide
Trellix Endpoint Security Platform
June 2025

Learn what your peers think about Trellix Endpoint Security Platform. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,390 professionals have used our research since 2012.