The user experience of the administration has to be reviewed or refined. It's not friendly, not that easy.

If I could sell my customers the endpoint protection software in addition to the EDR software as a single package, that would be ideal. 

Technical support needs improvement. 

Good progress has been made with integrations for McAfee and FireEye but more work has to be completed because the feature is still pending. Down the line with these integrations, the solution will be very good product. 

The solution could provide open XDR in addition to EDR.

Adding MDR makes sense instead of just being on the EDR and DXDR fronts. 

Trellix Endpoint Security is pretty hard to configure and maintain. You need to have a dedicated person for the solution. It is very complex when you want to change the data loss prevention and data leak prevention policies. It's quite hard to give some exceptions on specific computers. It's not very fast onboarding with the orchestrator.

The solution should provide a more easy way to uninstall it on specific stations.

We don't like the solution since it requires much memory consumption and consumes much CPU resources. All the machines becomes very slow whenever it uses its tab scans. For this reason, we consider the solution to not be good nowadays. The newer solutions consume less memory and CPU. 

We employ the solution for our antivirus needs, for which it is solely suited, and not as an EDR. We are actually looking for an XDR solution.

The solution is currently outdated. We are looking for Next-Gen antivirus along with EDR and it should have XDR capabilities as well. This would take care of the network and the  properties that are running in the background. They should be protected from cyber threats.

The solution should also be faster. McAfee actually offers EDR and XDR capabilities but, based on our experience, it consumes an inordinate amount of memory and CPU and this causes the system to be slow. At present, McAfee does not lead the market when it comes to antivirus security solutions. 

Currently, Trellix Endpoint Security can't find the running mutexes, while other open-source products can do it. Mutex is something like a malware user. Secondly, the solution should support multiple output formats for the triage image. Currently, the solution has only Mandiant format, where you can't use tools like volatility to analyze the memory image.

It would be good if Trellix Endpoint Security had a good visualization like other products, such as SentinelOne and Carbon Black.

Recently, Trellix has introduced a CDR, which involves more manual response than automatic. I believe they should enhance the system by adding features like automated response and the ability to create custom playbooks. This is crucial for an EDR solution, and currently, Trellix lacks this feature while other products offer it.

The product is not easy to use. Moving around in it is cumbersome. I have heard other users saying that it is cumbersome to find things. Creating and deploying policies with DLP can be really cumbersome. It can be difficult if we don’t know how to use it. Sometimes, we have difficulty in communicating with clients. Sometimes, we have to go through troubleshooting to fix it.

I would like to have the ability to have more control over the deployment in the next release. If you have this console in the cloud, you cannot make pilot groups for deploying the agents. We only have the current group. So, as soon as you inject the software, it will go directly into production, which doesn't work for us. We need to build up pilot groups slowly. We already requested to have this feature on the cloud, and we are still waiting.

It's not very user-friendly as sometimes you have to install the agents and then the agents do not get deleted from the database. Due to this, we have to manually delete it from the nodes and then again we have to install it again. When distributing the product, sometimes things get confused and we need to clean up the temporary folder.

The initial setup isn't so easy. You need to know what you are doing. 

The products are getting obsolete too early. That's one of the issues we have with McAfee. They're coming up with new products too early. We installed 10.5 in 2016, and then in 2019, or 2020, we got 10.7. Now, 10.5 is obsolete. They are upgrading the versions too fast. Due to the fact that we have a subscription, we have to upgrade it to the next level which creates some maintenance issues. 

The solution's documentation is not streamlined and is in bits and pieces, which should be in a single format.

Trellix Endpoint Security should include the virtual patching feature in the next release.

Some agents become old and then they don't communicate well any longer. They need an update. They need to make sure that older agents on active computers communicate properly.

Sometimes the agents stop working, however, we cannot understand why. This is sometimes a problem, especially if some agent is not communicating for one month or two months. We're not sure if there's a backlog or if it got infected. We need to know right away if an agent has stopped working and possibly what has caused it to stop. 

They have a dashboard. In the dashboard, you can see if a signature is in backlog, and it becomes red. This is also required if new agents or some number of event communications stop. 

Currently, we have the threat prevention as well as the web protection, and the McAfee firewall, which we were using before, however, we have not installed it on any of our machines. We have disabled it due to the fact that a lot of stuff was being blocked, it was blocking a lot of internal stuff, which meant it needed some fine-tuning. We were supposed to fine-tune it so that we can recognize our items, however, we're still working on that.

We wanted an EDR solution, and our first option was McAfee as the EDR would go hand in hand with the Endpoint integration. We'd like McAfee to offer stronger security. It's not that it isn't strong right now, however, it needs to continue to improve as attacks are always evolving. We are concerned some attacks may be able to find a way to bypass McAfee. If the solution offered something that could detect better, it would be ideal. It would add more value to what is already in place.

I know that they have application control and all the like. The one feature that maybe is lacking is a different module for the antivirus, however, we have a lot of applications that are running in our environment that were not authorized. 

Users can just install software into their computers. We need some sort of application control system that, if there are any pieces of software that are not whitelisted, then the solution could flag it or maybe alert the administers. That would be very helpful.

If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration.

The solution is not really stable. 

Every time we open a ticket with McAfee, their response differs and they are not consistent. For example, they might say the issue will be addressed in the next release. Then, the release comes, and it is not available. Basically, we don't get a resolution from support.

This version is not very effective in our region.

The functionality of the product needs to improve the way it addresses zero-day threat levels.

I've encountered minor challenges related to encryption.

The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place.

In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available.

McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.

We have had some of our clients not happy with McAfee Endpoint Security because it blocks some of the applications they are trying to use. They should make it easier to unblock applications.

In a future release, McAfee Endpoint Security and all other endpoint solutions should reduce the number of resources needed to run their solution, such as hard drive space and CPU processing. The fewer resources the solution uses the better the performance of the hosting computer will have.

The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good.

It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do.

The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.

The platform needs improvement in terms of handling heavy databases. We encounter database unavailability for a prolonged period. Its integration capabilities with security platforms like FireEye could be enhanced.

The tool could provide more advanced protection. It should do a deeper analysis of the files.

Along with improving scalability, I would like DLP features to be added in to the endpoint security. 

There are certain shortcomings in the features concerning DLP in Trellix, where certain additions must be made in the future.

Trellix Endpoint Security doesn't support Mac devices. Trellix Endpoint Security doesn't offer full-fledged support for Linux.

In the future, I would like the product to support Mac and Linux.

When it comes to classification, Trellix has its own DLP solution. They do provide classification in Trellix Endpoint Security, but not at a full-fledged level. It would be good if Trellix Endpoint Security provided a full-fledged classification.

The solution's technical support should be improved since we faced a lot of issues with the support. There were some delays in responses from the technical support. Technical support also lacks in providing proper solutions to issues.

Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing. 

On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it.

With Trellix Endpoint Security, adding a device as a data source can be done one by one. Whenever I try to add a device like a firewall or a server, the accounts are enrolled one by one per added data source. It would be a lot easier if I could add multiple user accounts within a single device.

Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.

When it comes to DLP or McAfee Security Encryption, with which I am happy, I like to make use of the solution for Vault, but find that the encryption is problematic. The system needs reforming. Suppose the solution is utilized on a laptop or desktop and the client wishes to make an assignment to another person but forgot his password. The data cannot be archived or backed up. 

The local technical support could be better. It would also help if the engineers can develop some automation features for the on-prem ePO. For example, in the on-prem ePO, you can store the endpoint using the IP address or using text, or using the default version. But in the MVISION ePO, you don't have that kind of feature. It's complicated to sort the endpoint because you have to do it manually.

I also think the detailed level of the detection could be better. In some cases, it's very complicated to figure out which file is the one that is actually impacted, depending on the dashboard you see. The dashboard is one of the most important things in the ePO because it's where you can see everything in a central location. But sometimes, you need to change from one view to another view to find what you're looking for.

There are two main areas that require improvement. One is the size of the packages. Although I'll admit manageability is good, if I want to deploy, let's say just the antivirus or just the firewall, each of those package sizes are quite large. They are sometimes as big as 200MB or 250MB. When I have operations in remote areas where connectivity is always poor, it's difficult. To deploy such a package in a remote location over the internet or something like that is always challenging. 

The second improvement I would like to see would be to make the speed of the updates much faster. I've seen other vendors that have already released an update for new ransomware and yet McAfee has not. They seem to generally delay releasing an update to protect against something, which can be dangerous as it gives malicious content time to spread. 

There are times the solution has some additional software added that is not fully integrated properly, such as Exchange Group Shield. It is quite old and is not fully integrated properly and could be improved.

In an upcoming release, there could be an improvement in performance. There are times the solution can use a lot of resources on the local machines. This normally happens when the system is scanning, the end-user can really notice the performance change. After every new version that is released, there are improvements made. However, there is still room for improvement.

An area in need of improvement involves the overview, which usually does not enable one to get the value in reports.

Upon receipt of the incident, the review is important. Based on this it is possible to construct a workflow for closing the case. 

It is crucial to keep the data inside the department. Receipt of the incident is a pain point since there is a need to engage one's system administrator as part of the data loss protection consent requirements and this involves sensitive information. However, nothing will be accomplished with a system administrator, only with a compliance administrator who is fully knowledgeable. 

The solution takes up a high amount of memory and can cause the system to hang.

The malware detection, as good as it is, does not seem to be deployed correctly. It's not doing system quarantine. If a system gets attacked by ransomware, it's not going to be quarantined correctly.

If someone wants to filter or asks the system, "Please remove that antivirus we don't want it here," due to the fact that we don't want to work on a specific system, we get frustrated as it won't remove itself. It just starts scanning when we don't want it to and it begins to slow down everything when we need to do important work. 

We would like there to be better reports that we could take to management to have them be able to look at.

Recently, we have seen that Ransomware updating is starting with just SQL services. It would be nice if it was offered across the board.

It would be nice if the solution was a bit more stable. 

We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems.

The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.

There are a few things I wish the folks at Intel would fix. 

The primary for me is with the ePO Query creation. Queries in ePO are powerful tools as they can be used to create dashboards, server tasks, and be exported or rolled up to Senior Management. In older versions of ePO (4.0 & 4.5) the Queries, gave a wide range of data. With ePO 4.6, 5.0, 5.1 & 5.3 the data could be pulled from various installed products to get the data that you were looking for, with the current versions of ePO you can only pull the fields listed in the "Result Type/Feature Group" and it is very limited.

A good example...If i wanted to try and create one report that shows all Common Configuration Enumeration (CCE) data (this data comes from Policy Auditor) while also showing what software is installed from each system  (this data comes from Application Control) and adding in fields such as IPv4, FQDN, OS version, Domain...Simplified, if I could pull Hardware Asset, Software Asset, CCE Data, and Policy Auditor Scoring all on one report, it would make my life so much easier. 

Alas, this cannot be done with the current Query Building setup. The fields that are available are limited to each application installed and are only for that application.

The interface is complex.

The product could provide more web or application controls in future releases.

The solution needs to offer better local technical support.

I would like to see Endpoint Vulnerability Assessment included in the solution in the future.

I think encryption needs to move to an all hardware-based solution. Software encryption is less efficient than hardware-based. Intel purchased McAfee a few years ago, so this company is set up from the chipset point-of-view.

While we are pleased with the endpoint solution, there should also be a separate one for the firewall. 

We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly.  

One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected.  

For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.  

Business Support some times lazy but once they on board they will get the job done.

It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well. 

The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand. 

Its price can also be improved. Its price is higher than its competitors.

McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country.

In our experience, McAfee Endpoint Protection could improve the word control feature. It is absent from the application. I couldn't do that.

Everything has been fine with the product. It could use better visuals. The tutorial is very limited. They need better training materials and visuals in reports.

The virus scanning in Enterprise V8 needs improvement. Also, the spyware protection needs to be be more expansive.

We’ve had issues when upgrading to updated versions of the product two times already. A single sign-on functionality would be good to have in the future.

They can make it free, but that's not going to happen.

They don't have any gateway solution. In the past, they did. I think they need a gateway solution to control internet traffic. In the next solution, it will improve the total security, on the network security side if they add this. 

In Turkey, according to regulations, the main platform must stay on on-prem, not on the cloud. Most of the customers are still using the mail gateway solution but McAfee stopped developing mail gateway security. For us, it's one of the missing pieces on McAfee in Turkey. They're right, they saw that mail business is going to cloud but in closed countries, we need a gateway solution. McAfee is missing this.

In the next release, they should add something that converts the endpoint business switch for the endpoints. They can integrate side endpoints and try to add them to an existing endpoint, or maybe they can match all these add-ons on a single agent. 

The solution is getting better. The new central console is better than the earlier one. Earlier it was too complex to find out which option was there. So, if there was a search menu for certain things and if I wanted to enable or disable something, I couldn't. Now there's a search menu that I can type into and I can navigate through the menu to where I want to go.

There are still too many options but it is better now.

Sometimes, while installing the ePO we get many errors and I don't know why they happen. So I just want them to work on that part. So that during the implementation there will be fewer errors.

I'm not sure if McAfee supports patching. They could add vulnerability scanning as a feature. I know the setting is already there, but if they could add a feature of vulnerability scanning and patching that would be great.

Improvements are made all the time as the threats change.
I think the improvements on speed are the most important after actually finding the threats.

Technical support is an area that can be improved because sometimes, the response time is a bit slow and the explanation is short.

It needs much better control on zero-day viruses and easier submission of threats to McAfee. They also need to improve the DLP rules since loads of false positives and patch releases are not quick enough when a new OS hits the market. Because of this, there are incompatibility issues which cause slowness on end-user devices.

A quicker turnaround with patches and updates would be good. Say there is a new patch or update, such as a new Apple OS, there is a bit of a lag between hot fixes. They are really good with Windows, so it may be an Apple thing more than Intel. If they are quicker with hot fixes with Apple OS, that would be an improvement.

While I cannot recall anything specific at the moment, there are many areas of the solution that I wish to see improved. 

The security of this solution needs improvement.

It didn't work well for some of the use cases. We have different use cases for each entity. 

Their support is also not good and needs improvement.

I would like the product deployment to be made simpler. The current deployment requires creating tasks to install each component.

This solution is difficult to implement. There are lots of features but it has to be implemented the right way.

I would like this solution to do what Palo Alto traps does because I would only need to run this one product.

The solution could use better updates and fewer bugs.

I think it would be nice if Dynamic Application Control would come together with McAfee Endpoint Security. The Dynamic Application Control works well against ransomware as well as other viruses.

We have reports by users of machines being slow when the on-demand scan starts.

Recently, some cases of ransomware have been reported on managed systems without VSE detecting them.

All the improvements I thought were needed, were implemented over time by the vendor.

The vendor should simplify the way they bundle the products because it's very hard to explain to customers what products contain which features.

This product requires Microsoft SQL Server as a database and you have to deploy it yourself, then later integrate it with the console. 

In my experience, the main part of McAfee Complete Endpoint Protection that needs to be improved or simplified to make the platform better is the scanning features. 

Sometimes when it runs in the background of the endpoint, the devices get slowed down for some software applications.

The reporting should be used to enhance our analysis. There are some dashboards for user management. There is still improvement required with them.

They need to improve the anti-virus engine which, although fast and efficient, sometimes uses too much hardware resources. The scanning engine should be designed in a way that it doesn’t slow down the PC while it's running scheduled scans.

The client-side interface is out of date, and has not been updated over the last few years. Additionally, the interfaces of different modules do not integrate common settings. This should be reworked in the next-gen version of the product (EndPoint Security 10.)

Larger updates like service packs are sent to all clients at once and can potentially cause network saturation. The product does not have built-in bandwidth control for avoiding this.

Its pricing needs to be improved.

We have a lot of problems with the user experience and it's difficult to implement. MacAfee's better than the ancient anti-virus solutions but it's a little slow to resolve. Many files with malware were destroyed through the network, and MacAfee doesn't detect anything.

They should improve the time of response, the time of the detection of malware, and the installation of the service.

The features we would want a good endpoint solution to contain are: 

• Multi-operative system
• Better performance
• Integration with browsers
• Firewall control 
• Vulnerability detections
• Threat protections
• Malware detection
• Detection of patterns of behavior
• Process exception
• Automatic authorizations
• Control of application reliable
• The quarantine of a compromised device

The software download features could stand improvement. This sometimes must be undertaken manually. 

The job hosting features should also be improved. 

They can improve its resource consumption, such as memory, and maybe provide better or smaller updates. It always takes a lot of resources, but it has been getting better. I have been using McAfee products for the last 20 years or so, and I know it is getting better.

It should probably have some kind of consolidation. DLP is big now. Instead of installing DLP, Endpoint Antivirus, and the EDR components separately, there probably should be a consolidation of different products into one agent itself. It should maybe have more of bundling of everything.

The DAC (Dynamic Application Containment) component of this product needs improvement.

It would be nice to have the ability to change Safeboot passwords from within the OS as there is a delay in the boot process and password changes can take time.

I think they have fantastic product but still kind of in the very early stages at the moment. Because they're just changing from the modular version, where they have a antivirus version and they have a spyware module. They have a different module, although it's managed by a single management console to now single-module called endpoint protection. But still, behind the scenes it seems to be a different product, different traits, with different capabilities and speed. Although they have increased the complexity, it has affected the scanning speed.

McAfee GW Security and McAfee Child Safety need some improvement as they are relatively new.

One of the drawbacks to the solution is that it is not 100% secure. Sometimes it fails. Another thing we have noticed is that it is not easy to get all of the navigation information from a user. There is definitely room for improvement.

An area of improvement for this solution is to make it easier to manage.

I would like to see more integration with third-party products.

Pricing is always something that can be improved.

In the future, this product should make use of artificial intelligence and machine learning technology.

We experienced some bad behavior when we first installed the product. The system also starts slowly in some instances. If for some reason this solution crashes, we could lose all our data.

The VirusScan needs to improve in order to detect ransomware and other advanced threats.

One thing I could have used was a more detailed description of the HIPS signatures. When selecting a HIPS configuration, I would have liked to see exactly what access will change on the system. My organization did not have much room for testing, and many issues did not come up until days or weeks after changes were made. 

They could improve it by providing better manageability for administrators. I need to spend too much time on this right now.

If we go to, for example, scanning data from text to just pictures, then the loader goes really high. It might sometimes become impossible to cover all these fixes because the data that are gathered and are processed are very big, and the resources can run out.

It can be quite complicated to learn McAfee Endpoint Security and to feel comfortable with the environment.

The technical support can be improved.

In terms off what could be improved, it is a little bit slow.

Additionally, the encryption part definitely needs to be improved.

We have faced certain issues recovering the data from systems which could not be fully encrypted by McAfee and then the decryption was a nightmare, it took a lot of time. Some could not even be recovered. That was one issue. 

The endpoint protection and anti malware features are good. But encryption and decryption are a bit slow and it's a tedious job.

The second issue is that the public dashboards are out-of-the box kinds of features, so they need to be configured, which takes a lot of time.

Finally, there is an issue with the device timing features for allowing certain devices within the network for what we call USB protection. For master devices or static Bluetooth devices which need to be connected, the white-listing of those devices needs to be more straightforward, it is currently highly technical.

The dashboard and encryption should be improved. 

There is a cloud-based environment available from McAfee which is called MOVE. If the customer has already implemented it on-premises, it should be integratable with the MOVE version. We discussed this with McAfee and they said encryption data can not be moved to cloud. This means if I move my antivirus server to the cloud, I still need to maintain a separate encryption server within my network. That is the challenge.

We would like to see all the features available on cloud.

We’re facing remote installation issues sometimes: Installation may have been broken by something and installation is corrupted. It’s so hard to uninstall or repair the installation in that case.

The endpoint has room for improvement because it's restrictive, it's very sensitive. Sometimes it can delete something that you need and so sometimes you have to disable the antivirus.

The reporting could be improved, by providing more reporting features.

The resolution time should be faster.

Signatures to protect against new attacks.