We performed a comparison between Microsoft Defender for Endpoint and Trellix Endpoint Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Endpoint excels in file protection, encryption, and ransomware defense. It integrates seamlessly with other Microsoft security products. Users appreciate its user-friendly interface and scalability. Trellix Endpoint Security is highly valued for its easy administration options and reliability. Users say Microsoft Defender for Endpoint should improve its central console and auto-recovery feature. Users also requested better reporting capabilities and integration with third-party platforms. Reviews suggest that Trellix could reduce resource consumption and improve user-friendliness.
Service and Support: Microsoft customer service garnered mixed feedback. Some praised the fast response times and expertise of the support engineers, while others were dissatisfied with slow replies and a lack of coordination among the support teams. Some users have found Trellix support helpful and reliable, while others have encountered ineffective assistance and communication problems.
Ease of Deployment: Microsoft Defender for Endpoint's setup is straightforward, especially when it’s preloaded on Windows 10. While it can be more complex for larger organizations, it is generally considered simple, particularly for smaller companies or those familiar with Microsoft environments. The setup process for Trellix Endpoint Security varies in difficulty, depending on the user's experience with McAfee and general technical expertise.
Pricing: Reviewers say Microsoft Defender for Endpoint is fairly priced, noting that it is typically included for free with Windows or Microsoft Office 365 subscriptions. However, some users believe that Microsoft's pricing could be more affordable, and others noted that their licensing models can be complex. Some find Trellix’s price reasonable and competitive, while others believe it could be lowered.
ROI: Microsoft Defender for Endpoint delivers cost savings, enhanced efficiency, and heightened threat management. Trellix Endpoint Security provides significant time savings.
"The setup is pretty simple."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The stability is very good."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Real-time detection and cloud-based delivery of detections are highly efficient."
"The antivirus features are very useful."
"I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
"Its threat intelligence feature is beneficial. This solution smoothly integrates with SIEM."
"The biggest benefit to Windows Defender is that it is built-in to the operating system by Microsoft."
"Provides good security features and you can view it in the central console."
"It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal."
"Microsoft Defender for Endpoint is extremely stable."
"The most valuable features are reporting from the ePO console and the advanced threat protection (ATP)."
"It provides a robust defense against cybersecurity threats while offering user-friendly features like notifications and approval prompts."
"Dynamic Application Containment."
"The reporting capabilities are a valuable feature. In enables more visibility on our network."
"The product’s stability and security features enhance user protection and organizational security."
"The solution is stable."
"It can be deployed quickly, and it's scalable. Those are the two advantages of it."
"This product has the capability to check a wide range of vulnerabilities and devices."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Cannot be used on mobile devices with a secure connection."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Detections could be improved."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"The interface could be improved."
"In the next release, I would like to see better management reporting."
"Microsoft Defender for Endpoint could improve by providing more user-friendly dashboards. They may be complicated for some."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"The biggest issue I had with Microsoft Defender for Endpoint was the antivirus and ransomware. I wanted central visibility over all the machines that we operate."
"Microsoft Defender for Endpoint can improve by providing more and different types of reports."
"Microsoft Defender for Endpoint could provide us with a more holistic approach, such as collaboration. They can provide us with an environment from where we can manage all the endpoints from one central location, such as overall management."
"It can be more secure."
"If there's a possibility for remote assistance or investigation support in the future, it would be beneficial. Currently, we use another remote software for such purposes. If this feature could be included in the next version, that would be an improvement. The feature is called Remote Administration. I'm somewhat satisfied, but there's an issue I recently encountered. When attempting to scan a suspected host machine, Symantec Endpoint Security did not provide any alerts. However, when we installed Malwarebytes and ran a scan, it detected a threat that wasn't identified by Symantec. We raised this concern with the team for resolution, and the investigation is still ongoing."
"Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing."
"The solution should provide a more easy way to uninstall it on specific stations."
"The tool could provide more advanced protection."
"Tech support is not as helpful as they were in the past."
"There is room to improve with scalability."
"It would be a lot easier if I could add multiple user accounts within a single device."
"The solution could use better updates and fewer bugs."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 96 reviews. Microsoft Defender for Endpoint is rated 8.0, while Trellix Endpoint Security is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Intune, whereas Trellix Endpoint Security is most compared with Trellix Endpoint Security (ENS), CrowdStrike Falcon, Cortex XDR by Palo Alto Networks, Trend Micro Deep Security and SentinelOne Singularity Complete. See our Microsoft Defender for Endpoint vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.