We performed a comparison between Microsoft Defender for Endpoint and ThreatLocker Protect based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have FortiEDR installed on all our systems. This protects them from any threats."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The product detects and blocks threats and is more proactive than firewalls."
"The product's initial setup phase is very easy."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Ability to get forensics details and also memory exfiltration."
"NGAV and EDR features are outstanding."
"The primary advantage is that you don't need to install it. It's included in the Windows 10 delivery."
"One of the valuable features of the solution is the small updates that keep my machine relatively clean from any infections."
"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
"We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments."
"Microsoft Defender for Endpoint comes pre-installed in Microsoft Windows."
"It performs well. The stability is seamless."
"It doesn't cause the slowness of the system, which is one of the reasons why I like it."
"One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
"The most valuable feature is probably the ability to block programs from running. ThreatLocker has some built-in features that make it super easy. You can also contact their support within the program. If you're having issues, you can click on that button and connect with someone in five to 10 seconds."
"Using ThreatLocker is effortless because I can access it from an app on my phone, so I can help clients after hours. My client had an issue while I was at dinner, and I didn't have a tech on the problem, but I could deal with it from my phone. I can see what the client is doing and approve or deny it. It helps me deliver better service to my clients when they need it."
"ThreatLocker Allowlisting has all of these features integrated into one console, making it effective."
"The sandbox functionality is fantastic."
"Application control, ring-fencing, and storage control are the most important features, followed closely by elevation."
"The interface is clean and well-organized, making it simple to navigate and find what we need."
"The most valuable feature is selective elevation, which allows elevating an individual process to admin privilege without granting admin privilege to that user, which has been by far the most useful feature outside of the overall solution itself."
"The biggest improvement has been knowing that something unauthorized isn't going to get installed on anyone’s machines."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The only minor concern is occasional interference with desired programs."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"Cannot be used on mobile devices with a secure connection."
"FortiEDR can be improved by providing more detailed reporting."
"We find the solution to be a bit expensive."
"Its interface can be improved a little bit. We would like to have some sort of centralization. It should have something like a central server that is managing all the other clients. There are solutions from Kaspersky or ESET NOD32 that are really doing this kind of thing currently. We would like to see something similar from Microsoft."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on."
"We'd like the stability to be better."
"The reporting in Microsoft Defender for Endpoint should improve. The solution has limited features."
"The product itself does not necessarily need improvement, but the support and implementation of the product are the disaster cases."
"This solution is not secure, which is why I have moved to Linux."
"I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over."
"More visibility in the built-ins would be nice."
"ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week."
"The snapshots used in the ThreatLocker University portal are outdated snippets and have not been updated in conjunction with the portal itself."
"If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out."
"Something we have come up against a couple of times is that we have two clients that are software developers. They create software that doesn't have digital signatures and that's not easy to categorize or whitelist with ThreatLocker. We have to go in and make custom rules to allow them to do their work and to be protected from malicious threats."
"The reporting could be improved."
"ThreatLocker Allowlisting needs to improve its user interface and overall workflow."
"From a reporting perspective, enhancing the ability to customize reports would be beneficial."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while ThreatLocker Protect is ranked 26th in Endpoint Protection Platform (EPP) with 13 reviews. Microsoft Defender for Endpoint is rated 8.0, while ThreatLocker Protect is rated 9.2. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of ThreatLocker Protect writes "Integration is simple, deployment is straightforward, and extensive well-written documentation is available online". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune, whereas ThreatLocker Protect is most compared with SentinelOne Singularity Complete, CrowdStrike Falcon, Huntress, GravityZone Business Security and Fortinet FortiClient. See our Microsoft Defender for Endpoint vs. ThreatLocker Protect report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Advanced Threat Protection (ATP) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
