Skip to main content
Carbon Black Endpoint

Carbon Black Endpoint


What is Carbon Black Endpoint?

The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they…

Read more
Recent Reviews

TrustRadius Insights

Cb Defense by VMware Carbon Black Endpoint is used by organizations across various industries to address their endpoint security needs. …
Continue reading
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Return to navigation


View all pricing

What is Carbon Black Endpoint?

The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems. Endpoint…

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

53 people also want pricing

Alternatives Pricing

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no…

What is Kaspersky EDR Expert?

Kaspersky Endpoint Detection and Response (EDR) Expert provides endpoint protection, advanced detection, threat hunting and investigation capabilities and multiple response options in a single package. It is an EDR solution for IT security teams with more mature incident response processes,…

Return to navigation

Product Details

What is Carbon Black Endpoint?

Carbon Black Endpoint Screenshots

Screenshot of Cb Defense Dashboard
See every attack and potential threat at a glance in this interactive viewScreenshot of Cb Defense Alert Triage
Get answers to how and why each attack occurredScreenshot of Cb Defense Response
Strengthen your defenses with every attack

Carbon Black Endpoint Video

Cb Defense Demo

Carbon Black Endpoint Competitors

Carbon Black Endpoint Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Supported LanguagesEnglish

Frequently Asked Questions

The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems. Endpoint Standard captures and stores endpoint activity, enabling a comprehensive view of any suspicious activity on endpoints, including visibility into the entire attack chain, so users can understand the impact of any attacks and take action. VMware acquired Carbon Black October 2019.

Symantec Endpoint Security, Sophos Intercept X, and Trend Micro Apex One are common alternatives for Carbon Black Endpoint.

Reviewers rate Anti-Exploit Technology and Endpoint Detection and Response (EDR) and Centralized Management highest, with a score of 8.

The most common users of Carbon Black Endpoint are from Mid-sized Companies (51-1,000 employees).
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings


Attribute Ratings


(1-8 of 8)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
We deployed VMware Carbon Black Endpoint across our business to all endpoints. It is installed on all user computers as well as all servers and VMs. The Next Gen Anti Virus solution is great at identifying potential issues, breaches and problems and the cloud connectivity massively reduces IT management overheads in updating and administration. Policies and exceptions can be applied using dynamic groups and the alerting is in depth.
  • Real time monitoring
  • Ability to quarantine endpoints
  • Auto signature updating
  • Lightweight agent
  • Can be complicated to get to the root cause of some blocks
  • Can take a while to work through installation period and apply policies and exceptions
  • False positives and alert levels can be hard to explain to management in reports
Very easy to deploy to all machines using automation options or manual deployment. Great for normal user machines and servers, can be tricky to get allow list right on developer workstations. Great incident response options such as quarantining of machines. Central management of NGAV a lot easier than legacy type AV with database updates and signature updates.
Kevin Staley | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
We are using this solution across all the endpoints in our entire organization. CB Defense addresses potential endpoint infections and compromises in security.
  • It uses a thin, low-performance consuming, client.
  • It constantly monitors endpoint activity and processes, efficiently, and effectively blocking harmful apps.
  • It not only identifies and blocks apps known to be harmful, but prevents unknown, suspicious processes/apps from executing unless allowed in a defined policy.
  • It does not offer a way to scan individual files on your endpoint. Some users like to be able to do this. Personally, given the effectiveness of the agent, I don't see a need for this, but it would appease some users.
This is a very good solution for endpoint protection irrespective of the client to be protected (laptops, desktops, servers etc.). It is well suited for small and large organizations. The management portal is easy to navigate, and very comprehensive in its view of protected endpoints and the activity on them. The portal can also be used to configure any number of policies useful for governing things to look for, and what actions to take when found.
Score 8 out of 10
Vetted Review
Verified User
We are utilizing the Carbon Black (Cb Defense) across all lines of business in our organization. We had previously been using Microsoft System Center Endpoint Protection (SCEP) and determined that it was insufficient to adequately protect us from threats. We researched 4 other products and ultimately determined that Cb Defense was the best "bang for the buck" when it came to NGAV solutions.
  • Affordability was a huge factor in our decision to purchase this solution. The level of protection and the feature set provided was well above any of their competitors in the same price range.
  • The ability to quickly triage alerts and to see the process-trees are what helps Cb Defense to stand out from their competitors. The process-tree helps us to immediately see what actions are taking place in the offending application and what responses were taken (or are needed).
  • The agent is very light-weight and does not affect system performance of our clients.
  • At times (depending on how your policy is configured) the system can be a little "noisy" in the sense that you can get many false positives. However, this is not so much of a "con" as it is a result of an overly-aggressive policy configuration.
  • Configuring the policy will take some time to really "fine tune" it so that you strike a nice balance between false positives and letting questionable actions take place.
  • Getting the software deployed via SCCM can be a pain.
Cb Defense has been working very well in our organization. It is giving us much better insight into the applications that people are running on their systems (without authorization). This software is also great because it provides visibility into systems that are remote (off the network but still have Internet access). The out of band feature is great to help ensure that the systems are protected even when a user is traveling.
Score 9 out of 10
Vetted Review
Verified User
Cb Defense is being used as endpoint protection and product visibility. It is used across two entire organizations we monitor. We previously used Kaspersky and Trend Micro enterprise endpoint protection products. We decided we wanted a product that wasn't pattern based and had next-gen AI capabilities. Through this process, we decided Cb Defense filled that need.
  • Cb Defense does a great job of monitoring the endpoint activities in great detail.
  • Defense is a cloud-based offering and has an easy to use centralized interface.
  • The alerts are very definable, and as such are easily refined to avoid getting too many extraneous alerts.
  • The Cb salespeople have been very accommodating to get to price points that we as an SMB (with tight budgets) could afford.
  • We have only needed support on a couple occasions (which is a positive), but they weren't able to really resolve either issue.
  • This brings me to my second con, which is that we have only used three sensor packages (the installed client) and have had issues crop up with two out of three.
Cb defense seems to be well suited to provide a lot of detail about potential security issues with your endpoints. It aggressively stops potentially bad activities on the endpoints, and it is easy to configure to allow processes that are stopped but you wish to allow. This makes it easy for a small IT shop to manage without the use of a full-time security employee. Unfortunately, like all other advanced security products, it can be challenging (if you do want to get to the details) to wade through on a part-time basis.
Brody Wright | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Cb Defense has been deployed on all our endpoints. Its used to scan memory for process execution and used to for live response situations. We have a different policy setup for different departments, all depending on the business requirements.

With the introduction of 3.2.2, The live response has given new meaning to our deployment strategy. We now have the ability to quarantine the endpoint and perform live analysis on the system. To give you an idea, if a system has triggered an alarm, we can login to the Dashboard, and see all the process executions, and a history of the system. If we see something "out of the norm" we can quarantine the system, access it remotely, and dump the memory, and transfer tools such as sys internals, and volatility to perform deeper analysis.
  • History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine.
  • Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation.
  • The Live Response, again goes hand in hand with the quarantine feature.
  • By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.
  • I would like to see better integration with Alien Vault, other SIEM products such as Splunk has detailed instruction on the setup, but since we have 3 USM appliances within our organization, the integration would be key for us.
  • Some say that data leakage occurs from collecting information being sent to the cloud. The way the system works is it basically looks at a system and decide after time what is normal process execution, then uploads this data on port 443 to the cloud. I have read that this data can be seen by 3rd parties, but I haven't seen it myself.
  • ref:
  • Sometimes I get some crazy alerts like Outlook has scraped memory due to Ransomware. Other times it's Word or Excel, even Chrome. I could go into the policy and start whitelisting, which by the way, whitelisting can be done within the alert, but who has time.
Well suited for live response.
Well suited for process and memory monitoring.

Less appropriate for smaller organizations.
William Bocash | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
We use Cb Defense across our entire organization as our primary endpoint protection solution. It not only provides advanced threat protection, but also gives us advanced management and forensics capabilities for threat hunting and investigations. Cb Defense goes beyond stopping threats by giving us the tools to contain and track active threats. It provides a critical piece to our security portfolio and is an essential part of our PCI compliance initiative.
  • It's Cloud based. Has reduced our on premise server footprint. Has also reduced all the management overhead. Specifically, frequent updates/upgrades. Mobile devices don't need to be connected to our network.
  • Threat hunting and analysis. We are able to see a ton of forensic information.
  • Management interface is intuitive and easy to use.
  • Tighter integration with its other products like Cb Protect.
  • More specific controls for FIM.
Cb Defense is well suited for teams that are looking to reduce on-prem management and overhead and want more insights and forensics for their endpoint security. It is suited for companies needing to meet PCI requirements. It is not suited for teams looking for a "set it and forget it" solution. The real value with this product is the management and forensics, but you need staff that cares enough to use it.
June 06, 2017

Cb Defense NGAV

Eric Samuelson | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
We are using Cb Defense for the whole organization. It is acting as our only antivirus agent. We use it to monitor and protect all endpoints. As a NGAV agent, it protects our endpoints from known and unknown malware threats.
  • Cb Defense was simple to deploy and set up. We used our system management appliance to deploy the agent to all Mac and Windows endpoints.
  • The reporting features are great and have recently been improved. You can trace the activity to see what parent application is triggering the event and how it was done.
  • Cb support has been really helpful tracking down issues and helping us to resolve them.
  • Cb pro services was great working with us to deploy the agents and set up policies.
  • Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again.
  • Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents.
  • We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.
Cb Defense works great to protect systems from known and unknown malware. It is simple to deploy and manage. You might run into some issues if you run a lot of unsigned applications or scripts in your IT environment. If that is the case, you can whitelist certain paths for your scripts to run. You can whitelist the individual applications and certs if you have them.
Christopher St.Amand | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Cb Defense is being used to stop 0-day threats and provide better antivirus/malware/spyware/pup protection than our old archaic AV. We are using the product across the organization effectively. We find the product easy to deploy and manage.
  • Provide analysis of where the the threat actually took place and how it worked it's way into the environment
  • Stopping unknown threats and reporting on them appropriately
  • Carbon Black support is a responsive team
  • Reporting for C-Level information
  • Tailored email alerts templates
  • Installation of the product needs third party tool for mass deployment
Cb Defense is well suited for any active end user environment; downloading files, browsing internet, checking email and attachments. Though, I don't see as much of an added value in the server space since the product will not stop Exploits (that's not its function) and no one browses the internet a server.
Return to navigation