Item: ThreatDown, powered by Malwarebytes
Rating: 5
Author: John Delaney

Use Cases and Deployment Scope

We utilize Malwarebytes Endpoint Protection (Premise-based) for the whole organization. Its anti-malware, anti-exploit, and anti-ransomware provide protection for all our Windows-based equipment, workstations, and servers. We need a product that provides both protection and centralized management and offers more protection than an anti-virus product with extra, less focused features like Symantec Endpoint Protection.

Pros and Cons

Great protection for end points.
Automatic definition updates without the need to contact the management server.
Anti-exploit program self updates without the need to contact the management server.
Supports group policy deployment.
Supports email alerts.
Works alongside anti-virus programs without issues.
Usable on Windows servers and Windows workstations.
Limited Apple support (remediation only).

Premise based management tool no longer the focus of development in favor of new cloud based protection.
Can't migrate to cloud based protection easily and requires different licensing.
They released a definition package last year that caused all systems that received it to block all network access, inbound and outbound. The repair process was manual and took 15 minutes per machine to fix. The only way to learn about it was from their website and it was not easy to determine that Malwarebytes was the cause.
Management tool does not auto-update client programs. You need to either perform a push update or update your GPO program deployment for the new package.
Email alerts about clients only come in after the workstation has sent an update to the management server. The management server is not accessible over the internet, so reports from remote users can take days after the incident.
The anti-exploit module does not like any JAVA programs. Barracuda JAVA VPN and Supermicro SuperDoctor get blocked. There is no exception list, so you have to disable protection.
You can not make exclusions for programs you need protection to be disabled for.
Some programs can be disabled by end users.
No notification process to inform you of new updates for end user applications or the management system.

Return on Investment

We are more confident that this dedicated solution protects our systems better than other all-in-one solutions, reducing our ALE.
Updates to Microsoft Defender are making this less and less attractive to small businesses.
Updates to security suites like Symantec Endpoint Protection are making this less attractive.

Alternatives Considered

Symantec Endpoint Protection, Windows Defender Advanced Threat Protection (Hexadite AIRS) and McAfee Endpoint Security

Malwarebytes Endpoint Protection is dedicated to protecting against and the remediation of malware. No other product does it better. Their consumer version of the software is often refereed to by other security products and security researchers to clean infected systems. It does not bog down your system or consume massive amounts of system resources to function and protect unlike products from McAfee.

Other Software Used

Symantec Endpoint Protection, Windows Defender Advanced Threat Protection (Hexadite AIRS), McAfee Endpoint Security

Likelihood to Recommend

Malwarebytes Endpoint Protection is good for companies that do not have a very small mobile workforce. It is also acceptable for companies where their mobile workforce is constantly connected to a corporate VPN. It does require weekly manual monitoring to make sure all endpoints and all applications including the management service are up to date.

Great product for the security paranoid

Overall Satisfaction with Malwarebytes Endpoint Protection