Symantec ES is a lightweight but feature full solution that enabled us to get rid of multiple resource intensive endpoint agents and keep developers happy
April 21, 2022

Symantec ES is a lightweight but feature full solution that enabled us to get rid of multiple resource intensive endpoint agents and keep developers happy

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Symantec Endpoint Security

Symantec Endpoint Security is our EDR solution which helps ensure our machines stay free of infection and remain compliant with our organisational policies by providing an extensive range of functionality that we employ e.g. honeypots to waste the time of any attacker which might have gotten through, application control and isolation, ability to quarantine infected machines, ransomware protection, host-based IDS, etc.
  • A lightweight agent which does not impact legitimate user tasks, even developers who compile complex code.
  • Multiple modules which provide a wide range of functionality.
  • Is not easily killed or uninstalled so devices remain monitored at all times.
  • Also provides deception technology which other vendors often do not in similar solutions.
  • Ability to intelligently quarantine machines which may be infected.
  • More granular control over which USB devices can be blocked/allowed.
  • Native integration with other solutions for alerting without needing to have a SIEM in between.
  • Would benefit from gathering more OS logs in a manner similar to Sysmon.
  • Usage in other environments rather than just on end-user machines e.g. Kubernetes nodes in the cloud.
  • Ability to have all this endpoint related functionality from one single vendor.
  • Low resource usage, which does not result in complaints from our users.
  • Very granular configuration of policies.
  • Quarantine and power erasure functionality works well and does not require devices to be wiped, helping avoid time loss by setting up new machines.
  • Antimalware scanning is not very resource intensive when it runs and finishes relatively quickly.
  • Fewer complaints from developers who need to compile complex code without EDR getting in the way.
  • Less time is wasted wiping and rebuilding machines when an infection does occur due to competent quarantine and power erase functionality.
  • Our engineers are happy since application control is now easier to manage compared with other solutions.
  • Successful malware infection incidents have decreased.
Symantec Endpoint Security seems to be a more mature solution compared with CrowdStrike, particularly when CS was just recently getting their USB blocking functionality rolled out for macOS endpoints this year. Another differentiator with CrowdStrike is that Symantec ES still provides both on-demand scanning & real-time signature-based detection in addition to solely real-time machine learning detection whereas on-demand scanning and signatures are not available on CrowdStrike. This means there is a doubt as to whether we can use CS to comply with some of our PCI DSS obligations which specifically require the use of signature-based antivirus solutions.

Do you think Symantec Endpoint Security delivers good value for the price?


Are you happy with Symantec Endpoint Security's feature set?


Did Symantec Endpoint Security live up to sales and marketing promises?


Did implementation of Symantec Endpoint Security go as expected?


Would you buy Symantec Endpoint Security again?


Splunk Enterprise Security (ES), Palo Alto Networks Prisma Cloud, macOS, Google Cloud Operations Suite (formerly Stackdriver)
Symantec Endpoint Security is a well-rounded product that provides a significant amount of functionality and covers many of our endpoint needs without needing to resort to multiple vendors that might clash in unpredictable ways when ultimately deployed to the endpoints in our estate. The default policies are adequate and tuning these requires some time as with all similar EDR products but the product is flexible enough to allow very granular whitelisting/blacklisting which is great. Low resource requirements are also fantastic and we've not had many complaints from developers who were getting slowed down when compiling complex code with other previous solutions.

Symantec Endpoint Security Feature Ratings

Anti-Exploit Technology
Endpoint Detection and Response (EDR)
Centralized Management
Hybrid Deployment Support
Infection Remediation
Vulnerability Management
Malware Detection