I've read a hundred articles, watched too many videos and tried too many systems and cannot decide for the life of me what's best for my org.

I'm sysmanager for a small/med size business in UK, around 60 endpoints. Mainly managed through online Entra (Azure sounded nicer, they shouldn't have changed it) and I'm debating moving everyone to Business Premium and using the Defender for Endpoint service (but seems difficult to manage in comparison to something like Webroot, which currently using via Atera on a monthly cost).

Basically just want something that's cost effective, will actually keep things better protected and also easy to manage.

Opinions seem all over the place so finally hitting Reddit for a non-affiliate linked review of where things stand in 2024

Cheers

Trying to decide on our next endpoint protection. From doing research, it seems that the 4 most prominent solutions are Sophos Intercept X, Microsoft Defender for Endpoint (MDE), Crowdstrike, and SentinelOne (from what we can find). We are looking for an XDR (behavioral detection) solution that includes ransomware protection and malware/virus cleanup at the minimum. What are your experiences and what endpoint protection do you use/recommend?

I've been working with a small company who has poor security practices. They have Sentinel One for endpoint protection, but some of their users report people taking over their computer from time to time, and another person had a huge cyber security incident in the past few days. They were signing off on an invoice, told someone in accounting to pay it and moments later the accountant got a follow up email from the original person who sent the invoice asking them to send it to another account.

Luckily the accountant double checked and sure enough it was a scam, but not by the first person. A domain was created specifically for this scam attempt, with an email account matching the real person. The domain was just a letter off from the real domain, which could have easily been missed.

I'm convinced one of the two users have compromised email accounts. But on the off chance that someone has hacked their actual computer and is 'watching', what endpoint protection would best deal with that sort of threat? One of the people mentioned their web cam zooms in and out randomly, which by itself sounds like a random tech issue. But I'm thinking their machine could be compromised..

Sentinel One dgaf, no strange warnings. So either it's all in Office 365, or we need better EndPoint Protection. (They're not running MFA, that's another thing they're fixing immediately)

Hi All

Ive been given the task of finding an Endpoint Protection platform as we are moving away from ESET.

Does anyone have any immediate shouts in terms of recommendations or any ones to avoid?

I'm leaning towards Sophos, but also think I lack experience in AVS to accurately decide for myself what the best solution is, thus asking the community! We also looked at SentinelOne, but. I found the demo incredibly confusing, but that might be a 'me' issue.

500 pcs roughly, all Windows :)

I'm about to remove our existing solution from users devices - Kaspersky Endpoint Security Cloud.

It's kinda breaking my heart doing it as I think it's pretty good at what it does and is really easy to manage endpoints and onboard/offboard devices. But I can understand why I'm being asked to do this.

We don't use Microsoft AD... we use Google Endpoint Management - this is how I push policy's etc. The users login in to devices using their Google credentials.

What's a good alternative - I have 100 Windows 10/11 users?

Hey, I'm sysadmin for a IT consulting company with about 60 users. We've been using Kaspersky Endpoint Protection for 3 years now. As I started looking into device deployment and management with Intune recently I came accross the endpoint security solution built into Intune. Is it worth it cancelling Kaspersky and moving on using their solution?

I was recently assigned the task of evaluating new solutions to replace our existing Endpoint Protection (SEP, DLP). While the company was considering using Microsoft products due to our M365 environment, it seems that many aspects are still lacking. What would be some good alternative solutions?

Hi,

I practice what I think is pretty good hygiene. I have my own router/firewall (pfSense), I don't expose ports to the internet, I am careful with email and web sites, you name it. There's still the risk that something is going to get through (especially with teenagers in the house), so I'd like to put really good endpoint detection/anti-malware software on our home PCs (and my home server).

In the enterprise space, Microsoft Defender for Cloud has a good reputation so I have been assuming that Defender (that comes with Windows) was a good (and free!) choice. However, one of my computers was attacked with ransomware this weekend, so maybe not.

What would you recommend? I see a lot of good reviews for ESET. I see I can also buy CrowdStrike Falcon Go for home as well.

Any thoughts?

Thanks!

We are currently investigating endpoint protection, as our ESET licenses are set to expire in June. I've currently got a quote from Sophos for InterceptX (with and without EDR).

I'm going to be hitting up Palo Alto for a tech/sales demo of TRAPS, as we already use PA firewalls and Panorama to manage them, so the integration of firewalls and endpoint protection makes sense.

I was wondering what other sysadmins more caught up on endpoint protection would recommend? I've been directed to look at Microsoft Defender for Endpoint as we already have a bunch of A5 licenses and we could purchase more. It looks like you really need SCCM though for that, or am I reading old information? We haven't yet been able to justify the time cost for SCCM, but it's kind of one of the solutions looking for a problem that we're keeping in our desk drawers - we all would like to have proper centralized software management. I'm also having a hard time finding reasonable information on whether it's junk or not - have any bigger organizations you all work for used it exclusively or primarily?

If you were at the point you could change endpoint vendors right now, who would you be contacting?

We're looking at protection for 18DCs, 11 various windows servers, 2000 workstations and about 1000 staff users. We would much prefer a cloud-based management system vs an on-prem server as our VM resources are already stretched.

I'm very interested in any suggestions or discussion - what we have now is a barely working hot mess because of an employee who left last year and we know this is something we need to prioritize.

Hi,

I wanted to check with you what endpoint solution do you recommend? I have Mac and Windows machines, and mobile devices (Android, iOS). Some are suggesting tools like Crow.d.strike, other say Palo Alto Cortex XDR is also extensive but you any thoughts about this? Naturally, we want to stop ransomware and help increase the security posture of a device and the company. Features, like stopping a device after it is lost is fine. We don't want spying on employees.

I want to start securing the home devices with a good EDR solution. Doing some simple google searches for AV for Windows 10/11 just show what i've always though of as Basic AV's.

AV / EDRs I know and mostly trust are Crowdstrike, Huntress, or SentinelOne but they either don't offer home plans or CS would run $25-40/month which is high to jump into without some research.

What i'm asking here is what AVs or EDRs do you use at home? Anything that you can generally trust or heard around.

thanks guys!

I own a small IT consultancy business mostly doing break/fix, workstations, servers and networks for about 400 endpoints, about 70% SMBs and the rest are home users. Malware and hacks have been brutal and relentless lately and I am looking for a way to offer better security to my clients. I had partnered with Emsisoft, but a bad experience has caused me to lose confidence in them. I believe that I need to have a more robust system than simple antivirus. I don't want to become a full time security expert but would like to partner with a company to provide those services. I don't mind monitoring and responding when needed but would really like to be proactive with security instead of reactive.

I have been looking at several providers but most of them have minimum's that I will not be able to reach. What are your recommendations for a low cost EDR/AV/MDR (getting overwhelmed by all the acronyms) partner?

Guys, what is the best end point security software available for a business corporation. I'm looking for an endpoint which has the following features.

1. Centralized management console to support which facilitates software deployment and provide control of remote workstations.

2. Should support BYOD.

3. Ability to remotely locate laptops and wipe all information off the hard drives to halt potential data breaches and ability to protect corporate information located on employee-owned devices.

4. Should be able to monitor user activity.

5. Should be able to restrict user from connecting into Wi-Fi and other networks and device control.

6. Internet and antivirus security.

Please share your ideas. Thanks!

With endpoints becoming the easiest way into an organization, choosing the right security stack has never been more critical. Between phishing payloads, malicious browser extensions, unmanaged BYOD chaos, and increasingly sneaky malware, “basic antivirus” just isn’t cutting it anymore.

If you’re evaluating endpoint security tools right now, here are the key things that actually move the needle:

1. Behavior-based threat detection

Signatures aren’t enough. Look for tools that detect anomalies, suspicious scripts, lateral movement attempts, and privilege escalations in real time.

2. Strong policy enforcement

You need granular control over apps, USBs, network access, and device posture. Tools with weak policy engines turn into expensive monitoring dashboards.

3. Web & content filtering

Most threats land through browsers today. A good endpoint solution should integrate with a Secure Web Gateway (SWG) to block malicious domains, phishing kits, and shady extensions.

4. Device inventory + vulnerability insights

Missing patches are still one of the easiest exploits. Your tool should surface vulnerable devices instantly and automate remediation.

5. Cloud-native management

With remote and hybrid teams, you need something deployable in minutes—not something requiring on-prem servers and endless config rituals.

6. Lightweight agents

Heavy endpoint agents slow users down and end up disabled “because it was laggy.” Choose solutions that stay out of the way but work reliably.

If you’re comparing tools or building a shortlist, here’s a solid breakdown of the top endpoint security software.

I've moved onto more focused cloud engineering work in the last few years at orgs that have dedicated security departments. So I don't really get exposure to the endpoint security products directly anymore.

Back in my day (your eye roll is warranted), Sentinel One was the bees knees for high-end endpoint security. Then Huntress showed up and paired well with it. Back then, Defender was nascent and generally reviled.

Since then, I've been at large enterprises that use Crowdstrike and it wasn't my job to worry about it anyway.

Now, I do some consulting on the side and help out some MSPs and small businesses with engineering guidance, work, and some teaching. More and more folks are asking about Defender and wanting to dump their existing A/V solution and go all in on Microsoft Defender because it's baked into the M365 licenses they already pay for. Brilliant idea for the business. But is it a good technical and security decision?

Is Defender up to par nowadays? I've heard it pairs really well with Huntress now. I don't want to be giving the wrong recommendation when asked, and I'd also like to say something other than, "I don't know."

P.S. I have my own M365 tenant for a playground and I will be testing Defender in it, just wanting to get a read on the room for the other folks out there in the wild.

Cheers.

Hello,

My name is Greg, with a small growing MSP of only three years old and serving about 1000 endpoints. We are a security-centric MSP and take cybersecurity seriously.

The question I'm presenting to you is about end-point protection, and would like some advice from you. Unfortunately, I won’t be able to get a clear answer to my questions, but I should get a good pulse on what the MSP community is doing as a whole.

We offer our clients a service stack, that layers their endpoint protection on top of good security hygiene, practices, policies, and training.

Our security stack offers the following on most endpoints: Bitdefender EDR & ATP, Malwarebytes, DNS Filter, and Huntress. This combination has done an excellent job of protecting our clients and does more than an adequate job. I’m happy to report I have yet to have a ransomware attack. Maybe we are just lucky but in three years, not one serious security incident led to any triage and remediation.

However, Malwarebytes EDR (MB) has given my team and the helpdesk severe fits. MB has many real-time protection engines, and some of these engines cause significant performance issues. I’ve had numerous calls with MB support troubleshooting and never got a permanent or long-term solution. The most common issues are performance, and the endpoint can be so bad that it makes it unusable. From all my experience, I have my workarounds fixes for all my MB issues, but it never ends. Additionally, I get MB Windows services that constantly stop running to only have our team remove the product and reinstall it. We also understand layering Bitdefender with Malwarebytes can cause performance issues, and yes we have Global Application Exclusions in place for each.

My MSP and I have come to an executive decision to replace or remove MB in the future. The amount of call tickets and trouble the product has created has pushed us away. So I have some questions for all of you.

As previously stated, I would mainly like to get different stances or opinions from all of you, but I’m here to listen. Replacement of one product is not a simple process as it takes time and effort to offboard and onboard a new security product. We also are not looking to replace a much more expensive product as I would need to sell the upcharge to the client. With some clients, I’ll be able to do it, and for some, it is probably not possible. I’m sure everyone will mention what their security stack includes, but below are the questions I would like to answer especially the first one.

1. If I remove MB, will Bitdefender and Huntress adequately protect my clients?

2. Should I replace MB with a similar product, and what product? Will this product behave well with my other products?

3. Has anyone else using MB experienced my pain points?

Hello,

Long story short, I have been in tech for over 2 decades but recently I am in the process of changing our business model, and decided to go fully in the MSP direction (before it was just managed servers etc.)

Now I decided to go with NinjaOne for our RMM solution (hate me or love me I don't care 😂).

Now they currently offer bitdefender sek, and webroot as far as I am aware in the basic package.

But they also have a package that includes bitdefender gravity zone. (this comes with a bunch of added perks but I'm not sure about bitdefender or if this can be replaced with their sentinelOne)

And finally a added option of sentinelone control at a reasonable cost.

I know that there are also other Endpoint Security solutions out there.

How important is integration WITH RMM? And out of these which option do you prefer?

I am looking for recommendations of the best endpoint protection in my home. Application to work behind a firewall (Firewalla Gold). I use Windows and iOS devices. Currently use Bitdefender Total Security and Windows Defender on Win 10,11 devices. Bitdefender Armor on iOS devices. I also have about 140 devices as IoT, media, etc. Appreciate suggestions or layers to use and any well known software to not use. Thank you

Greetings to all!

So I create this Reddit post, to seek opinions and recommendations, about a good Endpoint Antivirus security solution, adapted to be used on Windows Server and interconnected secondary devices.

This kind of solutions are not the common home Antivirus, but are adapted to be used on servers, and not interfere in its operation, or in incoming requests from outside the network, like hosting some website on IIS or like that.

I am looking for a solution that is efficient, intuitive to use both through the application and through a console or web browser, but at the same time is not exorbitantly priced.

After all, I have a small server that I want to use for self web-hosting and NAS services, Dropshipping shop. I'm a freelancer, you could say that.

But I am interested in learning and growing in this world, especially now that I am interested in IT administration and servers.

Thanks!!!