We performed a comparison between Microsoft Defender for Endpoint and ThreatLocker Protect based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is pretty simple."
"The price is low and quite competitive with others."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Ability to get forensics details and also memory exfiltration."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"NGAV and EDR features are outstanding."
"The performance of Microsoft Defender for Endpoint has been good."
"What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers."
"We use Microsoft Defender for the antivirus."
"One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
"The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"Technical support is good."
"Its simplicity is the most valuable. It also has very good integration. We like it."
"It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android."
"The biggest improvement has been knowing that something unauthorized isn't going to get installed on anyone’s machines."
"The sandbox functionality is fantastic."
"Application control, ring-fencing, and storage control are the most important features, followed closely by elevation."
"Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product."
"Every single feature has been invaluable."
"Using ThreatLocker is effortless because I can access it from an app on my phone, so I can help clients after hours. My client had an issue while I was at dinner, and I didn't have a tech on the problem, but I could deal with it from my phone. I can see what the client is doing and approve or deny it. It helps me deliver better service to my clients when they need it."
"The great thing is that if you get a malicious email and you try to run something, ThreatLocker is not going to let it do anything. It is not going to let anything infect your network."
"ThreatLocker Allowlisting has all of these features integrated into one console, making it effective."
"The only minor concern is occasional interference with desired programs."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"We'd like to see more one-to-one product presentations for the distribution channels."
"Cannot be used on mobile devices with a secure connection."
"The solution should address emerging threats like SQL injection."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall. For example, I wanted to pull out the connection of my program and install a software package with a lot of executable files. I wanted to prevent it from accessing the internet. I could not select executables by using a wildcard. I had to select a single executable with its full name."
"The initial setup can be a bit complex."
"Features like device inventory continue to lack essential workstation drill-downs showing the entire device information with the least effort."
"With regards to the interface, a challenge I found was that there was not enough documentation on how to tune it. I had to read multiple sources on the internet to learn how to configure the tool appropriately."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"It's not easy to create special allowances for certain groups of users. It can be a little heavy-handed in some areas where Microsoft has decided to lock a feature out, meaning they make it hard to make an exception... One company we work with needed to use about 20 different thumb drives for about 20 users. To make that exception for them was very difficult. In fact, you can't really make an exception. But what you can do is allow them to use it and, while it will still alert, you can actually suppress those alerts."
"One thing that was lacking in Defender was web filtering. Its web filtering wasn't as comprehensive. Sophos was a little bit better than Defender for blocking URLs or installing programs."
"Microsoft Defender for Endpoint could improve by making the reporting better."
"Something we have come up against a couple of times is that we have two clients that are software developers. They create software that doesn't have digital signatures and that's not easy to categorize or whitelist with ThreatLocker. We have to go in and make custom rules to allow them to do their work and to be protected from malicious threats."
"If you have a thousand computers with ThreatLocker agents on them, when you approve or create a new policy saying that Adobe Reader that matches this hashtag and meets certain criteria is allowed to be installed, it applies at the top level or the organization level. It applies to every computer in the company. When you make that new policy and push it out and it goes out and updates all of the clients. Unfortunately, at this time, it does not look like they stagger the push-out."
"We identified several areas that we would like to see improved."
"ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week."
"ThreatLocker Allowlisting needs to improve its user interface and overall workflow."
"The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software."
"More visibility in the built-ins would be nice."
"From a reporting perspective, enhancing the ability to customize reports would be beneficial."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 2nd in Advanced Threat Protection (ATP) with 182 reviews while ThreatLocker Protect is ranked 16th in Advanced Threat Protection (ATP) with 13 reviews. Microsoft Defender for Endpoint is rated 8.0, while ThreatLocker Protect is rated 9.2. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of ThreatLocker Protect writes "Integration is simple, deployment is straightforward, and extensive well-written documentation is available online". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and ESET Endpoint Protection Platform, whereas ThreatLocker Protect is most compared with SentinelOne Singularity Complete, CrowdStrike Falcon, Huntress, GravityZone Business Security and Fortinet FortiClient. See our Microsoft Defender for Endpoint vs. ThreatLocker Protect report.
See our list of best Advanced Threat Protection (ATP) vendors and best Endpoint Protection Platform (EPP) vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.