The solution needs to provide better integration. We may receive things from email, network, or the machine itself. So we need a centralized system to get alerts or messages which are not available in the product. The solution must provide features to centralize the alerts received. It should provide integration with other Symantec products.

Honestly, the product needs to continue the way it is, and I feel that everything will be fine. I haven't had any reasons to complain about the product.

The product doesn’t offer MDM functionality under its current licensing model. In the future, I want the product to offer MDM. It can allow me to manage my mobile device more efficiently and effectively. Currently, there is a need for a separate license to be added to Symantec Endpoint Detection and Response to be able to use the MDM part. If both are bundled up under the same license, the administration part can be made easier.

The GUI could be better. It has reports for every part of the product, but it doesn't have reports for better usage.

The solution’s scalability and stability could be improved. The solution's investigation feature can be further improved.

I'm not sure if there are any features that need to be added. 

We'd like them to continuously improve their security posture to ensure they can protect customers from future threats. While they are quite dynamic, they need to ensure they are detecting threats faster in the future to keep people safer. 

One potential area for improvement in Symantec EDR is the reporting engine. It is not exactly a weakness, but rather a feature that might need enhancement in the future. The current reporting capabilities are somewhat limited, lacking extensive filtering options. Currently, our experience with Symantec EDR is generally positive. Performance and user-friendliness are satisfactory. In our regular assessments, the main area for improvement that has emerged is the reporting engine, which is somewhat limited. Enhancing this reporting functionality to reduce the need for manual data manipulation and export to tools like Power BI would be a valuable improvement for the application. In the future, it would be beneficial to have AI-driven analytics and automated workflow capabilities integrated into Symantec EDR. This would enable more efficient detection, response, and mitigation of security incidents. Specifically, having workflows that can automate incident analysis, qualification for closure, and escalation when needed within the application would be a valuable addition. This would reduce the manual effort of security analysts and streamline incident management.

The solution can always be more stable and more secure.

In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial.

They need to improve their cloud presence. They need to keep developing prevention. Many OEMs are focusing on the detection part only.  They need to address the challenge of gathering false positives.

We do not need any extra features. 

Their customer support has deteriorated significantly since Symantec was purchased by Broadcom. We have issues interfacing with Broadcom. eg: There is no TAM / sales team in Broadcom for Symantec products. We have faced up to 3 months delays in getting a quote to renew the license through their partners.

Symantec is a dead product. The product does not have any add-on features. The interface has many issues. There is no proper KB article to fix the error.

I don't see much room for improvement. I am not an analyst for this product. I just manage this product for an analyst. I like the dashboard, it has lots of information like threats and we can see activity on the dashboard. It shows new and unknown threats in the environment. This feature is very good for EDR monitoring and management.

It should be easier to deploy Symantec's client for end-users. 

The solution's price could be better. Presently, it is expensive for basic functionality. Also, they should make its UI more user-friendly. It takes time to find the policies and analyze their effects. They should add a customization option for policies. In addition, they should add more scanning features to it.

We are in Iran, so for some Symantec services, we face sanctions. 

The interface is very complicated. It needs to be simplified in future releases. 

It needs to offer better documentation around configurations during setup.

Scalability is limited. It needs more expansion capabilities and should offer more efficiency. 

Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface.

I have not picked up anything that is lacking in terms of features while using this tool. 

They do need to minimize the number of agents installed on a server.

The response time for technical support takes too long. 

I think we have experienced some technical issues because the company focuses mainly on bigger clients. They should treat every client equally instead of only targeting high-profile or high-revenue-generation clients. The focus should be client-centric, not only revenue-centric. 

Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions.

I would like to see better scanning capabilities.

Reporting is a major issue, as it is not user friendly. It's the biggest challenge we are facing. I have raised this issue multiple times.

With virus detection, if one OEM vendor is detecting the virus at 1:10 am, within 24 hours all others will detect it. For example, Symantec will detect the virus, then McAfee will detect it then Trend Micro, all within 24 hours, everyone will have it covered.

In the next release, I would like to see the option to customize the report as per our needs, and better reporting in general.

I think the network forensics feature could be improved. It's not part of SEP, but it's part of the package and I think that could be improved because we need the decryptor. Without  that you can't actually decrypt the SSL traffic going in the network. If the solution could be completely software-based, it would be a formidable product.

Symantec could include that as an additional feature, it's something that other solutions provide. Secondly, instead of just making it endpoint deception, they could make it network deception as well and that would make it a complete endpoint protection solution.

The unpredictability of the pricing is a cause of concern.

It would be good if it can anticipate zero-day attacks. I don't know how it can be done and if it is even a feature of this product.

The solution should offer more features, such as ones which are forensic and timeline. 

The tech support was very bad in the immediate aftermath of the merger, although it is now slightly better. The problem came down to the ownership of the case. Support was horrible when the Broadcom entered the picture, but they have done much work in this area and things are mostly better. 

It would be nice to see more granular timeline analysis. 

Some fine-tuning is required because we often see false positives.

The Symantec portfolio is not big enough to cover the organization in all 360 degrees.

It would be beneficial to have more integration and compatibility with other platforms.