Please share with the community what you think needs improvement with Endpoint Protector.
What are its weaknesses? What would you like to see changed in a future version?
Endpoint Protector provides a single platform to support Windows, macOS, and Linux devices. There is some improvement that is needed there. The policies must be created per OS and in a large deployment with the diverse OS platform use case which can get a little bit unwieldy. Room for improvement there could be a way to clone a policy and map the old policy to the new policy on a new OS. Right now, you would just have to open it up on two different screens and map it manually, but a way to clone it to a new OS and map the differences or map the similarities would be room for improvement. I would rate the role-based access features for administrators a six out of ten. There's work to be done on the granularity of roles that can be assigned to an administrator but there is role-based administrator access present. That's why it's not a zero rating. We would probably make better use of tier1 support texts and give them granular abilities within the user interface to help us administer it and then move it to a different tier 2 tech support if the role-based permissions were more granular. A feature request would be treating a deny list as an exit point. We'd also like to have the ability to tie an allow list to a group rather than a policy so that the allow list follows the group of users or computers. Whatever policy they hit they're always allowed certain URLs. That would be a nice feature for management purposes. It could also use some minor UI improvements. There's a little bit of inconsistency in the UI that takes some getting used to.
This product provides zero-day protection for macOS, although I'm currently dealing with an issue on the most recent rollout of the Endpoint client that doesn't seem to be fully functioning. It is absolutely important to me, but it has not been successful. This is something that they are definitely working on resolving. I've had multiple IT consults where we've brought on a couple of developers to try and figure out what's going on with the Mac's most recent update versus their most recent update.
I would like to see an alert feature that when a system is started, it checks to make sure that the client has the most up-to-date policies. Before the policies are updated, nothing can be done on the system.
The policy engine could use a bit of work. They're definitely going in the right direction. We've been working with them over the last few weeks to try and optimize that. But it's reasonably clear that they're just not putting as much effort into the policy engine as into other things, like content discovery. It's somewhat lacking in terms of the granularity of the policies that you can create. Because this is a Mac environment, you have slim pickings. You have really good detection mechanisms, like Code42, but a lot of those players don't operate at the medium business size. So, in terms of the market segment, CoSoSys is really the only player that will be able to still effectively pick up on it, so they're the only game in town on policy. They don't really have much competition in this segment.
There are times when the server needs to be updated, and it would help if I got a notification for when the newest version comes out, because at the moment, I'm going in every now and then and checking. Sometimes it comes out and I didn't know it had come out. It would be super-helpful if I got a notification saying, "It's time to update the server."
When you want to uninstall and reinstall, there are a lot of issues. You have to do a lot of workarounds to reinstall Endpoint Protector. This is a major issue that we have constantly because we still have old systems with XP. While there are only very few, we need to run them because there are machines attached that only run on XP. When we need to uninstall and reinstall on XP or Windows 10, we have serious issues left in the Registry Editor everywhere. There is a lot of manual interference to get the reinstallation to work. For the uninstallation of Endpoint Protector, they need to work on this so it doesn't leave any leftovers behind.
I bought it for my Windows, Linux, and Mac platform. Frankly speaking, I'm not happy with the product. The reason is that they have not tested the product in their environment. You can't really install it on any endpoint, because you never know what will happen. I have faced issues which shouldn't be related to this product. This product is purely a DLP, so it should only protect my data. I don't know what is happening with their agent or what is happening with the software, but it messes up my endpoint. For example, people are facing bandwidth issues. Before I deployed this on an endpoint, people were getting internet speeds of 40 or 50 Mbps. After deploying it, that would come down to 10 Mbps. And if I uninstalled the agent, it would go back to 50 Mbps. In my experience, they claim their product is very good, but I don't think so. Software should be such that if you deploy it on any machine, it should not come up with issues. If it is blocking things I can understand that the engine behind the software is very good. But it is blocking things that are not required to be blocked. The major challenge was my Linux environment, and that is why I took this product—to get it deployed on my Linux machine. But if I want to deploy it on Linux 1, 2, or 20, or some other Linux distribution, I need to reach out to the support team to get the agents. If I have paid for licenses, they should be on the portal so I can download all the different versions freely. If I want to install it on any machine, I need to give the version of that machine and they will give me the agent. You don't know whether that agent is the latest one or not. And if you face challenges you have to go back to the support team again and say, "I have deployed it and I'm facing this issue." They will give you another version. I can't tell you all the challenges we have faced. I have not deployed it on a single Linux machine, and it was for Linux that I bought this product. I have just put it on Windows, because on Windows I am facing fewer issues compared to Mac and Linux. It is not a straightforward installation or a straightforward configuration, for me or the end-user.
A lot of things can be improved. Especially customization could be a lot better. Sometimes there are issues like when I write a policy to block finance sites. It also blocks the banking sites I have not included. Sometimes it also blocks commands I send to the machine while using Matrix software. Whenever this happens, I have to go into the software and choose the packet inspection option or something similar. Then I have to send the command again to the machine, and if it doesn't work, I have to contact the support team. These are some of the issues I have dealt with.
Some CoSoSys features do need to be improved. For example, in Linux a user can remove a getent anytime. There is no control there on the file structure in Linux. So if this solution could give us information on what users removed in the dashboard, it would help us. If CoSoSys applied this sort of improvement, it would help us a lot.
As a host DLP solution, it has granular controls and features. It misses Network level DLP and SaaD DLP offerings. If CoSoSys comes up with a suite of Host DLP, along with Network DLP and SaaS DLP, it will cover all of the aspects of a DLP solution. Various other products provide us a complete suite of solutions covering Host, Network, and SaaS aspects. Examples of these are Forcepoint and Digital Guardian.
If you were talking to someone whose organization is considering Endpoint Protector, what would you say?
How would you rate it and why? Any other tips or advice?
I'm a consultant looking for a Mac-based endpoint antivirus that includes DLP.
Does anyone have any ideas (aside from https://www.endpointprotector.com/ that just raised their pricing by over 100%)?