receives compensation from some of the companies listed on this page. Advertising Disclosure


McAfee MVision EDR Review

Brian Nadel

The leader in endpoint detection and response software sales, McAfee sets the pace for protection with its MVision EDR program. Capable of combining traditional and next-generation threat defenses while supporting all popular platforms, its easy-to-use dashboard stands out by cutting through the clutter while following up on an attack.

McAfee MVision EDR

McAfee MVision EDR

The Verdict

A single security app for your entire company's computers, McAfee MVision EDR can protect and monitor a variety of systems.

View all of our endpoint detection and response software reviews on our best picks page.

Endpoint Detection and Response Features

It is rare to have an endpoint detection and response (EDR) company with a solution that can help large enterprise customers, governments and small businesses. McAfee puts it all together with its MVision EDR program. It not only has a single efficient security agent and monitors all computers, but its artificial-intelligence-powered management console can sift through lots of data to find the key aspects of a threat.

More than the sum of its parts, the MVision portfolio has five separate interlocking functions that, together, provide full cybersecurity coverage:

  • Its Endpoint agent can protect PCs, Macs and Linux of systems from the dangers of the web while monitoring for anomalous behavior.
  • Mobile apps extend coverage to iPhones, iPads, and Android tablets and phones.
  • MVision Cloud brings to the surface all cloud apps a company uses and allows control or locking of software.
  • EDR provides visibility of threats and the power to go through lots of data to find the current threat.
  • MVision's ePolicy Orchestrator (ePO) dashboard puts it all together by providing control over every computer in a company's fleet and delivering response analysis in a simple question and answer format.

Behind the scenes, MVision's combination of local and cloud-based machine learning protection can detect the early signs of a threat and block all sorts of attacks. It can thwart ransomware, emails hiding phishing attempts, fileless attacks and even those that go after a PC's UEFI start-up commands.

Always on the lookout for anomalous behavior, MVision uses context and a heavy dose of experience to find and frustrate insider attacks while blocking the exfiltration of company data. Any dangerous process can be blocked, and the system returned to its previous, uninfected state.

There's a bonus for companies with secrets to keep that use Microsoft's BitLocker or Apple's FileVault: MVision can manage and securely store its encryption keys so a departing employee or forgotten encryption key doesn't mean data is lost.


Based on annual subscriptions, McAfee doesn't disclose the cost of using MVision EDR. Like its peers, McAfee discounts the software heavily at high volume. 

To preserve its level of protection, the software requires at least one employee dedicated to its design, upkeep and response. For those who want a hands-off approach, MVision is available from several vendors as a cloud service. The price includes maintenance and help responding to an attack.

Endpoint Protection

MVision's next-generation protection works by monitoring anomalies that indicate something dangerous might be occurring. It can discern potential danger in the combination of two safe actions that add up to a threat and protect against company data surreptitiously leaving a computer.

Context-based and always active, MVision examines and stores a computer's every task and action. This telemetry can be stored for as long as you like.

In addition to the option of using Microsoft Defender's traditional file scanning technology for dealing with conventional threats, MVision relies on Microsoft's AntiMalware Scan Interface (AMSI) that can untangle and break down a complex threat. It comes into its own with McAfee's behavioral scanning for the early indications of an attack.

The package includes a powerful firewall to block outsiders as well as browser extensions that can keep employees away from sites with a reputation of delivering malware. It, however, lacks the ability to add hidden decoys that can yield extensive threat information.

With as close to a complete list of supported platforms as exists, McAfee MVision should fit into the IT landscape of any growing small business with software for Windows, Mac and Linux operating systems. There are also mobile apps for Androids, iPhones and iPads that come from a partnership with Zimperium.  


MVision's ePO dashboard is web-based, secure and has lots of at-a-glance visual elements. With it, the administrator can quickly see what's going on, which employees are connected and the most immediate threats. The dashboard's dark screens are color-coded based on MVision's threat assessments of low, medium or high threats.

A prominent spider chart summarizes all the data the system collects in a visual format. Systems that are online with threats are listed on the right, serious alerts are at the top, and the IT administrator can zoom in and out.

All action needs to be performed with the dashboard and companies can set MVision to allow users to neither alter nor turn off protection. The administrator has the power to quarantine dangerous code, stop a task or kill an entire process. At any time, the administrator can perform a real-time search for a specific file of interest across a single computer, any group, or the business's fleet of connected computers. It takes between 10 and 15 seconds to search 1,000 computers and those that are offline check-in when they reconnect.

MVision lacks a phone- or tablet-based mini dashboard that summarizes activities and displays alerts, although the main dashboard does a good job of summarizing results. McAfee updates its software in response to new or evolving threats.

Endpoint Response

At the first sign of a break-in, MVision transmits alerts. While the first time it sees a new attack, MVision might need some intervention to block malicious behavior, it excels at automating a response.

MVision comes into its own as an investigative tool. All the relevant data is processed through the AI-Guided Investigation that uses an expert system to separate out the routine and focus on the relevant details of the new threat.

The administrator works with a powerful Q&A format on the left that focuses on the threat's details and what can be done about it. It not only helps IT analysts responding to a threat but can elevate their skills in responding to a crisis. It can be used in training as well.

With more than 500 million users of McAfee security software, the company has huge reach and the ability to see threats earlier than others. It reacts quickly to new exploits and techniques with updates as needed.


McAfee provides in-depth 24/7 support and help with pesky infections with a team of in-house experts on malware and security. They watch the global IT landscape looking for new threats, countering them and distributing new software to deal with it automatically.

McAfee's Professional Services and Foundstone Incident Response team can help with a viral investigation, but this service costs extra. It's a small price to pay for clearing the company of an infection.

Quick and easy to add an employee, MVision can be set up with a single email. It requires no user input, like entering license info. In the event an employee leaves your organization, MVision can be turned off with a single click by the administrator.

Editor's note: Looking for an endpoint detection and response solution for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.

Image Credit: Getty Images
McAfee MVision EDR

McAfee MVision EDR

The Verdict

A single security app for your entire company's computers, McAfee MVision EDR can protect and monitor a variety of systems.

Brian Nadel Contributing Writer
Brian is a technology writer based north of New York City. He writes stories for, Tom's Guide, ComputerWorld and Scholastic Magazines. He is the former editor-in-chief of Mobile Computing & Communications magazine.