ASEE reporting is minimal: Four Java-based reports show a chart of current threats, a list of current threats, threats that have been cleaned, and a list of detected domains. Figure 2 shows the report of cleaned threats. These reports show the spyware in your environment since the last scan and resemble a dashboard, but without drilldown capability. ASEE's reporting interface also provides access to an event log showing the scan and event history of every client. The Power Search button helps filter the prodigious list of event entries.
A very cool feature is the automatic installation, which regularly polls the domain controller (DC) for new computers and automatically pushes the client to those it discovers. This feature means that you don't need to monkey around with external installation methods. Using the ASEE administrative console, you can also browse the domain, add clients to the database, then deploy the clients. However, ASEE doesn't create custom deployment packages for manual or scripted deployments. Instead, you must configure a generic installation package with server parameters, such as the ASEE server's IP address, and manage each license separately. This behavior makes remote deployment to standalone workstations difficult compared with other products in this review.
Summary
Trend Micro Anti-Spyware Enterprise Edition 3.0
PROS: Once you configure it, you can fire up the product and forget it; lightweight browser-based console means you can access it from anywhere in your network
CONS: No feedback at the client level about what's happening in the background; few server-configurable client options; Web UI lacks sophistication
RATING: 4 out of 5
PRICE: $1645 for 100 machines; $9450 for 1000 seats
RECOMMENDATION: Choose this product if you want a solid scanning and remediation engine and don't need detailed reports or granular client configuration options.
CONTACT: Trend Micro * 877-268-4847 * http://www.trendmicro.com |
Webroot Spy Sweeper Enterprise
Webroot Software's Webroot Spy Sweeper Enterprise includes it all: a dashboard that lets you quickly assess the state of spyware in your organization; scheduled sweeps; automatic protection through Smart Shields; a full, centrally managed client; useful reports; and command-line tools that let you extend the product through scripting.
The administrative console runs as a Web service, so you can access it from any computer in your network, but it doesn't look like a typical Web page. The interface is beautiful and well organized. A glance at the dashboard shows you neglected scans, which Spy Sweeper calls sweeps; out-of-date definitions; current infections; and a list of the top spyware threats in your network. It's too bad that you can't drill into these dashboards, but you can export the data as a comma-separated value (CSV) file for inclusion into other tools. The navigation pane uses a Microsoft Management Console (MMC)-like UI, as Figure 3 shows, so administrators will immediately feel at home. The administrative console also provides plenty of feedback about what it's doing. For example, during sweeps and other activities, Spy Sweeper updates a progress bar and item count so you know exactly what's happening and when scans finish.
Deploying clients is straightforward, but from the administrative console you can deploy them only to computers that can be reached using NetBIOS, which might not include every computer in your network. You can also deploy the client through Group Policy, directly from a share, or manually, by running the client installer on every computer via a logon script.
Spy Sweeper manages different client configurations through membership in groups that you set up. For each group, you can configure how long to keep individual categories of threats in quarantine, designate benign threats for a whitelist, initiate sweeps, and configure Smart Shield options. By default, Spy Sweeper quarantines files for 30 days, then automatically deletes them. This default configuration gives you a buffer in case the product removes a file or setting that you actually need, but doesn't require you to manually remove each threat.
You can configure most of the client-facing features centrally using the administrative console, but you can also allow end users to tweak those settings if you choose. At the group level, you can define a scheduled scan and configure how Spy Sweeper behaves at system startup—for example, whether it should retry a missed sweep, delay the scan start time, or scan only spyware-prone folders. In addition to making Spy Sweeper scan drives, folders, memory, and the registry, you can configure it to stay invisible, show a tray icon, or pop up during a scan. When visible, the full-featured client lets you see how a local installation is configured and even lets you change the configuration on the fly. Many administrators will choose to prevent end users from changing the configuration, but Spy Sweeper includes a neat feature that lets an administrator or Help desk technician override that restriction with a keystroke and a password entered at the client. This instant access to the client makes troubleshooting a local problem quick and easy.
Spy Sweeper's Smart Shields provide real-time client protection that prevents spyware from affecting various components of the system. For example, in addition to blocking ad sites and spyware installation, Spy Sweeper provides shields to protect memory, alternate data streams, the HOSTS file, and startup programs. End users might not be aware of the shields, but if users inadvertently try to install spyware, the shields silently prevent it.
Spy Sweeper runs in a remarkably functional Web browser. For example, you can drag and drop any user you create onto different objects to specify various types of notification, sending errors, warnings, and information to one email address and spyware alerts to another. Similarly, you can right-click objects to display additional menus, and you can select multiple objects using the Shift or Ctrl key. Spy Sweeper feels like a robust application even when run from a remote computer using only a browser. Additionally, all administrative actions are logged and kept for a configurable period of time, making it easy to audit the activities of multiple administrators.
Spy Sweeper includes nine built-in reports, such as spyware trends, top spies, infection status, spyware detail, infected machine summaries, and history, displayed as screen charts and PDF files. The product also includes several command-line tools suitable for running reports via batch files or Windows scheduled tasks.
The Best of the Three
Choosing a standalone spyware solution means that you'll likely need to deploy another client onto your desktop systems, but the features available in a standalone product are often more robust than those in an integrated solution. For my money, the best of these three enterprise antispyware applications is Webroot Spy Sweeper Enterprise. Its mix of granular features, real-time defense, a full client interface, and dashboard reporting—and its inclusion of external command-line tools—makes Spy Sweeper stand out.
Summary
Webroot Spy Sweeper Enterprise 2.5.1
PROS: Rich UI; well thought-out features; command-line tools extend the product beyond the console
CONS: Expensive
RATING: 4.5 out of 5
PRICE: $2077 for 100 seats; $15,280 for 1000 seats
RECOMMENDATION: I recommend this product over the others for its rich configuration, solid scanning and real-time protection, and flexible remediation options.
CONTACT: Webroot Software * 866-612-4227 * http://www.webroot.com |
End of Article
Register
