January 01, 2006
from $333, including one year of updates and product upgrades
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: MSI installation creator; good detection.
- Weaknesses: Reports don't give a lot of detail on the infections.
- Verdict: Excellent management, ability to create custom installer packages and good detection make this an excellent package for enterprises.
CounterSpy Enterprise is built for remote management and administration. One of its main tasks is to distribute the agent to PCs on your network. You can either push the installation using Windows Domain rights, or create an MSI installer package – probably the preferred approach for large networks as they can use existing distribution tools.
You can add an MSI file to each policy, so you can create several installers, each with a different policy, for different user groups.
Once the agents are registered, you can manage groups of PCs by their installed policy. All agents update centrally from the server, so you save on bandwidth and have only single updates to manage.
Policies specify when to perform a scan, what to do with infected files and how to deal with the real-time protection. The default policy has real-time protection, Active Protection, turned off. You can enable it, but have to choose how to deal with each monitoring instance, such as ActiveX installations and Internet Explorer toolbars. We would have preferred a more comprehensive default policy, because other products are ready for real-time protection out of the box. Once we turned on Active Protection, it dealt with threats ably, blocking quite a few attempts to install software on our test PC.
PC scanning was done very well and in good time. The software found most of the spyware on our PC and cleaned it. It does all this without alerting the user and reports back to the CounterSpy Enterprise management console.
The Quarantine button lets you view which files and infections have been detected and where they were located.
There is an excellent range of reports, so you can get a high-or low-level view of your network’s infection status. Reports tend to just list the name of an infection, though, and we could not get more information by clicking on the name, but this is elsewhere in the management GUI.
CounterSpy Enterprise is a well thought-out and comprehensive package that deals well with large corporate networks. Its multiple policy approach lets you apply the right settings to the right PCs, while its detection is top-rate.
Sign up to our newsletters
SC Magazine Articles
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- APT operation 'Double Tap' exploits serious Windows OLE bug
- Regin: nation-state possibly behind the stealthy modular spying malware
- CoinVault changes up traditional ransomware techniques
- Breach impacts about 10,000 employees in Maryland school system
- PCI 3.0: The good, the changes and why it's not ugly