"Wow, that was painless" was my initial reaction after installing Sunbelt's Vipre Enterprise, configuring policies and deploying a few agents. I'm currently running Vipre and Symantec Endpoint simultaneously on the same network. It's a small Microsoft Windows based network with less than 15 users. The desktops are a mix of Vista and XP with Vipre agents running on a few of the XP machines. Before I continue with any details, here's some background leading up to this first impressions Vipre and Endpoint comparison review.
From the initial release of Symantec Endpoint till now, I've had to wade through more than a few issues. Majority of these issues are referenced in Symantec's knowledgebase or support forums. My Endpoint deployment base consists of more than a dozen customer networks ranging in size from 5 to 100 workstations. Here is a summary of some of the most common recurring issues I've experienced from late last year till now.
-
Endpoint Protection Manager Console using up disk space with large temp files
-
Desktop client also using up disk space with large temp files
-
CPU spikes at regular and random intervals
-
Outlook blocked attachment operation failed
-
Random network disconnects and SMB issues with Endpoint client on Vista
-
Constant high CPU utilization and usually complete lockup with Endpoint client on Windows 2000 based machines
-
Windows installer rollback during Endpoint Protection Manager upgrades resulting in several complete uninstall reinstalls of Endpoint console and manual re homing of Endpoint clients
After considering the effort and time spent resolving a lot of these issues, an alternative product seemed very appealing. Back in July is when I started receiving Sunbelt's marketing emails regarding Vipre.
The Pitch
The End of Antivirus as You Know It: A First Look at VIPRE Enterprise
As part of its ongoing efforts to address the rapidly evolving malware landscape facing enterprises, Sunbelt Software introduces VIPRE Enterpriseā¢ - a completely new solution that combines antivirus, antispyware, anti-root kit and other technologies into a seamless, tightly-integrated product...Sunbelt started with a blank slate to design a new, next-generation antivirus and antispyware technology to deal with today's malware in the most comprehensive, highly efficient manner. The result is a clean, fast, and powerful anti-malware solution developed 'by admins for admins'.
I really liked the idea of a "blank slate." Plus, who wouldn't want "...clean, fast and powerful, seamless, tightly integrated, developed by admins for admins." Almost sounds like an "all you've ever wanted, dreamed of, see it to believe it" new product sales pitch. Well after a month in use and with no major issues to report, I've been pretty happy with it. Here are some details regarding my early experience with Sunbelt's Vipre Enterprise.
First, a screenshot of the Endpoint and Vipre console and exported client install files.
Is this a case of bigger isn't always better? Or perhaps this is what Sunbelt meant by blank slate and clean.
The Vipre console install was straightforward and quick with most of the setup options already pre-checked or pre-filled. Open up the Vipre Enterprise management console and right away you'll notice an easy on the eyes, simple to navigate, common sense management interface. ( View image) I like the easy access buttons. Almost every setting is conveniently within a 1 to 3 click range. The Vipre Enterprise client also has a similar look and feel. ( View image) Sunbelt's claim "VIPRE protects without degrading performance" seems justified especially when scanning. The clients I have deployed are configured to quick scan at noon. The only noticeable indication that a scan has started is the Vipre agent systray icon color change to green.
Endpoint with its pre-requisites (IIS, etc.), default or custom website, less than or more than 500 users database configuration and so on can take more than a few minutes to install. After years of using Symantec's classic pre Endpoint mangement app, I wasn't exactly thrilled the first time I logged into the Endpoint Management console . It took some effort to get familiar with the menu flow, tabs, tasks and all the shared non-shared policy, protection, deployment and group configuration options. In contrast, the Vipre Management console seemed effortless. On the client side, I fielded many compaints from end users regarding performance issues, cpu spikes and lockups that all appear to be attributed to Endpoint.
Alright, so the big question is, how well do the threat detection engines stack up against eachother? For this post, I ran a simple comparison test using a virtual XP machine alternating between the Vipre and Endpoint clients. Here's an overview of the test environment:
-
Windows XP based laptop with VMware Workstation 6.5
-
Windows XP virtual machine fresh install with no antivirus
-
Pre-antivirus snapshot of XP virtual machine for instant rollback
-
The malware of the day, Antivirus 2009
I chose Antivirus 2009 because within the last few months it found its way onto several Endpoint protected workstations without any action taken on it. Each test client was the most current available, had the latest definitions installed and was similarly configured. Both clients were tested several times. The virtual XP test machine was rolled back to its pre client state after each test and then the clients were reinstalled. Each client was put through the following flow of events:
- Accessed Antivirus 2009 bait laden website from virtual XP machine
- Selected OK on bait pop up screens ( View image)
- Ran through fake scan and fake results screens ( View image)
- Clicked on fake scan results to begin download of A9installer_880147.exe executable
- Selected Run at the download prompt since that's usually what the average end users do
- Clicked Continue to install, waited for the responses
- Vipre responded almost immediately. It blocked the file then deleted it. The response was identical on subsequent tests. No reboot was necessary.
- During the first test run of Symantec Endpoint, Antivirus 2009 actually completed the install. Endpoint did eventually respond and required a reboot to complete the removal action. ( View image)
- However, Antivirus 2009 was still able to leave its mark in the form of an Internet Explorer hijack of some sort. ( View image)
- The Antivirus 2009 install never completed on the next 2 Endpoint tests but was still able to drop a few files on the system which Endpoint succesfully quarantined. A reboot was still required to complete the removal on each of the subsequent tests.
Conclusion
Obviously, my simple test and brief comparison review is neither extensive nor thorough enough to be conclusive in any way regarding Sunbelt Vipre's overall performance ability and standing among its competitors. Although my initial review of Vipre is but a mere peek under the hood, I do like what I've seen so far. I think the greatest test will be how well Sunbelt Vipre Enterprise performs in the wild over time and how well it lives up to its claims. For more info on Vipre and links to more extensive reviews of the product visit their website.
http://www.sunbeltsoftware.com
Comments welcomed.
; "Network Composer")
; "Spam Relief")
; "Virtual Server 2008")
; "Video Wall BSOD")
I completely agree with this brief assessment. My console server is constantly using 100% of the CPU. I don't under it. Symantec told me I need more memory. I have 4GB running on the server. It is so unfortunate that I cannot return the product at this time. We don't have the budget to get another product.
I also agree with most of the above. And I too have started to migrate my clients away from SEP to Vipre.
However in the interests of balance I would like to add the following..
The SEP client is bigger, but it does more. As well as Anti Malware it is also a pretty comprehensive firewall. Vipre is just Anti Malware.
Although first releases (and some subsequent ones) of SEP v11 were dire and caused TONS of issues, the latest incarnation (V11.0.3001 MR3) does finally seem to be a mature stable product (both server & client) unfortunately this may be a bit late for all us admins that have spent far too long struggling with the previous versions.
However SEP's Achilles heel is still its footprint and resource usage as it only really works satisfactorily on a good spec machine with a decent amount of RAM.
When you talk about footprint of SEP do you intend SEPM probably.
Footprint of SEP on client machine doesn't look higher than VIPRE
Thanks for the review. I've blogged about my Symantec issues, and plan to give this product a try at a clients location, based on your review!
http://pcnorb.blogspot.com
We're moving from symantec to Vipre Enterprise. I wonder how hard it will be to get the symantec off the server and workstations. ??
Sunbelt does provide a removal tool they call Agent Uninstaller for most other AV products. More info here:
http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/Agent-Uninstallers/
Supposedly the Agent Uninstaller is supposed to detect and uninstall any existing AV product as part of the Vipre client deployment. I'm still testing the Symantec uninstaller with Endpoint MR4 but haven't had any luck.
I came across VIPRE Enterprise as I used to use Kerio Personal Firewall.
It was the best and lightest firewall ever I used.
I really think sunbelt and diamondCS have good products.
Your AV 2009 test with Vipre was impressive. I was actually impressed too with how well SEP did...even though it was not perfect.
Readers should know though, that Vipre requires the machine to be rebooted after install and after upgrades - Symantec (and other products like Trend Micro) do not have this limitation. This is most important for servers but also for end users...active protection is actually disabled on a client until a reboot completes - whenever a reboot is required - not good.
Thank you for your comments. I agree that the reboot is definitely an unfortunate limitation. I almost always get calls from customers after an automatic update to the agent informing me about the AP disabled warning message. I'm hoping reboots wont be required in future revisions.