Considering the numerous layers of security defenses that can potentially be deployed to protect OSs in today’s high-threat environment, an all-in-one endpoint security solution is an attractive option. VIPRE Enterprise Premium 4.0 is such a solution.
Installing VIPRE is a fast, wizard-driven process that configures the VIPRE Site Service (VSS), Administration Console, Report Viewer, or a combination of the three. VIPRE uses a database back end; during installation you have the option to install SQL Server 2005 Express Edition, which is included in the package. VIPRE can support more than 50,000 users if spread over several sites, or you can direct VIPRE to an existing SQL Server installation.
The Database Configuration Wizard configures the necessary access to the chosen database server, then creates the required database and tables. Installation continues with the Site Service Configuration Wizard and lets you define basic settings, such as language support and antivirus definition update frequency.
Configuring Agent Settings
You should configure the default agent policy, or create additional policies, before distributing VIPRE agents to endpoints. Many of the settings you might expect to be enabled, such as on-access scanning, email client integration, and stopping Windows Defender, are turned off by default.
The VIPRE agent contains an advanced firewall that includes process protection for preventing unknown code injection attacks (sometimes referred to as host-based intrusion prevention system—
HIPS), boot time protection, code injection logging, and an intrusion detection system (IDS) based on Snort that can be enabled or disabled independently from the firewall. You can also add to the IDS rules provided out-of-the-box, as Figure 1 shows. You can set web filtering options to further protect users in the browser. A URL blacklist is provided, and you can block advertisements to help speed up browsing.
VIPRE Enterprise Premium is OESIS Gold Certified, meaning that VIPRE endpoints can act as agents in Network Access Control (NAC) systems from most of the top vendors. Unlike some of the competition, however, VIPRE doesn’t include the necessary server components for a complete NAC setup.
VIPRE includes basic application control. However, in my testing I found it to be less flexible than AppLocker or Windows’s software restriction policies.
Distributing the Agent to Clients
Initially, installing agents on endpoints can be a pain point with antivirus suites. VIPRE offers the ability to push install the agent from the console, or to create a .msi or .exe installer for deployment using a software distribution system, such as Group Policy Software Installation (GPSI) or System Center Configuration Manager.
You can add clients to a policy by selecting them from Active Directory (AD) or specifying networks or ranges of IP addresses. To perform a push install from the VIPRE console, you must first disable Windows Firewall on the endpoints. You must also manually set an inbound firewall exception on the server on which VSS is installed. Endpoints must be rebooted to complete the agent installation process.
When policy settings are modified in the Administration Console, those changes are pushed out to agents impressively quickly. VSS uses minimal resources on the server, and the agent didn’t appear to significantly affect response times on clients—although a slight slowdown should be expected when introducing so much complexity. VIPRE can be configured so that notebook users, who don’t visit the office regularly, automatically receive updated virus definitions directly from GFI over the Internet.
The Report Viewer, a separate application that can be launched from the VIPRE Administration Console, offers a limited set of reports out-of-the-box. I noticed that the VIPRE agent console on one of my endpoints stated that there had been 62 low-risk intrusions blocked by IDS, but no report was available to give me further details on the intrusion attempts. However, detailed information is available in the Firewall History tab on the client. Although the included reports are limited in scope, those that do exist are customizable.
The End Game
Although VIPRE Enterprise Premium is easy to use and has the core features you’d expect, it doesn’t provide the same comprehensive protection as other more mature suites on the market, such as Sophos Endpoint Security and Control or Symantec Endpoint Protection. In addition, VIPRE lacks support for Linux, UNIX, Novell NetWare, and OpenVMS. Unless you have a Windows- and Mac-only shop with AppLocker, NAC, and device control already in place, consider looking at other endpsuoint security suites for more comprehensive protection.
VIPRE Enterprise Premium 4.0
PROS: Easy to set up and manage; light on system resources; includes IDS, ad blocking, and URL blacklist
CONS: Lacks flexible application whitelisting, device control, and a NAC server; limited reporting and support for client OSs
RECOMMENDATION: Because VIPRE doesn’t include an AppLocker equivalent, NAC, and device control, consider other endpoint security suites for a more comprehensive solution that lets you manage everything from a single console.
CONTACT: GFI • 888-688-8457 • www.gfi.com