Security Overview

Endpoint Security (KES) provides security protection for managed machines, using fully integrated anti-malware technology from AVG Technologies. The term malware encompasses viruses, spyware, adware and other types of unwanted programs. Endpoint Security automatically cleans or removes infected files and other threats such as trojans, worms and spyware. Endpoint Security continuously monitors the security status of all Windows servers, workstations and notebooks installed with security protection. Alarms can be triggered by security protection events and can include sending email notifications, running procedures, and creating job tickets.

Centrally managed security profiles are defined and deployed to machines using the VSA console interface. Changes to a security profile automatically update all machines using that profile. Endpoint Security comes with a pre-defined standard security profile and enables you to create customized security profiles.

All security protection events are logged within the system and available for executive summary and detailed management reporting. Once deployed, updates are handled automatically on a scheduled basis without the need for user interaction.

Anti-Virus Protection

Based on the security profile, Endpoint Security removes infected files or blocks access to them:

• Scans the system registry for suspicious entries, temporary internet files, tracking cookies, and other types of unwanted objects.
• Detects computer viruses by:
  • Scanning - Performs both on-access and on-demand scanning.
  • Heuristic Analysis - Dynamically emulates a scanned object’s instructions within a virtual computing environment.
  • Generic Detection - Detects instructions characteristic of a virus or group of viruses.
  • Known Virus Detection - Searches for character strings characteristic of a virus.
• Scans Email - Checks incoming and outgoing email by using plug-ins designed for the most frequently used email programs. Once detected, viruses are cleaned or quarantined. Some email clients may support messages with text certifying that sent and received email has been scanned for viruses. In addition, for an increased level of security when working with email, an attachment filter can be set by defining undesirable or suspect files.
• Memory-Resident Protection - Scans files as they are copied, opened or saved. If a virus is discovered, file access is stopped and the virus is not allowed to activate itself. Memory resident protection is loaded into the memory of the computer during system startup and provides vital protection for the system areas of the computer.
• On Demand Scans - Scans can be run on-demand or scheduled to run periodically at convenient times.
• Scans MS Exchange Servers - Scans inbound and outbound email messages and mailbox folders on MS Exchange Servers against virus/spyware/malware threats and deletes them immediately before email recipients of the MS Exchange Server are infected.
• Scans Websites and Downloads - Scans websites and website links. Also scans files you download to your computer. Provides a safety rating for links returned by popular search engines.
• ID Protection - Prevents targeted theft of passwords, bank account details, credit card numbers, and other digital valuables using "behavioral analysis" to spot suspicious activity on a machine.

Anti-Spyware

Spyware is software that gathers information from a computer without the user's knowledge or consent. Some spyware applications may also be secretly installed and often contain advertisements, window pop-ups or different types of unpleasant software. Currently, the most common source of infection is websites with potentially dangerous content. Other methods of transmission include email or transmission by worms and viruses. The most important protection against spyware is using a memory resident shield, such as the cutting edge Endpoint Security spyware component. A memory resident shield scans applications in the background as they run. Endpoint Security anti-spyware protection detects spyware, adware, DLL-trojans, keyloggers, malware hidden in data streams, archives, spyware entries in the Windows registry and other types of unwanted objects.

Note: See Endpoint Security System Requirements.

Endpoint Security Licensing

Note: With the release of 9.1 licensing now sets the expiration date of the license to one year from the day it is purchased, irrespective of the day it is installed. The expiration dates of existing licenses are not affected by this change.

Each MSE KES seat license allows the Customer to install and use an MSE KES agent perpetually and also to receive Updates for a Subscription Term of 365 consecutive days. The update Subscription Term runs independently for each seat and begins upon the date of purchase of the MSE KES agent on a machine and allows the Seat to receive the KES Updates released during the Subscription Term. All Updates released during the Subscription Term are also licensed on a perpetual basis; provided that once the Subscription Term terminates or is not renewed the right to receive new KES Updates terminates.

Issuing a new Seat License to a machine with an existing Subscription Term causes the Terms to merge and thereby adds 365 days to the time otherwise remaining on the seat’s Subscription Term. Any transfer of such a merged Term to a new machine will cause all remaining days for both previous seats to be transferred.

The appropriate KES seat license must be obtained for each machine and/or Exchange Mailbox protected. The Customer may only deploy MSE KES on a machine that has a valid VSA license. MSE KES licenses can be centrally managed using Kaseya’s Web User Interface. Licensing is enforced and a license is needed for every mailbox in use.

Note: KES licenses are allocated to group IDs using System > License Manager.