CounterSpy Enterprise FAQ
How does CounterSpy Enterprise (CSE) differ from anti-virus products?
Anti-virus products were specifically built to beat viruses, not spyware. CounterSpy Enterprise was designed from the ground up to detect and remove spyware through your organisation, which virus engines were not originally built to do. CounterSpy scans for 36 categories of spyware that anti-virus products do not see or cannot touch. CounterSpy Enterprise detection of spyware is very fastdue to its dedicated scanner and its comprehensive threat database that gets updates from Microsoft.
How do I deploy CounterSpy Enterprise in my network?
Rolling out agents was never easier. Simply assign machines to a policy and the agents get pushed out via a silent install. But since the agent comes as both an MSI file and executable, you can also use SMS, login scripts, or even a webpage to download the agent to any workstation.
How does the pricing work CounterSpy Enterprise?
Volume discounts apply depending on the number of seats you get and is based on a simple sliding scale. For more information contact me.
Will the VPN we run prevent remote users from infecting my network?
No. Virtual Private Networks (VPN) provide a secure, encrypted tunnel between a remote user and the network through your firewall. If the remote user’s machine has spyware, the VPN will transmit that code through the firewall directly into your network without detection. CounterSpy properly deployed on all the workstations on your network is the only way to ensure detection.
Do I need any scripting at all, to deploy agents or to drive command line interface scanning like some other tools?
None of that is needed. Everything is driven by your Admin Console. but you have 4 options to get the agent down to workstations. If the CounterSpy Server detects that a machine has no agent where one is supposed to be, it will push an agent down to that workstation.
How do I protect home users, and road warriors with laptops?
CounterSpy has a ‘client’ version that operates stand-alone and has additional active-protection anti-spyware safeguards you could call a “spy-wall”. It uses the same spyware threat database as the Enterprise version and updates itself over the Net. You can license these separately. Find out more information about CounterSpy. (The agent can go a specified amount of time without communication back to the central server so it’s completely acceptable to put the agent on the laptops and they will update when they can, via direct LAN or over the VPN. The updates and communication is optimized to take as little bandwidth as possible.)
How do I Cost justify this tool to management?
Easy. A recent survey filled out by 1,000 system admins showed that it takes an average of 20 minutes to clean up a machine infected by spyware. Take the average hourly cost for an admin, and you can do three manual “disinfections” per hour. Run the evaluation for a month and you’ll get an idea of the amount of infections. And that is just your hourly wages. Include the lost time of the employee! Apart from all that there is the threat to the security of your company. How much is the cost of an average security breach? The lowest estimate is in the tens of thousands of pounds even for a small business.
My users do not have local admin rights, so I’m safe against spyware, right?
Local admin rights are not needed to install many types of malware. It certainly helps if users aren’t local admins but it’s far from 100% effective. A lot of spyware gets installed under the radar.
Can we hide the icon from the end-users? I know the end-users cannot do anything with the icon, but some (as I’m sure most do) will instantly start blaming their age-old computer issues on the newest icon in the tray. Can we hide it?
Yes you can. It is under the Agent tab for the policy and it is set to off by default.
Does this product scale? Can I support 20,000 users?
The default database for storing information is an Access MDB file (no need to install Access). Alternatively you can specify any MSSQL 2000 server including MSDE as the location data is kept, and this easily supports 20,000 users. You may need to spread this over several servers to balance the load though. Polling can be configured as can the location where the definitions are pulled from.
What are the resources needed on the Server?
We will use about 100-150 Meg of RAM on the Server. Agent memory consumption is currently about 5 megs on first load, 25 during scan, 20 after scan. The update we’re working on drops it to about 4/25/4.
Does it support Terminal Server and Citrix?
Version 1.5 supports both TS and Citrix environments. It’s a simple case of running an agent on these servers and the “sessions” but you still need to run CounterSpy agents on the workstations so that they are protected locally. Licensing for TS and Citrix is super simple. You just pay for one agent on that server.
What do I need to do after I change a license registration key?
Anytime we update a CounterSpy Enterprise key (Change POP Dates, add or remove users, etc), you will have to do one of the following in order to receive the updated key information immediately:
1) restart all CounterSpy Enterprise services
-or-
2) reboot the computer
Either of these actions will FORCE CSE to re-sync it’s key with the license server. As a side note, CSE will check for updates every six hours and it will also re-sync its key at that time as well.
I see a new Version number: 1.5.265. What is this?
Internally we call this the QFE2 build. It has a lot of fixes and enhancements. A very important new feature is the ability to have multiple update servers.