Reviewing GFI VIPRE Antivirus Solution

 

GFI VIPRE Antivirus is a powerful and simple solution for those companies looking for a centralized management platform against viruses and malware inside their organization. It also provides important capabilities for expansion and capabilities.

vipre59

VIPRE Antivirus includes all the common configurations you would look in an enterprise antivirus solution and even more. The possibilities for scaling up the infrastructure are really important, handling different types of sites (could be the same used in Active Directory), and different types of policies applying within these sites.

Within these policies, there are also several configurations we can modify: Starting for discovering agents (by LDAP query, IP scope, subnets, etc.). But another important feature VIPRE includes is regarding performance, client machines will not feel the presence of this antivirus, even when a scanning is running.

Here’s a comparison of common antivirus and how they affect performance:

vipre57

In this post will take a look about the installation and configuration process of this tool to understand a little bit more what we are talking about.

Components in GFI VIPRE

The suite works as a normal client-server platform, using of course client agents that are in charge of securing client operating systems. Here’s a quick overview about the components:

  • vipre60VIPRE Site Service: Managing communication between VIPRE database and agents.
  • VIPRE database: Maintaining configuration, quarantine and reporting data.
  • Agents: Component installed on client machines that receives information from the policy we’ve configured for the targeted machine. The VIPRE Site Service deploys agents using a micro-installer.
  • Console: Centrally managed console that can be installed on any machines you like and using VIPRE Antivirus we can set different types of roles inside our organization and sites; depending on the rights assigned, a user would have only the necessary features to execute in the console.
  • Report viewer: Application included in the console to retrieve information and generate quite complete reports.

System Requirements

Fortunately this platform provides also flexibility in the requirements for its installation. Take a look:

VIPRE Server

For the server (console and VIPRE Site Service):

  • OS: Windows XP SP3; Windows Server 2003 R2, Windows Vista SP2; Windows Server 2008 SP2; Windows Server 2008 R2; Windows 7.
    For all of those, 32 and 64-bit is supported.
  • Memory: 512mb.
  • Software: .NET Framework 3.5.1.
VIPRE Client

For client agents:

  • OS: Windows 2000 SP4; Windows XP SP1+; Windows Server 2003 SP1+; Windows Vista SP1+; Windows Server 2008+; Windows 7.
    Again, for all those, 32 and 64-bit is supported.
  • Supported E-Mail clients: Outlook 2000+, Outlook Express 5.0+, Windows Mail on Vista, SMTP/POP3 (Thunderbird, IncrediMail, Eudora, etc.)
  • Memory: 512MB.

Communication between agents and server need a few exceptions in firewalls:

  • TCP 1082 and 1086 for VIPRE service;
  • TCP 135, 139 and 445 for WMI;
  • TCP 80 for deploying agents.

For more information about requirements take a look to this link: http://www.gfi.com/business-antivirus-software/viprebusinesssystemrequirements.htm

Installation and Configuration Overview

As I was saying, the implementation process of GFI VIPRE represents a simple procedure; let’s take a look about the process for installing and configuring this platform:

  1. Review requirements for server and client machines.
  2. Define the type of machines and the behavior you would like to be present in the antivirus software, depending on the machine category.
    This will be represented in the policy we can configure for each category we decide (for example: mobile computers will have a more restrictive policy than the workstations).
  3. Install GFI VIPRE Antivirus.
  4. Create and configure system policies to apply agent machines.
  5. Add agents and validate VIPRE installation. The platform provides the possibility for automated installation and of course manual.
  6. Run a manual scan in agents to validate current health status of your clients. Automatic scans in agents can be configured but we can also trigger manual scans whenever we need.
  7. Generate reports using Report Viewer.
  8. Configure any additional sites and permissions for different type of users. We can have simple operators to the platform using the GFI VIPRE console.

Installing GFI VIPRE Antivirus

Once we’ve reviewed the pre-requisites for the installation, let’s review the step-by-step:

1. Download the free trial for GFI VIPRE Antivirus.

2. Double click the installer and a wizard will start.

3. The type of this installation in this case will be “Full Installation”.

vipre03

If we use Advanced Installation we can configure an existing SQL Server instance (local or remote) to store the VIPRE Database. The Standard type installs SQL Express locally.

vipre07

4. Since it does not require any complex configuration you can complete the installation wizard.

After the process completes, the “Database Configuration Wizard” will appear.

vipre09

5. The first step is related to creating the site name. Since the database was just installed we are not able to change the connection to the SQL Server. Click on “Next”.

vipre10

6. Create a SQL login to connect with the VIPRE database, just provide the password and click on “Next”.

vipre11

7. The configuration process starts and it will be completed in a few seconds.

Once these two wizards are complete, we can start configuring our site (the different scopes where the agents will be located). We will run the configuration in the following step.

Configuring VIPRE options

Before creating a new policy for agents we will need to configure our site with some basic information.

The configuration wizard will appear just after we’ve configured the database, but we can set these options at any time just entering the VIPRE console. Here are some of the options we should take a look:

1. Access the “Site Properties” option in the console and the first thing we will see is product registration.

vipre13

2. In “Agent Installation” we can add the user which will be used for installing the VIPRE agents, make sure this user has sufficient rights to perform the operations.

vipre14

3. In “Advanced Settings” we can enable “Console Security” that will bring us the possibility to use different type of users to manage VIPRE site.

vipre15

4. Enabling this option will also enable the options in “Role Administration”, where we can create these types of groups that can only have, for example, read access to the policies we define.

vipre16

Creating and Configuring a Policy

After we’ve set the basic options in VIPRE console, we can start creating the policy that will apply in the current site.

The default policy created is completely passive, since it does not include enabled most of the options like Active Protection, e-mail security, remediation actions, etc. If we add agents in this policy we will probably not fulfill the security policies in our company.

We’ll take a look at the process for creating a new policy instead of modifying the existing one:

1. In the site name, right-click and select “Add Policy”.

vipre17

2. Create the name of the policy. This policy will receive the template from the default one, so it will not contain important options enabled.

vipre18

3. Once created, right click in the policy name and select “Policy Configuration Wizard”.

vipre19

A new wizard will appear, from where we can set different and interesting options about the security profile we would like to introduce. Since the options here are quite many, I’ll name the most important ones to consider in this case.

4. “User Interaction”: I’m configuring in this case permissive options like “Allow users to remediate manual scans”.

vipre21

5. “Balloon messages”: We can configure the options and the text the messages will appear in the client.

vipre22

6. “Communication”: The possibility to integrate VIPRE Antivirus with Microsoft Security Center.

vipre25

7. “Scanning”: The behavior and schedule for quick and deep scans in clients. Also the type of files included.

vipre30

8. “Threat Remediation”: The default action taken when a remediation is needed.

vipre31

9. “Active Protection”: Here we can configure if we prefer VIPRE Antivirus will scan the current files in use for the user. This option can be set in different levels; depending on the level of security we can decrease system performance.

vipre32

10. “E-Mail Protection”: Options for securing the e-mail applications.

vipre34

11. “Auto-Agent Installation Scope”: Here we can configure the scope this site will have automatically, meaning that all machines matching with the following options we set here will be included automatically and the VIPRE Agent can be installed silently.

vipre42

In this example I’m using an LDAP Query, but we can also use machine lists, IP ranges and subnets. After configuring here the scope, remember to click “Resolve” that will translate the parameters into values.

vipre43

12. Complete the configuration wizard.

There are some other options we can set that I did not mentioned here: Exclusion lists for scanning and active protection; automatically scan external drives (like USB) when they are connected and so on.

Adding and Scanning Agents

After we’ve completed the previous step and if we define the scope correctly we should receive in the VIPRE console the machine names in “Agents”.

In this case I’m using a simple computer:

1. Right-click in the computer name and click on “Install Agents” to check this client’s health ASAP.

vipre44

2. If the communication ports are open as necessary, the installation process should start in a few seconds. After that, the balloon will appear notifying the presence of VIPRE agent and requesting a reboot.

vipre45

3. Since we’ve configured VIPRE to connect with Windows Security Center, the first message appearing will be that the agent is turned off. Reboot the machine.

vipre46

4. After the reboot we will get normal access in the VIPRE Agent since the policy we’ve set earlier allows users to interact with the local application.

vipre47

5. Remotely we can execute several tasks, including quick or deep scans. We will try a quick scan.

vipre48

6. Soon as we click in “Quick Scan”, the agent notifies locally that the scanning process has just started.

vipre49

7. And, again, since the policy allows the interaction, we can verify the scanning process and details in the VIPRE agent window.

vipre51

8. Once the scan is complete, you will also receive the notification in the VIPRE console.

vipre52

Generating Reports

Reporting capabilities is a key factor in every type of technology, especially the ones representing a centrally managed service. Fortunately GFI VIPRE Antivirus it is not an exception.

Accessing the “Report Viewer” option in the console, we will receive an incredible set of variables we can configure to retrieve the reports in PDF format.

vipre53

  • Detailed lists of machines infected, threats present, severity, etc.
  • List of agents scanned.
  • And my favorite: Executive Summary. This report will fit perfectly in cases where you can send reports to upper-management in you company to evaluate a good summary.

vipre54

This is an example of a complete report: Top 10 infected machines; top 10 threats; severity of threats; etc.

vipre56

Take note also that we can schedule this reports, so we don’t need to generate these manually.

Conclusions

Here are some of the quick facts I found using this platform:

  • Very detailed options to use with a centralized management. In security solutions, not all include the detailed and specific options we can configure centrally without accessing the client machines.
  • Excellent possibilities for scaling up. Managing different sites, policies and permissions in the same environment solves a lot of normal implementation models.
  • Simple and intuitive. You don’t need any experience handling similar type of platforms, with basic knowledge you’ll get this suite working normally.
  • Complete reporting options included.

More Resources

Here are some extra resources you can find for this platform:

3 Comments »

  1. Nice review, thanks. It would nice to see scan rate/time added to that performance comparison chart for a more accurate representation of the differences between products.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s