Which OPSWAT Client should I use?
OPSWAT Client offers 2 flavors: persistent agent and on-demand agent. (The phrase 'on-demand' may be used interchangeably with 'portable' or 'dissolvable').
The persistent OPSWAT Client is designed to remain running on the users' device after installation and starts along with the system.
By comparison, the on-demand client is only run when needed. If exited, or if the device is restarted, the client will not automatically start.
Typical uses for the portable agent are:
-
Bundling with a NAC or SSL-VPN host checker for on-demand compliance checks
-
A device where software installation is not allowed
-
BYOD access, like a guest, contractor, student or employee's personal laptop
Permissions concerns
There are two versions of the on-demand OPSWAT Client for Windows devices. One requires UAC, the other does not. Running the non-UAC client without admin rights will have a degraded experience. Namely the malware deep scanning option will be limited and some application detection will be less accurate. For example, BitLocker disk encryption state cannot be checked from a portable non-admin instance.
Additional notes:
There are technical differences to take into consideration when deciding which agent to use. Below is a table highlighting the primary differences between the various OPSWAT Client that are available:
|
OPSWAT Client Comparison (Windows, macOS, Linux) |
||||||
|
Features |
Windows |
Macintosh |
Linux |
|||
|
Persistent |
On Demand |
Persistent |
On Demand |
Linux V3 (14.4.x.y) |
Linux V4 (15.4.x.y) |
|
|
Vulnerabilities Check |
Yes |
Yes |
Yes |
Yes |
No |
Yes |
|
Compliance Check |
Yes |
Limited1 |
Yes2 |
Yes2 |
Yes |
Yes |
|
Application Removal |
Yes |
Roadmap |
|
Roadmap |
No |
No |
|
Active Malware Detection |
Yes |
Yes3 |
Yes |
Yes |
Yes |
No |
|
Custom Check |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Installation |
Required |
No |
Required |
No |
Yes |
Yes |
|
Package Format |
MSI |
EXE |
DMG |
ZIP |
RPM DEB |
RPM DEB |
|
Integrations |
|
|
|
|
|
|
|
- COM (C++/C#/VBScript) |
Yes |
No |
No |
No |
No |
No |
|
- Registry or .plist |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
- Cookie |
Yes |
Yes |
No |
No |
No |
No |
|
- Client certificate |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
- Cross-domain API |
Yes |
Yes |
Yes |
No |
No |
Yes |
|
User Interface |
|
|
|
|
|
|
|
- Command Line |
No |
Yes |
No |
Yes |
No |
Yes |
|
- Tray Icon |
Yes |
Yes |
Yes |
Yes |
No |
No |
|
Automatic Updates |
Yes |
No |
Yes |
No |
Yes |
Yes |
|
Application Context |
System |
User |
System |
User |
System |
System |
|
Default Behavior |
Persistent |
Semi-Persistent4 |
Persistent |
Semi-Persistent4 |
Persistent |
Persistent |
|
Run-Once Option |
No |
Yes |
No |
Yes |
No |
No |
|
OPSWAT Mobile App (iOS and Android) |
||
|
Features |
iOS |
Android |
|
Screen lock and passcode |
Yes |
Yes |
|
Device is rooted or jailbroken |
Yes |
Yes |
|
Internal storage encryption state |
Yes |
Yes |
|
Operating System detection |
Yes |
Yes |
|
Threat Detection
|
No |
Yes |
1 OPSWAT On-demand Client couldn't perform some compliance check due to permission when the agent runs on a device. See 147125085 above
2 OPSWAT Client has no longer supported
-
detect lock screen timeout on macOS 10.13+
-
detect hard disk free space on macOS 10.14+
3 If OPSWAT Client runs without admin right, it couldn't scan processes which runs with admin/system right and files which protected by admin permission.
4 By default, once executed, it will keep running until closed
This article was last updated on 2020-02-12.
TT