Which OPSWAT Client should I use?
OPSWAT Client offers 2 flavors: persistent agent and on-demand agent. (The phrase 'on-demand' may be used interchangeably with 'portable' or 'dissolvable').
The persistent OPSWAT Client is designed to remain running on the users' device after installation and starts along with the system.
By comparison, the on-demand client is only run when needed. If exited, or if the device is restarted, the client will not automatically start.
Typical uses for the portable agent are:
-
Bundling with an secure access control solution, such as VMWare UAG, NAC or SSL-VPN host checker for on-demand compliance checks
-
A device where software installation is not allowed
-
BYOD access, like a guest, contractor, student or employee's personal laptop
Permissions concerns
There are two versions of the on-demand OPSWAT Client for Windows devices. One requires UAC, the other does not. Running the non-UAC client without admin rights will have a degraded experience. Namely the malware deep scanning option will be limited and some application detection will be less accurate. For example, BitLocker disk encryption state cannot be checked from a portable non-admin instance.
Below is a table highlighting what features OPSWAT Client supports on each platform.
Windows, macOS, and Linux
|
Features |
Windows |
Macintosh2 |
Linux v4 |
||
|
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
|
Vulnerability and Patch Management |
|
|
|
|
|
|
Device Compliance |
|
|
|
|
|
|
Advanced Malware Detection3 |
|
|
|
|
|
|
Secure Access |
|
|
|
|
|
|
- Via SDP Gateway |
|
|
|
|
|
|
- Via SAML IdP |
|
|
|
|
|
|
Application Removal |
|
|
|
|
|
|
Removable Media Protection |
|
|
|
|
|
|
Installation |
Required |
|
Required |
|
Required |
|
RunOnce/Runwhile option4 |
|
|
|
|
|
|
Package Format |
MSI |
EXE |
DMG PKG |
ZIP |
RPM DEB |
|
Integrations: allow 3rd party to read device compliance status or device ID |
|||||
|
- Registry or .plist |
|
|
|
|
|
|
- Cookie |
|
|
|
|
|
|
- Client certificate |
|
|
|
|
|
|
- Cross-domain API |
|
|
|
|
|
|
User Interface |
|||||
|
- Command Line |
|
|
|
|
|
|
- Tray Icon |
|
|
|
|
|
|
- On-demand re-check compliance status |
|
|
|
|
|
|
- Detailed custom guideline to remediate issues |
|
|
|
|
|
|
Automatic Updates |
|
|
|
|
|
|
Application Context |
System |
User |
System |
User |
System |
|
Default Behavior |
Persistent |
Semi-Persistent4 |
Persistent |
Semi-Persistent4 |
Persistent |
|
Remote Fetch Log |
|
|
|
|
|
|
|
|
|
|
|
|
|
Custom UI5 |
|
|
|
|
|
|
Features |
Windows |
Macintosh |
Linux v4 |
||
|
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
|
Vulnerabilities And Exposures |
|
|
|
|
|
|
Patch Management |
|
|
|
|
|
|
Features |
Windows |
Macintosh2 |
Linux v4 |
||
|
Persistent |
On-demand1 |
Persistent |
On-demand |
Persistent |
|
|
Anti-Malware |
|
|
|
|
|
|
Encryption |
|
|
|
|
|
|
User Authentication |
|
|
|
|
|
|
Antiphishing |
|
|
|
|
|
|
Backup |
|
|
|
|
|
|
Firewall |
|
|
|
|
|
|
Hard Drive |
|
|
|
|
|
|
Operating System |
|
|
|
|
|
|
Custom Check |
|
|
|
|
|
OPSWAT Client can detect unwanted applications and remove/stop applications without user intervention – including password-protected or corrupted / incomplete installations.
|
Features |
Windows |
|
|
Persistent |
On-demand1 |
|
|
Cloud Storage |
|
|
|
Developer Tool |
|
|
|
Media Player |
|
|
|
Uninstaller |
|
|
|
Toolbar |
|
|
|
Chat/IM |
|
|
|
Cleaner / Optimizer |
|
|
|
VPN Client |
|
|
|
Remote Control |
|
|
|
Unclassified PUA |
|
|
Android and iOS
|
Features |
iOS |
Android |
|
Screen lock and passcode |
|
|
|
Device is rooted or jailbroken |
|
|
|
Internal storage encryption state |
|
|
|
Operating System detection |
|
|
|
Threat Detection
|
|
|
1 OPSWAT On-demand Client couldn't perform some compliance check due to permission when the agent runs on a device. See 147125085 above
2 OPSWAT Client has no longer supported the below checks for macOS. With that said, if an admin enables those checks on a policy, those checks will be failed on devices.
-
detect lock screen timeout on macOS 10.13+
-
detect hard disk free space on macOS 10.14+
3 If OPSWAT Client runs without admin right, it couldn't scan processes which runs with admin/system right and files which protected by admin permission.
4 By default, once executed, it will keep running until closed
5 OPSWAT Client can be customized the trayicon and text on the client UI (tray icon menu, notifications,..). This feature is only available for enterprise customers. Please contact OPSWAT Support to receive a rebranding package and steps to enable this feature. We are planning to add ability to allow administrators to enable this feature on the MetaAccess/OPSWAT Central Management v7+ console soon.
This article was last updated on 2020-06-30.
TT